SOUL System: secure online USB login system
Abstract:Purpose ‐ The SOUL System aims to provide a low-cost secure online two-factor authentication system that involves both a password and a security token in the form of an ordinary electronic container. Its main goal is to design and build a system that can easily be integrated to existing websites to make the login and registration processes more secure. Design/methodology/approach ‐ The three main parts of the system are the website, the ordinary hardware device, and trusted third party. The website must first be integrated with the web API provided and then registered to the trusted third party website to allow two-factor authentication. It must be registered to the trusted third party so that it can be used to register and login to SOUL System integrated websites. Findings ‐ The design and implementation of the proposed two-factor authentication system makes use of the hybrid cryptosystem, one-time passwords, hash functions, trusted third parties, steganographic techniques, signed java applets and cross-language cryptographic libraries. It protects users from well known attacks such as brute-force attacks, collision attacks, dictionary attacks, keylogger attacks, man-in-the-middle attacks, and even replay attacks. Currently, the system can be integrated to websites built in PHP, Python, and Java. Originality/value ‐ The SOUL System is the first two-factor authentication system that uses both cryptography and steganography to provide secure online authentication with an ordinary USB flash drive. It is designed to work in major operating systems such as Windows, Mac OS X, and Linux with very minimal installation.
Keywords: Cryptography; Data security; Internet security and online protection; Secure online system; Steganography; Trusted third party; USB login; User authentication; Web applications; Web framework
Document Type: Research Article
Publication date: 2013-06-07