Network Security Assignment : Second Factor Authentication
Question
Assignment Specification: This assignment needs to be completed as an individual, and will extend beyond just the writing of an assignment, to also undertaking peer marking to facilitate learning about multiple topics.
Once we have read the available topics, our next step is to login to the peer assessment tool which will be available at the start of week 2 and select the topic. There will be limited numbers in each topic to ensure a spread of topics across the class. But, once you have selected a topic, and have selected it on, it is time to get busy working on the assignment. It is vital to official select the topic before you write it.
This is a research assignment, and as such you are expected to read a range of content on your topic, and distil it down to your thoughts on the topic. This means putting content into your own words and citing where content has come from. A range of different sources are expected, including academic sources. Most academic sources will likely be peer-reviewed articles that have been published in Journals or Conferences, although other sources are permitted (such as books, and government / standards bodies documents). All source material must be cited and then be listed in a references section at the end of the assignment. Correctly citing and referencing the content you have used makes up a significant part of your final mark.
You are required to use the Harvard referencing style which a short description of can be found by following the link below.
https://utas.libguides.com/referencing/Harvard
This assignment is to be 2000 approximately in length, but not including the reference list. It may contain diagrams and figures.
Topic
- Choose one of the following 5 topics:
- Blockchain is currently one of the most loaded buzzwords within the IT industry due to the wealth creation of cryptocurrencies. Discuss the technology and the role it can have in other areas beyond currency.
- Discuss the possible security implications in the current widespread adoption of IoT devices globally.
- Earlier this year a data breach occurred at a company called PageUp that affected the University of Tasmania. Discuss the responsibilities of companies in the event of a data breach in relation to the Federal Data Breach Notification (NDB) scheme.
- Many websites and other network services in recent times increased their usage of second factor authentication. Describe how this can mitigate the risks present in password only systems.
- Describe the concept of a Man-In-The-Middle attack, and then describe the main countermeasure used on the web to mitigate the risk of such an attack.
Answer
Introduction: We are providing some sample solutions of network security assignments, to help you in building up a concept plan in drafting the solution yourselves. Using the format given below will help you in drafting the network security assignment in a descent way. Many websites and other network services in recent times increased their usage of second-factor authentication. Second-factor authentication is the process which is used for identifying the authenticity of the online users. For this, a two-step verification process is presented to the user so that the validity and recognition of righteous online user could be done depending on the knowledge, possession, and inference to the user. It is the most common security measure that is used to secure the online accounts. The two-factor authentication has been in use since long which helps in controlling and accessing the sensitive systems and data. The online service providers have been using this authentication process (2FA) to safeguard their accounts and other credentials from hackers so that the data present in their accounts does not get stolen. The use of 2FA also provides security from such hackers who have expertise in stealing password database and use phishing campaigns to get access to passwords of other users. This network security assignment effectively covers the different aspects o 2FA and how it helps to mitigate the risks present in a password only system.
Second-Factor Authentication And Its Applicability In Mitigating The Risks Present In A Password Only Systems
The second-factor authentication uses a two-step process for the authenticating the credibility of the user in which the first step is the logging into the account by using the process of entering a password. The second step of authentication is the receiving of a code in the form of text on the phone registered at the time of signing up the account. It is generally received in the form of text SMS. It consists of a numerical code that is required to be entered at the time when the user needs to enter to log into the account like the PIN that is used for the accessing of a Debit card, the code that is generated for the logging into the account is generated once. This could be used only for one time. To log I aging a new code is generated which is sent to the registered phone number again. In case if the user does not want to receive the code the user can use a dedicated authentication app to obtain the codes in place of receiving codes in the form of text SMS. Some of the well-known authentication apps are Google Authenticator, Authy and DuoMobile.
The application of second-factor authentication can helps in lowering down the number of phishing levels that are done through emails because the hackers and the criminals required more details about the authentic online user in addition to their name and passwords. There are three vital credentials that are necessary to be known to aspects of 2A in a proper manner. Firstly is something the user knows that is the PIN, password which is required to be kept secret. Secondly is the something that the user owns that is his mobile phone, device. Thirdly something the user is that is the usage of Biometric, retina, fingerprint. The 2FA is the usage of application of any of these two factors for the authentication process (Zink and Waldvogel, 2017, p. 59). The high usage and spread of the use of the first and second factors are seen in the business world. As per the data released by Verizon’s annual Data Breach Investigations Report (DBIR), it was found that about 97.8% of the business entities and working organizations are using the first two combinations that are PIN, password, and mobile phone or another device for the conduction of authentication process. The application of the third point that is Biometrics is found to be quite less as it is very expensive in nature.
No product can claim to be having acquired full security in absence of any two combinations of the three types of authentication provided by 2FA. The application of 2FA ensures greater security and makes it harder for the hackers and criminals to get access to the user’s account (Wang, Gupta and Rao, 2015, p. 39). The application of 2FA makes the accounts more difficult to attack and less attractive to be considered as probable targets of a hacker or criminal breach attacks. The 2FA used in combination with the username helps in preventing unauthorized access to hackers and enables to secure the data in a proper manner. It ensures that leakage of credential data could only be done by the user himself and no hacker or criminal from outside could fiddle the confidential information present in the accounts of the users. The second authentication process that is used to validate the identity of the user helps in recognizing the credentials of the account user in a proper manner. The second authentication is also regarded as the cross-check of the first authentication process. If the first process went right the user will receive a text code but if the first procedure went wrong the user will not receive any code. This will help to validate the account authentication process in a proper manner (Van Goethem, Scheepers, Preuveneers and Joosen, 2016, p. 106). If the user has passed the first level of authentication process the user will be able to receive a code in his registered phone number. To go further for the next step of verifying the user needs to put the PIN or code which he has received so that further process of account opening could be carried out. If the user is the actual user and has the phone with the registered number he will be able to produce the code and open his account. In case if the user is not an authentic user the code sent on the registered number would not be present with the false user and identification of the wrong user could be done effectively.
It is found that the application of 2FA has benefited the organizations largely. Recently the case of Open SSL Heart bleed came into headlines when it took over the vulnerabilities of the OpenSSL protocol (Kogan, Manohar and Boneh, 2017, p. 983). The two-factor authentication helped the company in shielding its interest and provided an additional layer of protection which has significantly helped the company to lower down the onset of possible hacks and safeguard the credentials of the company from possible confidential data leakage. Additional sources form Verizon report reveal that an estimated number of about 63,437 of the total security incidents that took place in the year 2013 nine attacks were considered to be extremely severe and intense which could have altered the future of certain companies (Graham and Cox, SecureAuth Corp, 2018, p. 475). The major use of 2FA could be seen in the fields of crimeware, attacks that occur against the applications of the web, Point-of-Sale attacks, breaches that are occurring as a result of insider abuse, and physical loss of devices like mobile phones which posses the registered number of the account to receive the codes. The two factor authentication helps in reducing the security management costs and lower down the helpdesk issues. Sources reveal that an average user who is using the internet and using various accounts and conducting work by using internet calls the help desk about 1.25 times every month. In today’s time when an increasing number of population is using internet the help desk cost is found to be increasing at an alarming rate. Data reveal that due to increased number of internet users the helpdesk calls increases by 35-40%. In these calls about 43% calls are related to the passwords reset calls. To address each of the calls and queirs of the users it takes up to 20 minutes of the help desk technician. The application of two factor authentication aids in reducing the excessive burden that is faced by the helpdesk technicians regarding the use of passwords. The two step verification process helps in reducing the time consumed and costly password reset calls. The application of 2FA helps in provision of safe and secure method of using the accounts and enabling the end users to rest the passwords ina quick and efficient manner. This helps in reducing the cost and encourages the saving by reducing the frequency of calls.
As per the research carried out Javelin Strategy and Research in the year 2012, it was found that about an estimated 12.6 million people has been suffering from identity problems. The theft of identity acclaim in the online segment has become a serious issue since last few years. The identity theft is referred to the breaking or hacking of accounts by using the name of the users (Cheng, Koved, Singh, Swart and Trewin, International Business Machines Corp, 2017, p. 283). In India, the Reserve Bank of India has clearly laid own instructions that all the financial institutions like banks, must incorporate 2FA into its operations and offer the same to its customers so that they could be saved from possible online thefts and hackings (Bonneau, Herley, Van Oorschot and Stajano, 2015, p. 78-87). Banks like HDFC, Axis Bank, Union Bank, etc have introduced and implemented the application of 2FA into their operating systems to provide online transaction service to the customers. To avail, the application of 2FA the customers are required to activate their online transactions account with the bank officials by using their credit or debit cards. If the account is activated for once the 3D set up in the transaction of the online payment networks demands the procurement of an OTP so that the transaction process could be completed. The OTP is sent to the only registered mobile number which has been set by the user (Beck and Swensen, DIRECTPOINTE Inc, 2015, p. 122). Since the user possesses the device the risks that hackers could hack the credit cards and carry out transactions gets reduced as with outputting the OTP the transaction could not be completed.
The application of 2FA also helps in Increasing flexibility, productivity and securing the assets of the companies. The usage of 2FA permits the different users to log in or securely get access to the accounts by using the shared system of the database. It also provides the users with the facilities to log into their accounts by using their smart phones, USB Tokens, Hard Tokens, etc. by using the internet. The users can also use their company’s server to get logged into their accounts. The 2FA application has made it possible for the companies to allow their employees to get access to their official accounts when they are working remotely. By this, the employees are able to access their work in an effective manner and the productivity levels of the organizations do not go down (Barkadehi, Nilashi, Ibrahim, Fardi and Samad, 2018, p. 34). In fact, it helps in increasing the efficiency of the employees and increasing the productivity levels of the companies and securing the data in an effective manner.2FA with SSL VPN is one of the most popular security solutions used by companies these days. In this network security assignment we have strictly followed the format given in marking rubrics to cover in helping the student to cover all the deliverables in the assignment.
Conclusion
The second-factor authentication has provided a number of facilities to the users by safeguarding their accounts from possible thefts and disclosures. The use of 2FA is not only limited to the provision of security to the users but it is also a cost-effective method that is used to safeguard the productivity, flexibility, etc concerns of the users (Albahar, Haataja and Toivanen, 2016, p. 12). The application of 2FA has brought an immense amount of safety and security in carrying out the transactions that are related to the monetary values and is highly preferred by all the financial institutions like banks. This network security assignment effective covered the different aspects of the 2FA and its implications in providing safety and security to the users. Network security assignment assignments are being prepared by our IT experts from top universities which let us to provide you a reliable IT assignment help service.
References
Albahar, M.A., Haataja, K. and Toivanen, P., 2016. BLUETOOTH MITM Vulnerabilities: A Literature Review, Novel Attack Scenarios, Novel Countermeasures, And Lessons Learned. International Journal on Information Technologies & Security, 8(4).
Barkadehi, M.H., Nilashi, M., Ibrahim, O., Fardi, A.Z. and Samad, S., 2018. Authentication systems: A literature review and classification. Telematics and Informatics.
Beck, J.M. and Swensen, C.L., DIRECTPOINTE Inc, 2015. Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method. U.S. Patent 8,973,122.
Bonneau, J., Herley, C., Van Oorschot, P.C. and Stajano, F., 2015. Passwords and the evolution of imperfect authentication. Communications of the ACM, 58(7), pp.78-87.
Cheng, P.C., Koved, L., Singh, K.K., Swart, C.B. and Trewin, S.M., International Business Machines Corp, 2017. Suppression of authorization risk feedback to mitigate risk factor manipulation in an authorization system. U.S. Patent Application 15/618,283.
Colnago, J., Devlin, S., Oates, M., Swoopes, C., Bauer, L., Cranor, L. and Christin, N., 2018, April. “It's not actually that horrible”: Exploring Adoption of Two-Factor Authentication at a University. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (p. 456). ACM.
Graham, K.M. and Cox, S.G., SecureAuth Corp, 2018. Identity security and containment based on detected threat events. U.S. Patent Application 15/706,475.
Kogan, D., Manohar, N. and Boneh, D., 2017, October. T/Key: Second-Factor Authentication From Secure Hash Chains. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 983-999). ACM.
Van Goethem, T., Scheepers, W., Preuveneers, D. and Joosen, W., 2016, April. Accelerometer-based device fingerprinting for multi-factor mobile authentication. In International Symposium on Engineering Secure Software and Systems (pp. 106-121). Springer, Cham.
Wang, J., Gupta, M. and Rao, H.R., 2015. Insider threats in a financial institution: Analysis of attack-proneness of information systems applications. MIS quarterly, 39(1).
Zink, T. and Waldvogel, M., 2017. X. 509 user certificate-based two-factor authentication for web applications.