Along with the strong development of the internet, hacker attacks are increasingly sophisticated. Although fingerprint recognition or face verification is gaining very much popularity, passwords are still the main way to access personal accounts. Realizing that the information protection for end users is extremely important, the student group majoring in information safety at FPT University selected the topic of the 2-step authentication system integrated the hardware to defend their graduation thesis; as well as wished to develop the project and play a role in helping users protect information in the digital life.
Applying the new technology U2F in security
Nguyen Minh Hoang – Class of 10C in the information safety major – a member of the group presenting the graduation project shared: “Everyone clearly sees that the login with Username and Password is often potentially risky that passwords are leaked, and it is difficult to manage passwords so our team wants to integrate more methods so that users can more easily manage their information. ”
From the initial idea, FPT University student group researched and developed the topic with 3 main parts: Website system of user management, and integrated application management; Protocols to increase high security: TOTP, SMS TOTP, and the most prominent protocol is U2F; Building applications to integrate into online applications on the internet that support authentication.
Quoc Anh said: The new technology the team researched and put into the project is U2F. Currently, 2 methods of TOTP and SMS TOTP are very familiar to users, especially in the banking industry. With U2F, this is a new method Google and Yubico cooperated to develop. Currently, U2F has been deployed on hundreds of millions of devices with an estimation of 1.5 billion user accounts used and on many large-scale services such as Gmail, Dropbox, GitHub, Salesforce.com, British Government, etc. Now, U2F has been integrated by default on most of the browsers, including Chrome/Chromium, Opera, and Mozilla Firefox. However, U2F is not popular in Vietnam.
Using the authentication method through the hardware has brought the advantages of the team’s project, because of this anti-phishing authentication like recent phishing attacks to get OTP codes of customers.
Accordingly, in order to authenticate via the U2F device, users need to log in to their account using the username and password. After the service system has checked that the password is correct, the system will send a challenge to the U2F device. Here, the user presses the button on the device so that the U2F device proceeds to create and send the response. The service system will check the response by using the device’s public key. If the test is successful, users can log in to the account.
In order to implement the project, the group had to order more Google devices from the US and it took half a month for the new device to arrive. This device can communicate via MSC or Bluetooth to easily communicate with the computer without having to plug in directly, but the cost is higher so to implement this project, the group only bought the communication via USB. Therefore, the young student group wants to develop their own hardware and does not have to buy the foreign hardware.
Eating and sleeping with the project
The author group had 4 months of eating and sleeping with the topic, especially in the last month, they had to stay awake all night. This is also the most difficult time for the group to be well prepared for the graduation project presentation.
At the presentation session, you have 90 minutes to talk about your topic, and at the same time, describe the product demonstration as well as answer the questions, listen to the comments and suggestions from the Council marking the graduation project.
“During the four years of study, the knowledge, experience, and skills accumulated are applied not only to the implementation of projects but also many other jobs, especially independence in every job. Gathering group members is a difficult issue and require independent work to be completed so that meetings to solve the problems could be more effective. The knowledge of coding learned at school helped the team research protocols much more easily” – member Le Minh Tu shared.
A lot of skills and experience in the OJT period or years of working at an outside company have also been thoroughly applied by young people. Nguyen Minh Hoang shared: “Before that, I had 2 years working at FPT software. I have to thank FPT software for facilitating F university students as well as remote jobs that do not require to go directly to the company so I can both study and work. Here, I have done many projects, mainly web development for customers from US, Singapore, etc. That process has helped me gain more experience to serve this project. For example, the experience of website development because the project of my group uses mainly the website.”
Meanwhile, member Minh Tu also affirmed: “OJT period – learning in the enterprise environment gives us chances to be exposed to projects, real work frames; and to understand what people will have to do with a framework, how many steps it takes, etc. It helps us accumulate a part of the experience to develop the project in the right direction, more professionally. For what has been prepared, today’s presentation session deserves our efforts which the members of the group have made during the last time.”
At the presentation session, the author group received good feedbacks from the Council marking the graduation project. The teachers also provided many useful suggestions for the team to complete the better project. The group hopes that in the future, there will be enough resources to develop the project into a real project, effectively serving enterprises in the banking sector or government organizations, especially in e-government during the 4.0 period.
According to FPT EducationRelated posts: