System of two­factor authentication of the user of the corporate environment using a QR code

Abstract

In today's world, technologies are developing at a rapid pace. It is very difficult to imagine a sphere of human life where digital data is not used, for example, banking operations, distance learning, utility payments, online messaging have become commonplace for us. However, on the other hand, the question arose of how to ensure the reliability and confidentiality of this data. One of the methods was authentication when entering the system, that is, entering a login and password to identify the user. To date, this method is not reliable and quite vulnerable, because most users have started using the same passwords for login, or simply ignore their reliability and use rather primitive ones. As a result of such actions, more and more confidential user data is at risk of being acquired by unauthorized criminals. The idea to develop a two-factor authentication system using a QR code arose as a result of the urgency of this problem and the imperfection of existing software products. The basis will be the generation of a unique code that will be available only for a short period of time, which will be enough for the user to enter the system. This technology will allow dynamically changing the set of numbers required for authentication. If an attacker takes possession of it, he will not be able to use it, because it will change in the system in a fairly quick period of time. The article discusses the implementation of the two-factor authentication algorithm using a QR code, which has a simple appearance, but can store a large amount of data. Also, regardless of how much information the QR code contains, the data is displayed immediately after reading it. This provides an increased level of protection when the user enters the system and prevents unauthorized access to confidential data by cybercriminals. An approach using TOTP (Time-based One-time password) is also proposed, which will generate a one-time code based on a secret key. The main feature is the use of time as one of the parameters to generate a dynamic 6-digit password required for logging into the system. Also, its generation will be carried out automatically every 30 seconds, thus creating conditions for making its theft and unauthorized use impossible.

Keywords: QR code; barcode; TOTP algorithm; dynamic password generation; data scanning.

References
1. Boyles A. The Complete Guide to QR Codes Kindle Edition. QR-Codes.com, 2012. 35 p.
2. Huaguo J. Study and Application of Encoding and Decoding Algorithms for Colored Two-dimensional Code on Mobile Terminals. Hangzhou: Zhejiang University of Technology, 2009. 17 p.
3. Time based One Time Password [Electronic resource]. URL: https://www.hypr.com/security-encyclopedia/time-based-time-password-totp-otp
4. Winter M. Scan me: Everybody’s Guide to the Magical World of QR Codes. Westsong Publishing, 2011. 144 p.
5. Hopkins D. QR Codes in Education: QR Codes ... A great way to pass information from on source to another. Westsong Publishing, 2013. 108 p.