SlideShare a Scribd company logo

IRJET- 2 FAUS: Two Factor Authentication using Smartwatch and Google Cloud Messaging Service

IRJET Journal
IRJET Journal

1. The document proposes a two-factor authentication system using smartwatches. It aims to provide a more convenient authentication method compared to existing SMS/email-based systems. 2. The proposed system uses smartwatch notifications and a 4-digit PIN entered on the smartwatch for two-factor authentication. When a user logs in, their smartwatch receives a notification and prompts them to enter their PIN. 3. The system is designed to be faster and less cumbersome than traditional two-factor authentication methods. By leveraging growing smartwatch usage, it could provide more secure authentication across multiple user accounts and services.

Engineering
1 of 3
Download to read offline
1
2
3
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 2656 2 FAUS: Two Factor Authentication Using Smartwatch and Google Cloud Messaging Service Prof. Purnima Ahirao1, Khushang Mehta2 1Asst Prof, Dept of IT, KJSCE, Mumbai, India 2Student, University of Cincinnati, Cincinnati, OH ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Two-factor authentication is an important technique used for providing Security to all types of Login features used worldwide. Users are promptedto provide something they know using something they have. The proposed system provides Two-factor Authentication using Smartwatch.Thesystemisaimed at providing a convenient and secure access to user accounts. This method delivers a service which can be used for all authenticationpurposessuchasUserLogin Authentication, Online Payment Authentication, Remote Access Authentication, etc. Existing two factor authentication methods rely on SMS and/or e-mail services for sending temporary codes to users in order to verify the user’s authenticity, on top of the user/passwordcombination. It also requires the users to remember andinputlenghtycodeseverytimealogin is attempted. This paper presents a novel two-factor authentication scheme where a user's smartwatch receives a notification from the service using the proposed protocol. This notification will prompt the user to enter his own selected password in the application built for the smartwatch. Key Words: Authentication, Security, Smartwatch, Android Wear, Privacy and Two Factor Authentication. 1. INTRODUCTION Current authentication systems rely on one or multiple usually complex passphrases toberememberedbytheusers which are sometimes required to be changed periodically. Any of these common actions could put the users at risk of having their password stolen: i. Using the samepassword on more than one site ii. Downloading software from the Internet iii. Clicking onlinksinemail messagesTheproposed system introduces another layer of security where the authenticity of the user is verified more than once. Current methods for two step verificationrelyonSMSoremail which are time consuming and require unnecessary user interactions. The proposed system will allow users to use a two-step authentication system, first login and authenticating the login throught the use of a smartwatch. The system will eventually help in saving time and reducing the amount of user actions required. Use of smartwatches worldwide are increasing by a huge percentage. This proposed system can be used as the base for most of the security applications that will be developed for smartwatches. The two factor authentication system presented in this paper utilises a smartwatch (something you have) to authenticate themselves to any Login Interface. The system uses a 4 digit code that is set by the user while registering with the system. The system will send a notification to the user’s smartwatch (using Google Cloud Messaging), prompting the user to input a password. Entering the correct password will grant the user access to the web service. This system will enable faster secured access to a service. Multiple accounts, from different services, of the same user can be used on the same applicaiton for two step authentication. Two factor authentication using smartwatch, can be coupled with multiple web services to provide a faster mechanism for authentication. 2. EXISTING SYSTEM The current two-factor authenticationsystemasin[1]usesa classic way, sending a SMS or an E-mail with an OTP(One Time Password) to the corresponding number or mail ID. This system require users to spend more time in signing in to the account than required. The traditional system also causes an inconvenience to the user, either to login everytime to his email id or fetching his phone from the pocket or desk which may be in another room. The user is then required to enter the OTP recieved in the web application to gain access. Hence, users according to a study do not opt for a two factor authentication for the same reason. In paper [2] Giri and Srivastav explains the flaws in existing remote authentication systems relying on smart cards and proposes a better system to replace this one. It improves upon the existing systems byovercomingitsflaws. The method proposed in this paper is a dynamic ID-based remote user authentication using smart cards. One of the ways it accomplishes this is by providing the users with the choice to set and change their passwords. In [3] Google provides an overview of various security features thatare in Place at the OS level and at the Google services layer. It also introduces the new device management capabilities developed for work, which give enterprises the ability to manage and develop applications on their users devices, prevent work data leakage, secure the communication back to the enterprise, and manage the applications installed in their workspace, preventing any unapproved apps from
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 2657 being installed for work. Smartwatches is in hype in the technological world due to its feature of interactions with the smartphone[4]. These smartwatches can display text messages and emails. Thepebblewatchalsohasane-reader- style display. So the smartwatches are being pitched to be used for convenient communciation in the electronic form. 3. PROPOSED SYSTEM Our proposed system enables users to quickly and easily get through the steps of the two factor authentication system. The user only requires to have a working internet connection from the smartwatch to the internet. Google Messaging Service(GCM) is used to automatically send a message to user’s device. Opening this message allows the user to authenticate himself on the smartwatch. 3.1 Overview of Implementation Fig1. Presents the block diagram of the proposed system.Chart -1: Fig -1: Name of the figure As shown in Fig 1 the System is divided into 4 Phases •Implement the Watch App UI and Mobile App UI: In this phase the Android Wear and Mobile UI was developed using Android Studio. •Implement the Website UI: In this phase we were able to develop a website page using HTML5 and CSS. 14 •Implement the Data Layer between Watch App and Phone App: The Watch App and the Phone App were further developed to work together and enable more features. •Implement the Web api to connect to the Mobile and Watch App: The website needs to be connected to the Watch interface for the user to authorize himself. • Implement Encryption and Authentication algorithms: Encryption and Authentication algorithms will be used to make the interface more robust and Secure. 3.2 2 Factor Authentication using Smartwatch(2FAUS) The 2FAUS system enables users to quickly and easily get through the steps of the two factor authentication system. The user only requires to have a working internet connection from the smartwatch to the internet. GCM 25 is used to automatically send a message to user’s device. Opening this message allowstheusertoauthenticatehimself on the smartwatch. A. Logging in through 2FAUS enabled service: User logs in t by providing login credentials as shown in Fig2 Figure 2. Login using 2FAUS B. Sending Message through Google Cloud Messaging: Once the web service authenticates the user, it sends a message to the user’s smartphone via the Google Cloud Messaging (GCM) service for second level of authentication. C. Notification to Smartwatch: The smartphone sends a message to the smartwatch as shown in figure 3, informing of a log-in attempt and requesting second level of user verification for a web service. Figure 3. Notification on Smartwatch
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 2658 D. Verification using code on Smartwatch: As shown in Fig 4 On clicking the notification, the user is prompted to enter a four digit code that is set by the user . Thenotificationsentto the Watch will trigger an application launch.Thisapplication as shown in the figure 4 will display a 4 pin password lock. _ The user can use this password lock to verify himselfinthe2 step authentication process. Entering the right password would trigger a call to the Web Service letting the user to be let into the web site. 24 This code is set to the device and is same for any service using 2FAUS for a user. On the password input screen, the user needs to press the button corresponding to the digits in the code, once for every digit. Traditional 10 button input is not suitable for a screen of such size. Android wear devices have a resolution of either 240x240 pixels or 320x320 pixels. Figure 4: Password Input on Smartwatch E. After entering the correct code, the 2FAUS application on the watch sends a message back to the phone using DataLayer. The smartphone then informs the web service and the user is then allowed access. This communication between smartphone and web service is handled by either the GCM. Since the smartwatch cannot directly communicate with any onlinewebserviceasofnow, all the communication between the web service and the smartwatch is done with the user’s smartphone as an intermediary. The smartphone application will connect the smartwatch to the web service using GCM . 4. CONCLUSION Online accounts today, protected by a single factor authentication such as passwords are pronetohacking. Two factor authentication has already been introduced, but in most cases, user’s are more of frustrated rather than thinking of it as a helpful security measure. The smartwatch industry has its sales increasing quarts-over-quarter by a huge percentage, sources show 160 millionsmartwatchesto be shipped in the year of 2019 alone. This shows that a huge base of users to be qualified for using our technology. This paper focuses on the implementation of two-factor authentication methods using smartwatches. Itprovidesthe users with an ease of use and faster response to the traditional two factor authentication system. The proposed system has the option of notifying the user on the smartwatch and enabling him to enter the pin in a small amount of time. This method also helps the users to be able to share their account ID’s and Passwords while keeping the shared user’s access in check. This system also allows users to keep the same or easy to remember for different accounts without compromising its security. 5. REFERENCES 1. Secure Login Using Encrypted One Time Password (OTP) and Mobile Based Login Methodology. Ms.E.Kalaikavitha 2. Cryptanalysis and Improvement of a Remote User Authentication Scheme usingSmartCards(IEEE),D.Giri and P. D. Srivastava. 3. Android for Work Security White Paper, Google . 4. https://sensiblemicro.com/smart-watches-the-start-of- the-wearable-electronics-revolution/ 5. THE SMARTWATCH MARKET: Growth, Consumer Attitudes, And Why This Is The New Device Category To Bet On, Tony Danova. 6. Two Factor Authentication Using Mobile Phones, Fadi Aloul, Sye

More Related Content

What's hot (17)

PDF
IRJET- Women Safety Application using Firebase and Geocoder
IRJET Journal
 
PDF
Ijiret siri-hp-a-remote-phone-access-for-smartphone-events
IJIR JOURNALS IJIRUSA
 
PDF
Keystroke with Data Leakage Detection for Secure Email Authentication
YogeshIJTSRD
 
PDF
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET Journal
 
PDF
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...
IRJET Journal
 
PDF
IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET Journal
 
PDF
IRJET- Passmatrix Authentication to Overcome Shouldersurfing Attacks
IRJET Journal
 
PPT
Instant messaging tech scet
pankaj gamit
 
PDF
Ijsrdv8 i10355
aissmsblogs
 
PDF
Smartphone Remote Detection and Wipe System using SMS
Editor IJCATR
 
PDF
Secure Internet Voting System
theijes
 
PDF
IRJET- Securing E-Medical Documents using QR Code
IRJET Journal
 
PDF
IRJET- Securing Internet Voting Protocol using Implicit Security Model and On...
IRJET Journal
 
PDF
Android Based Smart Department
IRJET Journal
 
PDF
Secure instant messanger service
Aditya Gupta
 
PDF
A smart, location based time and
ijcseit
 
PDF
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
IRJET Journal
 
IRJET- Women Safety Application using Firebase and Geocoder
IRJET Journal
 
Ijiret siri-hp-a-remote-phone-access-for-smartphone-events
IJIR JOURNALS IJIRUSA
 
Keystroke with Data Leakage Detection for Secure Email Authentication
YogeshIJTSRD
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET Journal
 
IRJET - Detection of False Data Injection Attacks using K-Means Clusterin...
IRJET Journal
 
IRJET- Implementation of Handling Android Application using SMS(Short Mes...
IRJET Journal
 
IRJET- Passmatrix Authentication to Overcome Shouldersurfing Attacks
IRJET Journal
 
Instant messaging tech scet
pankaj gamit
 
Ijsrdv8 i10355
aissmsblogs
 
Smartphone Remote Detection and Wipe System using SMS
Editor IJCATR
 
Secure Internet Voting System
theijes
 
IRJET- Securing E-Medical Documents using QR Code
IRJET Journal
 
IRJET- Securing Internet Voting Protocol using Implicit Security Model and On...
IRJET Journal
 
Android Based Smart Department
IRJET Journal
 
Secure instant messanger service
Aditya Gupta
 
A smart, location based time and
ijcseit
 
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
IRJET Journal
 

Similar to IRJET- 2 FAUS: Two Factor Authentication using Smartwatch and Google Cloud Messaging Service (20)

PDF
Secret Lock – Anti Theft: Integration of App Locker & Detection of Theft Usin...
IRJET Journal
 
DOC
87559489 auth
homeworkping4
 
PDF
325 330
Editor IJARCET
 
PDF
IRJET- Password Management Kit for Secure Authentication
IRJET Journal
 
PDF
Two aspect authentication system using secure
Uvaraj Shan
 
PDF
Two aspect authentication system using secure
Uvaraj Shan
 
PDF
13_2
Prince Gupta
 
PDF
120 i143
Hai Nguyen
 
PDF
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Ping Identity
 
PPTX
Presentation of website analytics in webi
hemantshrivas2004
 
PDF
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
PDF
2FYSH: two-factor authentication you should have for password replacement
TELKOMNIKA JOURNAL
 
PDF
Two aspect authentication system using secure mobile
Uvaraj Shan
 
PDF
Two aspect authentication system using secure mobile devices
Uvaraj Shan
 
PPTX
Safety watch:Providing Human Security through Smartphone's
Swetha Pallati
 
PDF
Android Based Total Security for System Authentication
IJERA Editor
 
PPTX
Hardware Authentication
Coder Tech
 
PPTX
Authentifusion: Clarifying the Future of Customer Authentication
Michael Thelander
 
PPTX
TOWARDS SELF-AUTHENTICABLE WEARABLE DEVICES
Rasha Kamal
 
PDF
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
Secret Lock – Anti Theft: Integration of App Locker & Detection of Theft Usin...
IRJET Journal
 
87559489 auth
homeworkping4
 
325 330
Editor IJARCET
 
IRJET- Password Management Kit for Secure Authentication
IRJET Journal
 
Two aspect authentication system using secure
Uvaraj Shan
 
Two aspect authentication system using secure
Uvaraj Shan
 
13_2
Prince Gupta
 
120 i143
Hai Nguyen
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Ping Identity
 
Presentation of website analytics in webi
hemantshrivas2004
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
2FYSH: two-factor authentication you should have for password replacement
TELKOMNIKA JOURNAL
 
Two aspect authentication system using secure mobile
Uvaraj Shan
 
Two aspect authentication system using secure mobile devices
Uvaraj Shan
 
Safety watch:Providing Human Security through Smartphone's
Swetha Pallati
 
Android Based Total Security for System Authentication
IJERA Editor
 
Hardware Authentication
Coder Tech
 
Authentifusion: Clarifying the Future of Customer Authentication
Michael Thelander
 
TOWARDS SELF-AUTHENTICABLE WEARABLE DEVICES
Rasha Kamal
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
IJNSA Journal
 
Ad

More from IRJET Journal (20)

PDF
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
IRJET Journal
 
PDF
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
PDF
Kiona – A Smart Society Automation Project
IRJET Journal
 
PDF
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
PDF
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
PDF
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
PDF
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
PDF
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
PDF
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
PDF
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
PDF
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
PDF
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
PDF
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
PDF
Breast Cancer Detection using Computer Vision
IRJET Journal
 
PDF
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
PDF
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
PDF
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
PDF
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
PDF
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
PDF
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
IRJET Journal
 
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
Kiona – A Smart Society Automation Project
IRJET Journal
 
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
Breast Cancer Detection using Computer Vision
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Ad

Recently uploaded (20)

PPTX
Numerical-Solutions-of-Ordinary-Differential-Equations.pptx
SAMUKTHAARM
 
PDF
Module - 4 Machine Learning -22ISE62.pdf
Dr. Shivashankar
 
PDF
methodology-driven-mbse-murphy-july-hsv-huntsville6680038572db67488e78ff00003...
henriqueltorres1
 
PPTX
Biosensors, BioDevices, Biomediccal.pptx
AsimovRiyaz
 
PDF
20ES1152 Programming for Problem Solving Lab Manual VRSEC.pdf
Ashutosh Satapathy
 
PDF
Artificial Neural Network-Types,Perceptron,Problems
Sharmila Chidaravalli
 
PDF
PROGRAMMING REQUESTS/RESPONSES WITH GREATFREE IN THE CLOUD ENVIRONMENT
samueljackson3773
 
PPTX
Seminar Description: YOLO v1 (You Only Look Once).pptx
abhijithpramod20002
 
PPTX
L300 Technical Slide Library_Feb 2025 microsoft purview
macarenabenitez6
 
PPTX
darshai cross section and river section analysis
muk7971
 
PPTX
OCS353 DATA SCIENCE FUNDAMENTALS- Unit 1 Introduction to Data Science
A R SIVANESH M.E., (Ph.D)
 
PPTX
Unit_I Functional Units, Instruction Sets.pptx
logaprakash9
 
PDF
Artificial intelligence,WHAT IS AI ALL ABOUT AI....pdf
Himani271945
 
PPTX
UNIT 1 - INTRODUCTION TO AI and AI tools and basic concept
gokuld13012005
 
PPTX
template.pptxr4t5y67yrttttttttttttttttttttttttttttttttttt
SithamparanaathanPir
 
PPTX
Diabetes diabetes diabetes diabetes jsnsmxndm
130SaniyaAbduNasir
 
PDF
Clustering Algorithms - Kmeans,Min ALgorithm
Sharmila Chidaravalli
 
DOCX
Engineering Geology Field Report to Malekhu .docx
justprashant567
 
PDF
Bayesian Learning - Naive Bayes Algorithm
Sharmila Chidaravalli
 
PDF
Authentication Devices in Fog-mobile Edge Computing Environments through a Wi...
ijujournal
 
Numerical-Solutions-of-Ordinary-Differential-Equations.pptx
SAMUKTHAARM
 
Module - 4 Machine Learning -22ISE62.pdf
Dr. Shivashankar
 
methodology-driven-mbse-murphy-july-hsv-huntsville6680038572db67488e78ff00003...
henriqueltorres1
 
Biosensors, BioDevices, Biomediccal.pptx
AsimovRiyaz
 
20ES1152 Programming for Problem Solving Lab Manual VRSEC.pdf
Ashutosh Satapathy
 
Artificial Neural Network-Types,Perceptron,Problems
Sharmila Chidaravalli
 
PROGRAMMING REQUESTS/RESPONSES WITH GREATFREE IN THE CLOUD ENVIRONMENT
samueljackson3773
 
Seminar Description: YOLO v1 (You Only Look Once).pptx
abhijithpramod20002
 
L300 Technical Slide Library_Feb 2025 microsoft purview
macarenabenitez6
 
darshai cross section and river section analysis
muk7971
 
OCS353 DATA SCIENCE FUNDAMENTALS- Unit 1 Introduction to Data Science
A R SIVANESH M.E., (Ph.D)
 
Unit_I Functional Units, Instruction Sets.pptx
logaprakash9
 
Artificial intelligence,WHAT IS AI ALL ABOUT AI....pdf
Himani271945
 
UNIT 1 - INTRODUCTION TO AI and AI tools and basic concept
gokuld13012005
 
template.pptxr4t5y67yrttttttttttttttttttttttttttttttttttt
SithamparanaathanPir
 
Diabetes diabetes diabetes diabetes jsnsmxndm
130SaniyaAbduNasir
 
Clustering Algorithms - Kmeans,Min ALgorithm
Sharmila Chidaravalli
 
Engineering Geology Field Report to Malekhu .docx
justprashant567
 
Bayesian Learning - Naive Bayes Algorithm
Sharmila Chidaravalli
 
Authentication Devices in Fog-mobile Edge Computing Environments through a Wi...
ijujournal
 

IRJET- 2 FAUS: Two Factor Authentication using Smartwatch and Google Cloud Messaging Service

  • 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 2656 2 FAUS: Two Factor Authentication Using Smartwatch and Google Cloud Messaging Service Prof. Purnima Ahirao1, Khushang Mehta2 1Asst Prof, Dept of IT, KJSCE, Mumbai, India 2Student, University of Cincinnati, Cincinnati, OH ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - Two-factor authentication is an important technique used for providing Security to all types of Login features used worldwide. Users are promptedto provide something they know using something they have. The proposed system provides Two-factor Authentication using Smartwatch.Thesystemisaimed at providing a convenient and secure access to user accounts. This method delivers a service which can be used for all authenticationpurposessuchasUserLogin Authentication, Online Payment Authentication, Remote Access Authentication, etc. Existing two factor authentication methods rely on SMS and/or e-mail services for sending temporary codes to users in order to verify the user’s authenticity, on top of the user/passwordcombination. It also requires the users to remember andinputlenghtycodeseverytimealogin is attempted. This paper presents a novel two-factor authentication scheme where a user's smartwatch receives a notification from the service using the proposed protocol. This notification will prompt the user to enter his own selected password in the application built for the smartwatch. Key Words: Authentication, Security, Smartwatch, Android Wear, Privacy and Two Factor Authentication. 1. INTRODUCTION Current authentication systems rely on one or multiple usually complex passphrases toberememberedbytheusers which are sometimes required to be changed periodically. Any of these common actions could put the users at risk of having their password stolen: i. Using the samepassword on more than one site ii. Downloading software from the Internet iii. Clicking onlinksinemail messagesTheproposed system introduces another layer of security where the authenticity of the user is verified more than once. Current methods for two step verificationrelyonSMSoremail which are time consuming and require unnecessary user interactions. The proposed system will allow users to use a two-step authentication system, first login and authenticating the login throught the use of a smartwatch. The system will eventually help in saving time and reducing the amount of user actions required. Use of smartwatches worldwide are increasing by a huge percentage. This proposed system can be used as the base for most of the security applications that will be developed for smartwatches. The two factor authentication system presented in this paper utilises a smartwatch (something you have) to authenticate themselves to any Login Interface. The system uses a 4 digit code that is set by the user while registering with the system. The system will send a notification to the user’s smartwatch (using Google Cloud Messaging), prompting the user to input a password. Entering the correct password will grant the user access to the web service. This system will enable faster secured access to a service. Multiple accounts, from different services, of the same user can be used on the same applicaiton for two step authentication. Two factor authentication using smartwatch, can be coupled with multiple web services to provide a faster mechanism for authentication. 2. EXISTING SYSTEM The current two-factor authenticationsystemasin[1]usesa classic way, sending a SMS or an E-mail with an OTP(One Time Password) to the corresponding number or mail ID. This system require users to spend more time in signing in to the account than required. The traditional system also causes an inconvenience to the user, either to login everytime to his email id or fetching his phone from the pocket or desk which may be in another room. The user is then required to enter the OTP recieved in the web application to gain access. Hence, users according to a study do not opt for a two factor authentication for the same reason. In paper [2] Giri and Srivastav explains the flaws in existing remote authentication systems relying on smart cards and proposes a better system to replace this one. It improves upon the existing systems byovercomingitsflaws. The method proposed in this paper is a dynamic ID-based remote user authentication using smart cards. One of the ways it accomplishes this is by providing the users with the choice to set and change their passwords. In [3] Google provides an overview of various security features thatare in Place at the OS level and at the Google services layer. It also introduces the new device management capabilities developed for work, which give enterprises the ability to manage and develop applications on their users devices, prevent work data leakage, secure the communication back to the enterprise, and manage the applications installed in their workspace, preventing any unapproved apps from
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 2657 being installed for work. Smartwatches is in hype in the technological world due to its feature of interactions with the smartphone[4]. These smartwatches can display text messages and emails. Thepebblewatchalsohasane-reader- style display. So the smartwatches are being pitched to be used for convenient communciation in the electronic form. 3. PROPOSED SYSTEM Our proposed system enables users to quickly and easily get through the steps of the two factor authentication system. The user only requires to have a working internet connection from the smartwatch to the internet. Google Messaging Service(GCM) is used to automatically send a message to user’s device. Opening this message allows the user to authenticate himself on the smartwatch. 3.1 Overview of Implementation Fig1. Presents the block diagram of the proposed system.Chart -1: Fig -1: Name of the figure As shown in Fig 1 the System is divided into 4 Phases •Implement the Watch App UI and Mobile App UI: In this phase the Android Wear and Mobile UI was developed using Android Studio. •Implement the Website UI: In this phase we were able to develop a website page using HTML5 and CSS. 14 •Implement the Data Layer between Watch App and Phone App: The Watch App and the Phone App were further developed to work together and enable more features. •Implement the Web api to connect to the Mobile and Watch App: The website needs to be connected to the Watch interface for the user to authorize himself. • Implement Encryption and Authentication algorithms: Encryption and Authentication algorithms will be used to make the interface more robust and Secure. 3.2 2 Factor Authentication using Smartwatch(2FAUS) The 2FAUS system enables users to quickly and easily get through the steps of the two factor authentication system. The user only requires to have a working internet connection from the smartwatch to the internet. GCM 25 is used to automatically send a message to user’s device. Opening this message allowstheusertoauthenticatehimself on the smartwatch. A. Logging in through 2FAUS enabled service: User logs in t by providing login credentials as shown in Fig2 Figure 2. Login using 2FAUS B. Sending Message through Google Cloud Messaging: Once the web service authenticates the user, it sends a message to the user’s smartphone via the Google Cloud Messaging (GCM) service for second level of authentication. C. Notification to Smartwatch: The smartphone sends a message to the smartwatch as shown in figure 3, informing of a log-in attempt and requesting second level of user verification for a web service. Figure 3. Notification on Smartwatch
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 02 | Feb 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 2658 D. Verification using code on Smartwatch: As shown in Fig 4 On clicking the notification, the user is prompted to enter a four digit code that is set by the user . Thenotificationsentto the Watch will trigger an application launch.Thisapplication as shown in the figure 4 will display a 4 pin password lock. _ The user can use this password lock to verify himselfinthe2 step authentication process. Entering the right password would trigger a call to the Web Service letting the user to be let into the web site. 24 This code is set to the device and is same for any service using 2FAUS for a user. On the password input screen, the user needs to press the button corresponding to the digits in the code, once for every digit. Traditional 10 button input is not suitable for a screen of such size. Android wear devices have a resolution of either 240x240 pixels or 320x320 pixels. Figure 4: Password Input on Smartwatch E. After entering the correct code, the 2FAUS application on the watch sends a message back to the phone using DataLayer. The smartphone then informs the web service and the user is then allowed access. This communication between smartphone and web service is handled by either the GCM. Since the smartwatch cannot directly communicate with any onlinewebserviceasofnow, all the communication between the web service and the smartwatch is done with the user’s smartphone as an intermediary. The smartphone application will connect the smartwatch to the web service using GCM . 4. CONCLUSION Online accounts today, protected by a single factor authentication such as passwords are pronetohacking. Two factor authentication has already been introduced, but in most cases, user’s are more of frustrated rather than thinking of it as a helpful security measure. The smartwatch industry has its sales increasing quarts-over-quarter by a huge percentage, sources show 160 millionsmartwatchesto be shipped in the year of 2019 alone. This shows that a huge base of users to be qualified for using our technology. This paper focuses on the implementation of two-factor authentication methods using smartwatches. Itprovidesthe users with an ease of use and faster response to the traditional two factor authentication system. The proposed system has the option of notifying the user on the smartwatch and enabling him to enter the pin in a small amount of time. This method also helps the users to be able to share their account ID’s and Passwords while keeping the shared user’s access in check. This system also allows users to keep the same or easy to remember for different accounts without compromising its security. 5. REFERENCES 1. Secure Login Using Encrypted One Time Password (OTP) and Mobile Based Login Methodology. Ms.E.Kalaikavitha 2. Cryptanalysis and Improvement of a Remote User Authentication Scheme usingSmartCards(IEEE),D.Giri and P. D. Srivastava. 3. Android for Work Security White Paper, Google . 4. https://sensiblemicro.com/smart-watches-the-start-of- the-wearable-electronics-revolution/ 5. THE SMARTWATCH MARKET: Growth, Consumer Attitudes, And Why This Is The New Device Category To Bet On, Tony Danova. 6. Two Factor Authentication Using Mobile Phones, Fadi Aloul, Sye