Implementation Strategies for Multifactor Authentication for E-Governance Applications through Restful Webservices
V Nirmalrani and P Sakthivel. Article: Implementation Strategies for Multifactor Authentication for E-Governance Applications through Restful Webservices. IJCA Special Issue on International Conference on Communication, Computing and Information Technology ICCCMIT(3):41-49, February 2013. Full text available. BibTeX
@article{key:article,
author = {V. Nirmalrani and P. Sakthivel},
title = {Article: Implementation Strategies for Multifactor Authentication for E-Governance Applications through Restful Webservices},
journal = {IJCA Special Issue on International Conference on Communication, Computing and Information Technology},
year = {2013},
volume = {ICCCMIT},
number = {3},
pages = {41-49},
month = {February},
note = {Full text available}
}
Abstract
Governance means the exercise of political, economic and administrative authority in the management of a country’s affairs, including citizen’s interests and exercise of their legal rights and obligations. E-governance may be understood as the performance of this governance through the electronic medium in order to facilitate an efficient, speedy and transparent process of disseminating the required information to the public, and other agencies to perform the government administration activities. Authentication is the key to secure e-Governance applications and services. User name and password credentials are used for authenticating and authorizing, which is not sufficient. As Internet is more vulnerable nowadays, this one factor authentication is not secure and it is vulnerable for hacking. Even, in case of RESTful Web services, the current system doesn't provide any security measures except user name and password credentials, even which are hard coded in the invoking applications. This paper proposed a novel and sufficient solution that addresses the authentication in more secure and complex way. The proposed work uses the multi-factor authentication for e-Governance Applications through RESTful web services. Multi-factor Authentication includes One Time Password (OTP), Digital Signatures, extended Token based authentication for web services. Solutions to be delivered as Web services (Component based architecture) with certain access control which serves the following two purposes. First, it secures the application and services, and latter it provides a reusable component for authentication.
References
- Reeder, R. W. Schechter, “When the Password Doesn’t Work: Secondary Authentication for Websites”, IEEE Transaction on Security & Privacy, Vol. 9, Issue 2, pp 43 – 49, April 2011.
- Xu Chengqiang , Zhang Zhenli , “An integrated One-Time-Password and access control authentication scheme”, 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT 10), Vol. 2, pp. 252 – 254, November 2010.
- Dunlu Peng, Chen Li, Huan Huo, “An Extended UsernameToken-based Approach for REST-style Web Service Security Authentication”, 2nd IEEE International Conference on Computer Science and Information Technology, pp 582 – 586, August 2009.
- Li Liangzhi, “Research on the E-Government Scheme based on Multi- Technologies and Bi-directional Authentication”, International Conference on Management of e-Commerce and e-Government (ICMECG ’08), pp 124 – 127, October 2008.
- Kaleem Iqbal Siddiqui , Raja Iqbal , Tauseef Ahmad Rana , “Qualifier based access to web-services for portal to portal Communication”, proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce (CIMCA-IAWTIC ‘05), Vol. 1, pp 138 -144, 2005
- http://docs.amazonwebservices.com/AmazonDevPay/latest/DevPayDeveloperGuide/LSAPI_Auth_REST.html
- http://www.bouncycastle.org/csharp/resources.html
- http://www.akadia.com/services/ssh_test_certificate.html