GSoC 2017: leanOTP (OTP System)

gsoc

#1

Aim: Provide developers a way to set up their own OTP delivery and verification infrastructure from scratch in little time.

The vision: The Developer will download "leanOTP" files and upload them to his/her server. Using a GUI the developer will choose whether they want to set-up SMS based OTP system or email based OTP system. The developer must integrate leanOTP into his project (function calls). If the developer opts for SMS based OTP system the developer will have to install the leanOTP app on an Android device; Then via a two-way handshake (by entering random generated codes on the server and the phone) the Android device will be authenticated and then will be used to send SMS messages; The SIM card in the device will be used to send the SMS messages; Hence SMS charges will apply. Basically using leanOTP, developers will be able implement OTP security in their projects with minimal effort.






Functionalities:

  • Send OTP messages

  • Authenticate OTP

  • OTP Request Abuse Protection

  • Log all incoming OTP requests and delivered OTP (and their recipients)

  • Provide a graphical interface for viewing the above data.

  • Filter (Accept/Deny) OTP requests based on Whitelist/Blacklist/Country Code (in case of SMS based OTP)



Integration with ownCloud: As this project will be very flexible in nature it will be compatible with ownCloud. It will be possible to integrate leanOTP in ownCloud. It could be an optional feature that users could enable if they require.



Technologies to be used:

  • Java (Android App)

  • PHP (Web Server Files)



Possible Enhancements (if time permits):

  • SMS Delivery using Arduino Board or Raspberry Pi



Suggestions will be appreciated. Thank you for this opportunity.

Arjunsinh S. Jadeja.


#2

Hello itsarjunsinh,

thank you for your contribution. But we want a Security-App with the following features:

  • Addressing BruteForceAttacks

  • FileChanges on Core

  • 404 Detection

  • TOTP-MFA

  • Strong PW enforcement

Your contribution could be a part of this App. It's a good beginning :slight_smile:


#3

Hi apaxx,

First off I'll let you know that I have no prior experience in web security but I am willing to learn. I think I am capable enough to learn and implement Strong Password Enforcement and TOTP. Also if given the chance I will also try to include all the other features that you have mentioned.

Thank you.

Arjunsinh S. Jadeja.