Enhancing RESTful Web Service Security with a Multi-Factor Authentication Mechanism - Alex Luyima Cedric

. .

Résumé :
Master's Thesis from the year 2019 in the subject Computer Science - Commercial Information Technology, grade: 15.0, , course: Information Systems, language: English, abstract: To date, organizations are still running autonomous legacy systems alongside newer modern web-based systems. These organizations choose this way of operation as they fear that a direct system changeover can cause disruptions to an organization?s daily operations. Additionally, some organizations realize that they still need the business-critical functionalities embedded within millions of code in their legacy systems. However, keeping autonomous systems within an organization is counter-productive as these systems do not support interoperability. Therefore, a need arises for autonomous systems to share data and information, and this can be achieved through systems integration. RESTful web services provide a cost-effective and an efficient alternative to tight business process integration. With RESTful web services, legacy systems can be integrated with newer web-based or mobile user interfaces. However, RESTful web services currently do not provide secure integration as they have no specified security standards. Therefore, they are not recommended for use in enterprise-level systems which require strong security implementations. RESTful web services? stateless nature, their reliance on HTTP and use of URIs to transfer sensitive data has led to security breaches. The security challenges are mostly experienced in REST?s authentication process. In this study, the researcher explored the different security mechanisms/schemes currently available in RESTful web services, and was able to determine their strengths and weaknesses. With Ndejje University?s two major autonomous information systems being taken as the basis for this study, a qualitative research was undertaken to determine how systems at Ndejje University are developed, implemented and operationalized. The qualitative approach carried out also explored the user experiences on the University?s information systems, with the aim of rallying support for the integration. From the data collected through interviews and document reviews, the researcher was able to define the requirements for an improved authentication mechanism, which was designed, implemented and tested. The two-factor authentication mechanism developed is based on the existing API key authentication mechanism and HOTP algorithm.