An Android App for One-Time Password Management (Bachelor Thesis)

The full title of my bachelor thesis is Development of an Android App for One-Time Password Generation & Management, which was shortened for the title. Over the course of my thesis I developed an Android app that allows the user to carry and manage any number of OTP lists, specifically OTP lists created by the OTPW Package written by Markus Kuhn. The thesis consist of the app itself as well as a theoretical document covering One-Time Passwords in general, Random Number Generation, the Android platform, app development for Android and, last but not least, the actual app development itself.

Though primarily written to manage and generate lists generated by the OTPW package right now, the app architecture was designed with extensibility in mind. It should not be too hard to add support for another OTP-System. The basic components are well encapsulated by interfaces (like PasswordGenerator) and the generation facility was written against these. Only the generation GUI needs to be extended to accommodate for other possible OTP-Systems.

Requirements

The app utilizes the following libraries:

Alas, the Android Development Tools (ADT in short) could not convert the JAR library file provided by the GNU Crypto website into an Android-compatible JAR file, so I had to include the source of the GNU Crypto project itself. To limit the impact on the size of the app, I only included what was needed by my app (the hashing facility) and left out the rest of the GNU Crypto project.

Images

Thesis

Abstract

This work covers the development of an Application for the Android platform for One-Time Password Management and Creation, including all fundamentals that are necessary to do this. One-Time Passwords are introduced in general. Their benefits and drawbacks are discussed and their usage is illustrated with a practical example. Concluding, a specific OTP implementation (OTPW) is introduced.

Following is an introduction on the topic of Random Number Generation in the context of cryptography. An overview over attacks on Pseudo Random Number Generators (PRNGs) is given, as well as some design guidelines to prevent them.

The Android platform is introduced in detail to establish a basic understanding of the target platform, describing its architecture and application framework. An extensive introduction to development for Android is given in the next chapter, including installation and setup, general guidelines on developing for mobile devices and practical examples of the most important components with source code. The application developed over the course of this thesis will then be described in detail, including its architecture, design decisions and an elaboration on the implementation details.

A conclusion, including an evaluation of the Android platform and the application, summarises this work.

Future Development

This app will not be developed further and I did not distribute it on the Android App Store as there are many OTP apps available there nowadays in contract to 2010.

Disclaimer

The colloquium is provided only in german, there is no english translation available. I assume no responsibility or liability for any errors or omissions in the content of this work. The information contained in this work is provided on an “as is” basis with no guarantees of completeness, accuracy, usefulness or timeliness and without any warranties of any kind whatsoever, express or implied.