Enhanced Security Through Multi-Factor Authentication (MFA) Integration in Service-Oriented Architecture (SOA) Using Firebase™
摘要
Background: Authentication security in distributed systems, such as Service-Oriented Architecture (SOA), has always been a challenging problem. Protocols that rely solely upon passwords are becoming increasingly insufficient because they can be vulnerable to phishing attacks, credential stuffing, or brute-force login attempts. Methods: This research explores two of the most utilized implementations of Multi-Factor Authentication (MFA) in the Firebase™ Authentication services, which are SMS-based MFA and Time-based One-Time Password (TOTP) MFA. A prototype was developed and incorporated within a simulated SOA framework. Results: Although SMS-based MFA is easier to implement and a more convenient option for users, it is vulnerable to SIM-swapping and other interception attacks. The TOTP MFA standards generate a code on the user’s device without the need for sending and can offer a much better defence against phishing and man-in-the-middle (MITM) attacks. Security and performance were analysed from the perspective of simulated attack scenarios and system performance parameters. Conclusion: The results of this research show that the combination of TOTP MFA with Firebase™ Authentication into SOA systems provides an increased level of robustness for access control while having little hindering effect on the user experience. While SMS based MFA has the potential to establish security in low-security situations due to its ease of use, TOTP is better suited to systems that contain sensitive data. Future authentication frameworks that include MFA may want to explore adaptive MFA based on an assessment of risk and usability.