This document summarizes a new authentication mechanism for content management systems like Plone that uses one-time passwords (OTPs) sent via SMS to mobile phones. It aims to provide a simple and secure login option for non-technical authors that does not require a smartphone. The mechanism generates random 5-digit numbers as seeds to create unique 6-digit OTPs, encrypts them, and sends them as SMS. Upon login, Plone's authentication plugin decrypts and verifies the OTP to authenticate users and map them to roles without needing additional apps. This approach makes the system accessible to all with text-enabled mobile devices.
1. Simple and Secure OTP based
Authentication Mechanism for
Content Management Systems
– Plone as a case
Authors
Sameer Kumar Choudhary, Krishnapriya T
Centre for Development of Advanced Computing
CDAC, Hyderabad, India
2. Introduction
• An info-centric website requires to meet the internet
standard of usability, accessibility and flexibility of both
content and system.
• An alternate and easy way besides normal login
procedure for non-technical authors and content
contributors to access content management system , is
mobile number based login and via Plone
authentication service.
• This alternate approach keeps in regard the necessity
of maintaining the roles of different actors involved in
the full life cycle of content management system
separate and secure.
4. Related Research
• Two step verification using Google Authenticator App for
Plone 4 or above.
• It requires a user to have a smart phone installed with
Google Authenticator App.
5. • It requires Google Authenticator App to scan this QR
code(Quick Response code) and generates verification
code, which is used to log in to site.
• But a user with no smart phone, can not use it.
• This violates internet standard of usability and
accessibility.
• The present OTP application integration in Plone
makes it compatible to any text enabled mobile device
and makes access easy.
6. Concepts
OTP not a new concept first addressed in 1980.
OTP GENERATION & AUTHENTICATION METHODS:
Based on time
Synchronization
between server and
client.
Algorithm to
generate new
password based on
old password .
Algorithm to generate
new password based
on some challenge by
server.
7. Theoretical Background
• The approach we followed is very simple, a random
number of 5 digit number is generated , which is used
as seed to generate sample of unique numbers.
• This sample is used to return non repeating random
number of 6 digits, this length can be changed as
required depending on parameters of return
statement. This can be decoded back .
8. Comparison of MATRIX size and random number size:
• This random number is again encrypted using AES
encryption technique.
• Finally comes into picture the Plone Authentication
Plugin.
9. Random 5 digit
Number
(original number)
Logic to generate
non-repeating
random number
and obfuscate
Logic to Encrypt
SMS
sent
Encrypted
message
Key
Logic To
Decrypt
Key
Logic to
clarify
obfuscated
code
Random 5 digit
Number
(original
number)
10. Plone CMS based Web Portal Architecture
Optional Web Server (e.g, LDAP Server)
WEB APPLICATION
Affects Reliance
Plone Plug-in
(Content Management System)
Plone
(Content Management Framework)
CMF
(Web Application Server)
ZOPE
Python
(Programming Language)