Authentication & Access Control: A Corporate Security Guide

Authentication and Access Control System

Project 6: Implementation Presentation | Module 6

Prepared by: Aryan Kumar Singh Amity University Online Project by: TCS iON Course: IHC – PACS

Introduction & Project Objectives

Objective: To design a secure login system for a corporate application.

Understanding authentication concepts and implementing multiple verification methods.

Importance: Prevents unauthorized access and protects sensitive corporate data.

Ensures only valid users (Employees, Managers, Admins) access systems.

Corporate Application Overview

The project focuses on a corporate internal application used by various stakeholders containing sensitive business data.

User Types Defined: • Normal Users (Employees) • Managers • Administrators Each user tier has distinct access privileges tailored to their role.

Authentication Methods Implemented

Standard: Username and password authentication with strong policy enforcement.

MFA: Multi-Factor Authentication using One-Time Passwords (OTP).

OAuth 2.0: Integration for secure third-party login flows.

Biometric: Conceptual simulation of fingerprint/face recognition as an added layer.

Password Security & Protection

Security Measures: • Strong password policies applied (complexity requirements). • Password hashing implemented before database storage. • Mechanisms to protect against brute-force attacks. Benefits: • Prevents password theft via database leaks. • Reduces risks of credential-based attacks.

Multi-Factor Authentication (MFA)

MFA requires more than one authentication factor: 'Something you know' (Password) + 'Something you have' (Token/Device).

Implementation details: • Uses One-Time Passwords (OTP) via authenticator app. • OTP is mandatory after a successful password entry. This prevents unauthorized access even if the primary password is compromised.

OAuth 2.0 Integration

OAuth 2.0 is a secure authorization framework allowing users to login using trusted third-party providers without sharing credentials. In this project, OAuth reduces the need for users to create and manage new passwords, enhancing both security and user convenience.

Role-Based Access Control (RBAC)

Implementation: RBAC ensures users only access resources necessary for their role. • Employee: Basic data entry. • Manager: Report generation & team oversight. • Admin: System config & full data access.

Directory Services & User Management

The system utilizes a centralized user database to manage identities effectively. • Centralized Management: Roles and permissions are updated in one location, propagating instantly. • Directory Concept: Users are grouped logically based on roles, simplifying access control enforcement and auditing.

Biometric Authentication (Conceptual)

Biometrics utilize unique physical characteristics (fingerprint, facial recognition) for irrefutable identity verification. Project Scope: Studied via simulation as an additional security layer to complement passwords and tokens. It offers a high degree of identity assurance.

Security Benefits & Outcomes

Outcomes: • Stronger user authentication significantly lowers breach probability. • Reduced unauthorized access through layered security. • Improved identity verification and granular access control management.

Conclusion

Authentication and access control are critical for modern application security.

Multi-layer authentication (MFA) significantly reduces surface area for attacks.

Proper access control (RBAC) mitigates insider threats and limits exposure.

The project successfully demonstrates a practical, secure login implementation.

Personal Reflection

"This project struck a balance between theory and practice. While understanding OAuth and MFA integration was challenging, it clarified how modern applications secure identity. Overall, this assignment strengthened my grasp of Access Control and Identity Management, foundational pillars of Cybersecurity."