Potatofarmer

(MVP) User Interface of Autentida For SIgn In
(MVP) User Interface for Institution Endpoint. (Able to see SMS Timestamp, SMS Reference Code, Consumer Username)
(MVP) User Interface for Consumer User Endpoint. (Able to see SMS Timestamp, SMS Reference Code. To Cross-check with actual SMS received.)

What is your chosen theme and problem statement?

Chosen Theme – Safety

Problem Statement: How can we ensure the safety of our personal property (money/e-banking, data, personal belongings, assets, residences, community spaces etc.)?

Inspiration

In recent years, there is a sharp increase in the number of news articles pertaining to online scams and more notably, the OCBC Scam. In the Singapore Police Force’s Annual Crime Brief 2021, Banking related phishing scams is one of the top 6 scams of concern. Scammers have been constantly changing their tactics and making use of the COVID-19 situation to prey on the public’s increase in online activities, and also their heightened sense of vulnerability and uncertainty. There is a general lack of confidence and satisfaction towards current security protocols from the public towards the bank. As bank users ourselves, we have experiences on how difficult it can be to verify the authenticity of SMS texts from the bank. Therefore, we wanted to come out with a solution that can provide extra security to the bank users, and help banks to regain the trust of the users.

What does your hack do?

We’ve all heard of User Verification, but what about Institution Verification?

Currently, institutions such as banks will often send out Short Message Service (SMS) texts to their users for authentication. With our solution, we allow users to also authenticate the institutions. The target audiences that will benefit from our solution are both the institutions and their users. This is done with the inclusion of an unique reference code for each SMS sent out by the institutions. Autentida will show the user a record of SMSs sent by the institutions with only the timestamp and the unique reference code, and without the SMS content. With this information, users can verify whether the SMS is valid by cross-checking with the SMS received and proceed on to the next step.

How does your hack answer the problem statement?

As in the problem statement, personal properties – money, personal data, assets, are transacted online on a daily basis. As such, we as users of these online services are very vulnerable to phishing scams, despite multiple layers of authentications and OTP-verifications. Although many companies have put emphasis on information security and have strengthened Two-Factor Authentication (2FA) to counter phishing attacks, failures by reputable companies like OCBC have damaged user confidence tremendously.

As the problem asks how we, as individuals, can ensure the safety of our own personal property, it highlights the fact that this safety is our responsibility. This corresponds to our hack, Autentida, which requires users to do their own cross-checking on whether the SMS is valid. Hence, Autentida is the solution for individuals to ensure the safety of their own properties.

How did you build your hack?

90% motivation, 10% raw talent.

For our idea to work, we put ourselves as the middleman between institutions and consumer users. Autentida is built using the python-based web framework, Django, and JavaScript library, React for backend and frontend respectively. As a middleman, the app is built with two endpoints. First, the Autentida API will be sent to institutions for us to retrieve relevant data such as, SMS reference code and SMS timestamp. Next, the user interface (UI) is designed for individuals to select the interested institution and finally cross-check for the validity of the SMS.

(Note: Both GitHub Repo is posted under tryout link; first for frontend, second for backend.)

What are some difficulties you overcame?

Majority of the team members do not have much experience with frontend and backend development and we had to learn many things within the short time span of this Hackathon. Aside from the programming difficulties, our problem set grazes the concept of information security and it happens to be a relatively foreign field to us. That was the concept we had to research extensively on during the ideation period.

Having little experience and knowledge in making an authenticator project, we were eventually able to develop a functional solution that is able to achieve our intended outcome. As a team, we managed to learn various technical skills ranging from programming languages to learning more about bank operations. We also believe the problem set we chose will still be relevant in the future and our solution may have a lasting impact if it is successfully deployed.

What was your biggest learning point from LifeHack 2022?

LifeHack 2022 has been an adventure that's difficult to forget. First, we learned that planning is key to every group work. Before we began, we allocated the taskings to each team member so that we all headed in the same direction while covering different aspects of the project. This is crucial especially in a short 24 hour Hackathon where time is of the essence. Next, we are exposed to many frameworks and concepts for the first time while exploring options for the Hack. Eventually, we settled down on Django and React, which we researched extensively about. Third, while exploring our problem statement, we learnt more about the rising trend of bank-related scams. We found out that despite the enhanced security measures by the banks and government bodies, such scams are still very prevalent till today.

What's next for Autentida

Firstly, we hope to further expand this with as many participating institutions as possible, like government agencies, social media or e-commerce platforms. As such, Autentida will be like a security hub, a one-stop solution, for all institution verifications. Secondly, for user-friendliness, it will be convenient for users to permit auto-redirection to Autentida whenever institutions' SMS are sent. Thirdly, it will be a blessing to be incorporated with Singpass or SGsecure as it can boost user confidence on the application.

Last but not least, we would like to thank NUS Computing and NUS Computing Club, NCS, TikTok, Centre for Computing for Social Good and Philanthropy (CCSGP) and any other sponsors of LifeHack 2022 for giving us an immersive and broadening experience. We would definitely look forward to participating in future workshops or hackathons organised!