Proceedings of International Conference on Applied Innovation in IT  ·  2025/08/29  ·  Vol. 13  ·  Issue 4  ·  pp. 341–348
BFTM: Blockchain-Based MFA Framework for Secure Financial Transfers
Maha Alwan Alteef and Maytham Mustafa Hammood
This paper proposes a blockchain-based multi-factor authentication (BMFA) framework designed to enhance the security of financial operations in decentralized systems. Most authentication methods are still vulnerable to phishing, getting SIM cards switched, and stealing your credentials. By utilizing TOTP and a blockchain platform called Ganache with Ethereum support, wallet owners are allowed to confirm and perform transactions in a reliable, decentralized method. It adds main features for users, so they can declare, cancel, or reject transactions on their end, which makes the process more reliable and gives users the right to be involved. A Flask server off the blockchain manages the user signup and login, and generates TOTP codes for the Google Authenticator app, while Web3.js enables easy communication online with the network. A total of 50 MetaMask wallets were subjected to strict tests created to imitate phishing schemes and server breaches. The framework showed it is fully reliable, as it stopped every unauthorized transaction that occurred. Besides that, it completed a transaction in an average of 1.2 seconds and handled up to 25 transactions each second in controlled tests. The work suggests a powerful, unbreakable, and user-friendly setup for ensuring safety in digital asset transactions in networks not controlled by a single authority.
Blockchain Authentication Decentralized MFA TOTP Verification Secure Fund Transfers.
References
  1. M. Jakobsson, “Two-factor inauthentication—the rise in SMS phishing attacks,” Computer Fraud & Security, vol. 2018, no. 6, pp. 6–8, 2018.
  2. V. Papaspirou et al., “Security revisited: Honeytokens meet Google Authenticator,” in Proc. 7th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conf. (SEEDA-CECNSM), IEEE, 2022, pp. 1–8.
  3. D. Berdik, S. Otoum, N. Schmidt, D. Porter, and Y. Jararweh, “A survey on blockchain for information systems management and security,” Information Processing & Management, vol. 58, no. 1, p. 102397, 2021.
  4. R. A. Grimes, Hacking Multifactor Authentication. Hoboken, NJ, USA: John Wiley & Sons, 2020.
  5. K. Sultan, U. Ruhi, and R. Lakhani, “Conceptualizing blockchains: Characteristics and applications,” arXiv preprint arXiv:1806.03693, 2018.
  6. A. Göransson and E. Asklund, “BankID-based authentication for phone calls,” 2020.
  7. A. K. Jain, R. Bolle, and S. Pankanti, Biometrics: Personal Identification in Networked Society, vol. 479. New York, NY, USA: Springer, 2006.
  8. B. K. Chaurasia and S. Verma, “Infrastructure based authentication in VANETs,” International Journal of Multimedia and Ubiquitous Engineering, vol. 6, no. 2, 2011.
  9. S. A. Sagar Acharya, “Two factor authentication using smartphone generated one time password,” IOSR Journal of Computer Engineering, vol. 11, no. 2, pp. 85–90, 2013, doi: 10.9790/0661-1128590.
  10. K. Fan, N. Ge, Y. Gong, H. Li, R. Su, and Y. Yang, “An ultra-lightweight RFID authentication scheme for mobile commerce,” Peer-to-Peer Networking and Applications, vol. 10, no. 2, pp. 368–376, Mar. 2017, doi: 10.1007/s12083-016-0443-6.
  11. Neha and K. Chatterjee, “Authentication techniques for e-commerce applications: A review,” in Proc. Int. Conf. on Computing, Communication and Automation (ICCCA), Greater Noida, India: IEEE, Apr. 2016, pp. 693–698, doi: 10.1109/CCAA.2016.7813811.
  12. M. Pilkington, “Blockchain technology: Principles and applications,” in Research Handbook on Digital Transformations, F. X. Olleros and M. Zhegu, Eds. Cheltenham, U.K.: Edward Elgar Publishing, 2016, doi: 10.4337/9781784717766.00019.
  13. P. Forrest, “Electronics and Computer Science Faculty of Physical and Applied Sciences, University of Southampton,” 2012.
  14. A. Hughes, A. Park, J. Kietzmann, and C. Archer-Brown, “Beyond Bitcoin: What blockchain and distributed ledger technologies mean for firms,” Business Horizons, vol. 62, no. 3, pp. 273–281, 2019.
  15. D. Rodeck and B. Curry, “What is blockchain,” Forbes, 2022.
  16. H. F. Atlam and G. B. Wills, “Technical aspects of blockchain and IoT,” in Advances in Computers, vol. 115. Amsterdam, The Netherlands: Elsevier, 2019, pp. 1–39, doi: 10.1016/bs.adcom.2018.10.006.
  17. J. J. Sikorski, J. Haughton, and M. Kraft, “Blockchain technology in the chemical industry: Machine-to-machine electricity market,” Applied Energy, vol. 195, pp. 234–246, 2017.
  18. H. F. Atlam, A. Alenezi, M. O. Alassafi, and G. B. Wills, “Blockchain with Internet of Things: Benefits, challenges, and future directions,” International Journal of Intelligent Systems and Applications, vol. 10, no. 6, pp. 40–48, Jun. 2018, doi: 10.5815/ijisa.2018.06.05.
  19. K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016.
  20. X. Yue, H. Wang, D. Jin, M. Li, and W. Jiang, “Healthcare data gateways: Found healthcare intelligence on blockchain with novel privacy risk control,” Journal of Medical Systems, vol. 40, pp. 1–8, 2016.
  21. M. S. Ahmad, W. Mohyuddin, H. C. Choi, and K. W. Kim, “4 × 4 MIMO antenna design with folded ground plane for 2.4 GHz WLAN applications,” Microwave and Optical Technology Letters, vol. 60, no. 2, pp. 395–399, Feb. 2018, doi: 10.1002/mop.30969.
  22. G. Cheng, Y. Chen, S. Deng, H. Gao, and J. Yin, “A blockchain-based mutual authentication scheme for collaborative edge computing,” IEEE Transactions on Computational Social Systems, vol. 9, no. 1, pp. 146–158, 2021.
  23. S. Bamashmos, N. Chilamkurti, and A. S. Shahraki, “Two-layered multi-factor authentication using decentralized blockchain in an IoT environment,” Sensors, vol. 24, no. 11, p. 3575, 2024.
  24. M. S. Almadani, S. Alotaibi, H. Alsobhi, O. K. Hussain, and F. K. Hussain, “Blockchain-based multi-factor authentication: A systematic literature review,” Internet of Things, vol. 23, p. 100844, Oct. 2023, doi: 10.1016/j.iot.2023.100844.
  25. J. Asim et al., “Blockchain-based multifactor authentication for future 6G cellular networks: A systematic review,” Applied Sciences, vol. 12, no. 7, p. 3551, 2022.
  26. V. R. Kebande, F. M. Awaysheh, R. A. Ikuesan, S. A. Alawadi, and M. D. Alshehri, “A blockchain-based multi-factor authentication model for a cloud-enabled Internet of Vehicles,” Sensors, vol. 21, no. 18, p. 6018, Sep. 2021, doi: 10.3390/s21186018.
  27. Md. O. Ahmad et al., “BAuth-ZKP—A blockchain-based multi-factor authentication mechanism for securing smart cities,” Sensors, vol. 23, no. 5, p. 2757, Mar. 2023, doi: 10.3390/s23052757.
  28. I. Wanisha, J. B. James, J. S. Witeno, L. H. Mohammad Bakery, M. Samuel, and M. Faisal, “Multi-factor authentication using blockchain: Enhancing privacy, security and usability,” International Journal of Computer Technology and Science, vol. 1, no. 3, pp. 41–55, Jul. 2024, doi: 10.62951/ijcts.v1i3.24.
  29. Z. A.-A. M. Fneish, M. El-Hajj, and K. Samrouth, “Survey on IoT multi-factor authentication protocols: A systematic literature review,” in Proc. 11th Int. Symp. on Digital Forensics and Security (ISDFS), Chattanooga, TN, USA: IEEE, May 2023, pp. 1–7, doi: 10.1109/ISDFS58141.2023.10131870.
  30. T. Suleski, M. Ahmed, W. Yang, and E. Wang, “A review of multi-factor authentication in the Internet of Healthcare Things,” Digital Health, vol. 9, Jan. 2023, doi: 10.1177/20552076231177144.
  31. J. A. A. Cardoso, F. T. Ishizu, J. T. de Lima, and J. de Souza Pinto, “Blockchain based MFA solution: The use of hydro raindrop MFA for information security on WordPress websites,” Brazilian Journal of Operations & Production Management, vol. 16, no. 2, pp. 281–293, 2019.
  32. A. Eldow et al., “Information communication technology infrastructure in Sudanese governmental universities,” in Recent Advances in Intelligent Systems and Smart Applications, 2021, pp. 363–375.

Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0  ·  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

ICAIIT 2026
International Conference on Applied Innovation in IT
Navigation
Publisher
ISSN2199-8876
Location Anhalt University of Applied Sciences
Phone +49 (0) 3496 67 5611
Address Building 01, Room 425
Bernburger Str. 55
D-06366 Köthen, Germany
Open Access License

All works are licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0), unless otherwise noted.

Published by ICAIIT in cooperation with Anhalt University of Applied Sciences.

© 2026 ICAIIT — International Conference on Applied Innovations in IT. Anhalt University of Applied Sciences, Köthen, Germany.
Visitors: site traffic counter