Sistema de validación mediante SMS integrado a un sistema web de control de ventas a crédito

Anthony JeanPaul Reyes Risco; Ronald David Villacorta Carranza; Joseph Luis Rodriguez Bermudez; Alberto Carlos Mendoza de los Santos

doi:10.37431/conectividad.v7i1.403

Authors

Anthony JeanPaul Reyes Risco Universidad Nacional de Trujillo https://orcid.org/0009-0003-9268-2001
Ronald David Villacorta Carranza National University of Trujillo https://orcid.org/0009-0000-9066-4529
Joseph Luis Rodriguez Bermudez National University of Trujillo https://orcid.org/0009-0004-2616-1803
Alberto Carlos Mendoza de los Santos National University of Trujillo https://orcid.org/0000-0002-0469-915X

DOI:

https://doi.org/10.37431/conectividad.v7i1.403

Keywords:

Access validation, SMS, OTP authentication, Information security, Micro-enterprises

Abstract

This study presents the implementation and evaluation of an SMS-based access validation mechanism in a web-based credit sales management system for commercial microenterprises. The main objective was to strengthen security in the authentication processes, ensuring that only legitimate users can access their accounts. The methodology employed was a pre-experimental approach, using a pre-test and post-test design with a single group. The system was developed using a client-server architecture with Spring Boot, Angular, and MySQL technologies, integrating an SMS verification code delivery service (OTP). The results showed a 100% successful validation rate for legitimate access and a 100% effective blocking of impersonation attempts; with an average validation time of 4.8 seconds. These findings confirm that SMS-based authentication constitutes a practical, secure, and low-cost solution for microenterprises, strengthening cybersecurity and user confidence in digital credit management.

References

400 Bad Request. (4 de Julio de 2025). MDN Web Docs. 400 Bad Request: https://developer.mozilla.org/es/docs/Web/HTTP/Reference/Status/400

Bartłomiejczyk, M., y El Fray, I. (Julio de 2024). Analysis of attacks on SMS OTP-based authentication process. PACIS 2024 Proceedings. https://aisel.aisnet.org/pacis2024/track07_secprivacy/track07_secprivacy/1/

Binti Sofian, A., Binti Peradus, A., Yong, F., Shearer, I., Binti Ismail, N., Mahendran, Y., y Faisal, M. (2024). Enhancing Authentication Security: Analyzing Time-Based One-Time Password Systems. International Journal of Computer Technology and Science, 1(3), 56-70. https://doi.org/https://doi.org/10.62951/ijcts.v1i3.25 DOI: https://doi.org/10.62951/ijcts.v1i3.25

Klivan, S., Höltervennhof, S., Huaman, N., Krause, A., Simko, L., Acar, Y., y Fahl, S. (2023). “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. CCS ‘23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. https://doi.org/https://doi.org/10.1145/3576915.3623180 DOI: https://doi.org/10.1145/3576915.3623180

Lei, Z., Nan, Y., Fratantonio, Y., y Bianchi, A. (2021). On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices. Network and Distributed Systems Security (NDSS) Symposium 2021, 21-25 February 2021, Virtual. https://doi.org/https://dx.doi.org/10.14722/ndss.2021.24212 DOI: https://doi.org/10.14722/ndss.2021.24212

Ma, S., Li, J., Kim, H., Bertino, B., Nepal, S., Ostry, D., y Sun, C. (2021). Fine with “1234”? An Analysis of SMS One-Time Password Randomness in Android Apps. Proceedings of ICSE 2021, 1. https://doi.org/https://doi.org/10.48550/arXiv.2103.05758 DOI: https://doi.org/10.1109/ICSE43902.2021.00148

Meyer, L. A., Romero, S., Bertoli, G., Burt, T., Weinert, A., y Lavista Ferres, J. (1 de Mayo de 2023). How effective is multifactor authentication at deterring cyberattacks? arXiv. https://doi.org/https://doi.org/10.48550/arXiv.2305.00945

National Institute of Standards and Technology. (2020). Digital Identity Guidelines: Authentication and lifecycle management (NIST SP 800-63B). NIST. https://pages.nist.gov/800-63-3/sp800-63b.html

National Institute of Standards and Technology. (Junio de 2017). Digital identity guidelines: Authentication and lifecycle management (SP 800-63B). https://doi.org/https://doi.org/10.6028/NIST.SP.800-63B-4 DOI: https://doi.org/10.6028/NIST.SP.800-63B-4

Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T., y Koucheryavy , Y. (2018). Multi-Factor Authentication: A Survey. Cryptography, 2(1), 1. https://doi.org/https://doi.org/10.3390/cryptography2010001 DOI: https://doi.org/10.3390/cryptography2010001

OWASP Foundation. (2022). Authentication Cheat Sheet. OWASP Foundation Web site: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

Rivas Oloya, M. C. (26 de Abril de 2023). Marco teórico y conceptual del financiamiento de las micro y pequeñas empresas del sector comercio del Perú, 2017. [Tesis de grado, Universidad Católica los Ángeles Chimbote]. https://repositorio.uladech.edu.pe/handle/20.500.13032/33247

Suleski, T., Ahmed, M., Yang, W., y Wang, E. (22 de Mayo de 2023). A review of multi-factor authentication in the Internet of Healthcare Things. Digital health, 9(20552076231177144). https://doi.org/https://doi.org/10.1177/20552076231177144 DOI: https://doi.org/10.1177/20552076231177144

Timko, D., Hernandez Castillo, D., y Rahman, M. (12 de Noviembre de 2023). A Quantitative Study of SMS Phishing Detection. Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec ‘23). https://doi.org/https://doi.org/10.48550/arXiv.2311.06911

Twilio. (2023). Five Reasons To Use The WhatsApp Business API - Messaging. Twilio: https://www.twilio.com/en-us/resource-center/five-reasons-to-use-whatsapp-business-api