• Address
  • Strijp TQ
  • Achtseweg Zuid 151C
  • 5651 GW Eindhoven
  • MindLabs
  • Locomotiefboulevard 103
  • 5041 SE Tilburg

Bunk Authenticator for Flowlined

Transformative Technology:

Cyber Security

Semester programme:

Cyber Security Professional

Project group members:

Julian Loontjens
Stijn van de Pol
Bram Platier
Karsten Stouthart
Ivar Ottenheym
Rick Peeters

Transformative Technology:

Cyber Security

Semester programme:

Cyber Security Professional

Project group members:

Julian Loontjens
Stijn van de Pol
Bram Platier
Karsten Stouthart
Ivar Ottenheym
Rick Peeters

Previous project Evaluation of Self Healing for Cyber Security (Containerized) Next projectRobot Swarm

Project description

An innovative IT company specializing in AI-driven SaaS solutions wanted to investigate whether its existing cloud-based authentication provider could be replaced by a self-developed authentication module. The goal was to design and develop a proof-of-concept that handles secure login, registration, and token-based authentication, deployable in a cloud environment and reusable across multiple applications.

Context

The project operates within the domain of cloud-based software development and cybersecurity. At the start of the project, authentication across multiple applications was fully managed by an external cloud service (Amazon Cognito on AWS). While reliable, this introduced vendor lock-in, limited customization, and reduced internal control over authentication logic and security mechanisms.

The project was executed within an AWS cloud environment. A structured research approach based on the DOT Framework was applied to investigate the best architectural and security choices. Research topics included JWT token signing and key management, MFA mechanisms, high availability design, and Python framework selection. The solution was designed in compliance with GDPR/AVG and ISO 27001 principles.

The project combines software development with security research, making it relevant to both the SaaS software domain and the broader cybersecurity and compliance landscape.

Results

Main deliverables:

The primary product is a working proof-of-concept authentication module built in Python (Django), running containerized on AWS (EC2 + RDS PostgreSQL). The module covers:

  • Secure user registration, login, logout, and token refresh
  • JWT signing with RS256 and a public JWKS endpoint
  • Password hashing with Argon2 and a secure password policy
  • Brute-force lockout protection (django-axes)
  • In-memory rate limiting
  • Refresh token blacklisting
  • Multi-tenancy support (tenants and user pools)
  • Password reset via e-mail
  • Audit logging and request correlation
  • AWS Secrets Manager integration for key management
  • A CI/CD pipeline (GitHub Actions) with automated test suite and deployment to AWS

Additionally, a research report answering six sub-questions was delivered, along with an advisory report documenting delivery status, outstanding backlog items, priority recommendations, code-base findings, and a four-phase production roadmap.

Back to
Innovations Insight
Curious to learn more about the InnovationLab? Get in touch!

Let's talk!