THE DEVELOPMENT OF THE METHOD OF MULTIFACTOR AUTHENTICATION BASED ON HYBRID CRYPTO-CODE CONSTRUCTIONS ON DEFECTIVE CODES

The development of information education networks (IEN) is closely connected with the task of ensuring the security of the network facing IT. The solution is formed of many components, one of them is secure authentication. OTP technologies (Technology of One-Time Passwords) will reduce the risks faced by IT specialists of IEN when using long-term passwords. The further development of corporate educational systems based on the informatization of services and the use of remote access to network resources puts forward new requirements for ensuring security (integrity, confidentiality, accessibility and authenticity) when receiving educational services. To ensure authenticity, IEN (CES) commonly uses an electronic digital signature, based on multi-factor or enhanced authentication. It is based on the joint use of several factors of authentication (knowledge, means or objects of storage of one of the information components of a legitimate authentication procedure). This approach significantly increases the security of information usage, at least on the part of users connecting to information systems over secure and unprotected communication channels. Among methods of multi-factor authentication, a method based on SMS authentication has become widely used. However, its use carries significant security risks and it is needed to use other, more secure methods, such as Time-based One-Time Password Algorithm (TOTP) with additional cryptographic protection.


Introduction
The development of information education networks (IEN) is closely connected with the task of ensuring the security of the network facing IT.The solution is formed of many components, one of them is secure authentication.OTP technologies (Technology of One-Time Passwords) will reduce the risks faced by IT specialists of IEN when using long-term passwords.
The further development of corporate educational systems based on the informatization of services and the use of remote access to network resources puts forward new requirements for ensuring security (integrity, confidentiality, accessibility and authenticity) when receiving educational services.To ensure authenticity, IEN (CES) commonly uses an electronic digital signature, based on multi-factor or enhanced authentication.It is based on the joint use of several factors of authentication (knowledge, means or objects of storage of one of the information components of a legitimate authentication procedure).This approach significantly increases the security of information usage, at least on the part of users connecting to information systems over secure and unprotected communication channels.Among methods of multi-factor authentication, a method based on SMS authentication has become widely used.However, its use carries significant security risks and it is needed to use other, more secure methods, such as Time-based One-Time Password Algorithm (TOTP) with additional cryptographic protection.

Literature review and problem statement
Modern universities, as objects of informatization, have a number of features: a diversified nature of activities, the presence of spatial infrastructure (branches, representative offices), the diversity of forms and methods of teaching.Adaptation to the constantly changing conditions of the educational market, electronic interaction with legal organizations, periodic change in the status of teachers and students lead to the need to consider corporate educational systems (CES) as management systems with critical cybernetic infrastructure [1,2].
Information (corporate) education systems are increasingly using the global Internet (GI) and its main portal -
A special place among the mechanisms of EA is occupied by two-factor authentication methods based on various smart cards, USB keys, OTP passwords [9,10,[12][13][14].Multi-factor authentication methods have become widespread among hi-tech organizations, financial and insurance sectors of the market, large banking institutions, and public sector enterprises.The trends of consumerization in IEN lead to the fact that users need to use different types of devices to access resources of the corporate educational network -a fixed or mobile computer, tablet or smartphone is used [9,10].One-time password technology (OTP) can help implement a strong two-factor authentication and will not require significant implementation and support costs [9].OTP is virtually invulnerable to attacking network packet analysis and additionally requires the user to enter a PIN, which is an additional factor of authentication [9].Thus, two-factor authentication of the user in the system is formed on the basis of owning something (Authentication by Ownership) or on the basis of knowledge of something (Authentication by Knowledge) [9].
The downside of using OTP passwords is that an attacker can "intercept" the text (SMS) with one part of the token.Attackers can compromise two-factor authentication based on social engineering methods (message forwarding through the provider) [3,4] by means of the International Mobile Subscriber Identity (IMSI), using communication protocol weaknesses [15,16].
For this reason, the National Institute of Standards and Technology (NIST) in [6] is going to prohibit the use of two-factor authentication codes based on OTP passwords for services that connect to public IT systems.Thus, there is a contradiction between the use of OTP passwords in the protocols of two-factor authentication and provision of security in the transfer of its individual factors.

The aim and objectives of the study
The aim is to develop an improved method of strict two-factor authentication with OTP password based on hybrid crypto-code systems on flawed codes that allows the further use of 2 FA based on SMS, and to construct mathematical models and practical algorithms for imple-menting McEliece and Niederreiter modified asymmetric crypto-code systems on flawed codes.
To achieve the aim, let us consider the following objectives: -to analyze the main methods of forming OTP passwords, the main threats to use; -to describe the mathematical models of hybrid crypto-code systems on flawed codes, based on McEliece and Niederreiter modified asymmetric crypto-code systems (MACCS) on elliptic codes; -to develop practical algorithms for data encryption and decryption in Niederreiter-McEliece hybrid crypto-code systems on flawed codes (HCCSFC).

Analysis of the main methods of construction of OTP passwords
Authentication based on electronic (digital) authentication establishes that the subject is actually, what he calls himself.Digital authentication is the process of determining the authenticity of one or more authenticators used to obtain a digital identity.Authentication establishes that a subject attempting to access a digital service monitors the technologies used for authentication.For services that use return visits, successful authentication provides reasonable risk-based guarantees that the entity accessing the service today is the same as the one who previously accessed the service [6,9,10].
Two-factor authentication or 2FA is a method of identifying a user in a service where two different types of authentication data are used.The introduction of an additional level of security provides more effective protection of your account from unauthorized access.Using this type of 2FA, the user enters a personal password on the first level of authentication.The next step is to enter the One-time Password Algorithm (OTP), usually sent via SMS to the mobile device.OTP will be available only to those who, as expected in theory, have entered an inaccessible password [13,14].The following Authenticator Assurance Levels (AALs) are [6], presented in Fig. 1.
The analysis of requirements [6,[17][18][19][20][21] to the methods of forming OTP passwords showed that: -memorable secret authenticator -commonly called a password or, if numeric, PIN is a secret value intended for selection and memorization by the user, it must consist of 8 characters, be difficult enough to memorize and kept secret.For the formation of a secret authenticator, it is proposed to use the algorithms for generating MAC codes: HMAC -secret authenticators Look-Up -is a physical or electronic record that stores a set of secrets shared between the applicant and the CSP (Center for Security Policy).To create a list of secrets, a standardized random bit generator [SP 800-90Ar1] is used [21]; -out-of-band authenticator -a physical device that is uniquely addressed and can safely communicate with the verifier through a separate communication channel, called a secondary channel.The device is owned and controlled by the applicant and supports private communication on this secondary channel, separately from the primary channel for electronic authentication.For the formation of the secondary channel, public switched networks (4G LTE) can be used.The authenticator is transmitted in encrypted form [8]; -single-factor OTP device generates an OTP.This category includes hardware devices and OTP software generators installed on mobile gadgets.These devices have a builtin secret that is used as a key for generating OTP and does not require activation through a second factor.Symmetric and asymmetric cryptoalgorithms are used to generate the key.OTP is displayed on the device and entered manually for transfer to the verifier, thereby proving the ownership and management of the device; -multi-factor device OTP generates an OTP for use in authentication after activation with an additional authenticator.The device uses hardware devices and OTP software generators based on symmetric cryptoalgorithms, or hashing functions, installed on mobile gadgets.The second authentication factor can be achieved with the help of some built-in input pad, an integrated biometric reader (for example, a fingerprint) or a direct computer interface (for example, a USB port).OTP is displayed on the device and entered manually for transmission to the verifier; -single-factor cryptographic software authenticator is a cryptographic key stored on a disk or some other "soft" medium.Single-factor cryptographic software authenticators encapsulate a private key that is unique to the authenticator.Authentication is carried out by checking the ownership and control of the key; -single-factor cryptographic device is a hardware device that performs cryptographic operations using a secure cryptographic key and provides an authenticator output through a direct connection to the user endpoint.The device uses built-in symmetric or asymmetric cryptographic keys and does not require activation through a second authentication factor.Authentication is performed by checking the ownership of the device using the authentication protocol; -multi-factor cryptographic software authenticator -a cryptographic key stored on a disk or some other "soft" medium that requires activation through a second authentication factor.Authentication is carried out by checking the ownership and control of the key; -multi-factor cryptographic device -a hardware device that performs cryptographic operations using one or more secure cryptographic keys and requires activation through the second authentication content.Authentication is performed by checking the ownership of the device and control of the key.The authenticator output is provided by direct connection to the user endpoint and strongly depends on the particular cryptographic device and protocol.Multi-factor authenticators of cryptographic devices use equipment protected from unauthorized access to encapsulate a private key.

AUTHENTICATOR ASSURANCE LEVELS
AAL1 provides some confidence that the applicant controls the authenticator associated with the subscriber account.AAL1 is provided by single-factor or multifactor authentication procedures using a wide range of available authentication technologies.

Authentication level 2 (AAL2)
AAL2 provides a high confidence that the applicant controls the authenticator (s) tied to the subscriber account.Proof of ownership and control of two different authentication factors is required by secure authentication protocol (s).Thus, to ensure strict authentication in the IEN, it is proposed to use integrated mechanisms for providing two-factor authentication based on multi-channel cryptography on persistent cryptoalgorithms that ensure the security of the OTP passwords used.

Authentication
Biometric methods form a probabilistic verification approach and do not provide key privacy (fingerprint, diaphragm, facial characteristics).Therefore, they can be used as an additional factor of multi-factor authentication with the help of a physical authenticator based on a secure channel between the sensor and the verifier.
Method based on Passwindows allows generating OTP passwords without using cryptographic procedures based on the bar code of the seven-segment element.However, the studies of this method and the proposed monitoring algorithm [12] allow hacking the Passwindows system in 3-5 sessions by forming a bar code of the u card of the user of banking services.Fig. 2 shows the main threats to authenticators, which can be classified according to the types of authentication factors based on attacks [6].
The conducted threat analysis based on the synergistic approach to threat assessment [14] showed that attackers today use an integrated approach to obtaining personal data and authenticators of users of IES service providers.As a rule, hacking methods are based on combining social engineering techniques with traditional methods of masquerading and infiltration.
In addition, new types of cyber attacks are used to effectively integrate malicious software into mobile communications, which in turn leads to a decrease in the profitability of multi-factor authentication methods based on SMS messages and OTP passwords in IEN.
Thus, it becomes necessary to use additional means to ensure the confidentiality of the transfer of authenticators in open switched mobile systems/4G LTE.Theft: -The hardware cryptographic device is stolen; -OTP device is stolen; -Authenticator is stolen; -the cell phone is stolen

Duplication:
-passwords written on paper are revealed; -Copying passwords stored in the file; -PKI-authentificator software (private key) has been copied; -the requested secret authenticator has been copied; -counterfeit biometric authenticator is made

THREATS OF THE AUTHENTICATOR
Eavesdropping: -watching the keyboard; -interception of the password while recording from the keyboard; -PIN code is fixed from the device PIN-input; -the hash-code is received on the basis of the attack "pass-the-hash attack"; -interception of secret when transmitting via Wi-Fi Offline Cracking: The PKI software authenticator undergoes a dictionary attack, to determine the password for decrypting the private key Side Channel Attack: -the key is extracted by differential analysis on the hardware cryptographic authenticator; -the secret of the cryptographic authenticator is extracted by analyzing the response time of the authenticator for several attempts Phishing or Pharming: -disclosure of the password when subscribing to a false website; -disclosure of the password when replying to the email request from the phisher; -disclosed by the subscriber on the website of the fake verifier, available through spoofing DNS Social Engineering: -disclosure of the password to the "employer"; -disclosure of the password to the "system administrator"; -receiving SMS from the provider by persuading Online Guessing: Attacks online dictionary used to guess the learned secrets.

Endpoint Compromise:
-A cryptoauthenticator connected to the endpoint is used to authenticate remote attackers; -Authentication is performed on behalf of the attacker, not the subscriber; -Malware at the end point reads out-of-band secret sent via SMS; -authentication of proxy servers of malicious code or export of authentication keys from the endpoint

TYPE OF IDENTIFIER
Unauthorized Binding: An attacker intercepts an authenticator or a collateral key for a route to a subscriber Fig. 2. Classification of threats by the type of the classifier

Development of a multi-factor authentication protocol based on hybrid crypto-code systems on flawed codes
The analysis of attacks on authenticators of multi-factor authentication schemes using OTP passwords allows us to formulate the basic requirements for such protocols: -increasing the number of multi-factor authentication factors; -increasing the length of secrets, the use of persistent standardized cryptoalgorithms; -the use of encryption procedures for transmission over open GI channels, mobile open networks; -increasing the requirements for the level of security in the system and network devices of GI and mobile networks; -raising the level of information and cyber literacy of users.
To ensure the requirements, the authors propose to use the crypto-code systems considered in [13,14,22].In [1], practical algorithms for constructing hybrid crypto-code systems on flawed codes are considered that allow improving the multi-factor authentication scheme in order to increase the level of cryptographic strength and authenticity of the authenticator generated.
To do this, the bank card (BC) must store the following data elements [13,14] The terminal supporting the multi-factor authentication scheme must store the public keys of all certification authorities and associated information relating to each of the keys.
The terminal must also be able to select the appropriate keys based on the index (1) and some special identification information.
To support multi-factor authentication, the user's bank card (BC) must have its own key pair (public and private authenticator keys).The public key of the BC is stored on the BC in the public key certificate.Each public key of the BC is certified by the issuer, and the trusted certification authority certifies the public key of the issuer.This means that to verify the card's authenticator, the terminal first needs to check the two certificates in order to recover and authenticate the public key of the BC, which is then used to verify the authenticator of the BC.
The proposed authentication process consists of five steps: 1) Restoration of the certification authority public key by the terminal.The terminal reads the index (1), identifies and retrieves the certification authority public key modulus, the disguise matrix (X, P, D); equation of a curve for an algebraic geometric code (AGC), and associated information stored in it, selects appropriate algorithms.
2) Obtaining the initialization vector (secret "places" in the error vector -shortening bits) from the issuer bank.Formation of the OTP code (error vector based on the Niederreiter modified crypto-code system (MCCS)).
3) Formation of the authenticator based on the use of McEliece MCCS.Obtaining the codeword (authenticator) based on the use of the crypto-code system by adding the obtained codeword with the session key.
4) Formation of the flawed text of the authenticator and the damage [23,24].5) Authentication.Finding the multiplicity of the error vector and comparing it with the obtained one.The structure of the proposed method of two-factor authentication based on the HCCSFC is shown in Fig. 3. Thus, the use of hybrid crypto-code systems on flawed codes allows increasing the number of authenticator tokens, using two asymmetric crypto-code systems, two/four channels of transmission of the flawed text of the authenticator and the damage.
Scalability of the software module by changing the parameters of the Niederreiter and/or McEliece MCCS, depending on the requirements for the IES communication channels, provides its software implementation in mobile gadgets and compatibility with the protocols used for data transmission in the Internet and mobile networks.

Mathematical models of McEliece and Niederreiter MCCS on flawed codes, practical implementation algorithms
Let us consider a formal description of the McEliece modified crypto-code system on flawed codes used in the two-factor authentication protocol.
To construct a mathematical model, we use the basic provisions in [25] for a formal mathematical definition of a secret system.In [22], a formal description of the mathematical model of McEliece MACCS on modified elliptic codes was considered; in [1], a universal mechanism of damage and methods of transmission in systems on flawed codes were considered.
The mathematical model of McEliece MACCS on the basis of shortening (reduction of information symbols) is formally defined by the following elements [22]: -a set of plaintexts -a set of ciphertexts (codegrams) ( , ,..., , ), -a set of direct mappings (based on public key usagegenerating matrix) is the generating n k × matrix disguised as a random code of the algebraic geometric block ( , , ) n k d code with elements from ( ), GF q i. е.

:
; is a set of the polynomial curve coefficients a 1 …a 6 , "a i Î ÎGF(q), uniquely defining a specific set of points on the curve from the space Р 2 ; -a set of keys, parameterizing inverse mappings (private key of the authorized user)

X P D =
where i X is the disguise nondegenerate randomly equiprobably formed by a source of keys k k × matrix with elements from ( ); GF q i P -permutation randomly equiprobably formed by a source of keys n n × matrix with elements from ( ); GF q i D -diagonal formed by a source of keys n n × matrix with elements from ( ) GF q , i. е.The initial data in the description of the considered asymmetric crypto-code information protection system are: -algebraic geometric block (n, k, d) code С H = where Н is the parity check matrix of the algebraic geometric block code; -a i -a set of the curve polynomial coefficients a 1 …a 6 , "a i ÎGF(q), uniquely defining a specific set of the curve points from the space Р 2 to form the generating matrix; -h j -information symbols, equal to zero, |h|=1/2k, i. е.I i =0, "I i Îh; -disguising matrix mappings, given by a set of matrices i {X, P, D} , where Х is the nondegenerate k k × matrix over GF(q), Р is the permutation n n × matrix over GF(q) with one non-zero element in each row and each column of the matrix, D is the diagonal n n × matrix over GF(q) with non-zero elements on the main diagonal.
where EC G is the generating n k × matrix of the algebraic geometric block ( , , ) n k d code with elements from ( ), GF q built on the basis of the user-selected curve polynomial coefficients a 1 …a 6 , "a i ÎGF(q), uniquely defining a specific set of points on the curve from the space Р 2 .
The formation of the ciphertext where the Hamming weight (number of nonzero elements) of the vector does not exceed the correcting ability of the algebraic block code used: ( ) For each formed ciphertext , F disguise, the number and location of zero information symbols can use a fast algebraic geometric code decoding algorithm (with polynomial complexity) to recover the plaintext [8]: ,{X,P,D} .
decodes the received vector by the Berlekamp-Massey algorithm [15]: , е. gets rid of the second term and the multiplier ( ) ECT G in the first term on the right side of the equation, and then removes the effect of the disguise matrix .u X For this, the result of decoding ( ) ⋅ should be multiplied by ( ) The resulting solution is the plaintext .
i M For the practical implementation of the HCCSFC, Fig. 4, 5 present the algorithms for specifying the basic characteristics of algebraic geometric codes on elliptic curves.Where: requiredProbability is the given probability of the block distortion; n is the total number of characters in the code (code length); k is the number of information symbols; d is the minimum distance of the Hamming code combinations; g is the genus of the curve; degF is the degree of the generator function; degCurve is the degree of the curve, probability is the probability of distortion of one symbol; n is the total number of characters in the code (code length); ecc is the number of errors corrected by the code.Step 1.We fix a finite field GF(q).We fix an elliptic curve y 2 z+a 1 xyz+a 3 yz 2 =x 3 +a 2 x 2 z+a 4 xz+a 6 z 3 and a set of its points EC(GF(q)):(Р 1 , Р 2 ,…, Р N ) over GF(q).We fix a subset of points h(GF(q)): (Р x1 , Р x2 , …,Р xx ), hÍEC(GF(q)), |h|=x and keep it secret.
Step 2. We form the initialization vector IV=EC-h j , h jinformation symbols equal to zero, |h|= 1 , 2 k i. е.I i =0, «I i Îh; Step 3. By entering the information vector I, we form the codeword с.If (n, k, d) code over GF(q) is given by its generating matrix, then с=I×G.
Step 4. We form the random error vector e so that w(e)£t, ( 1) / 2 .
 We add the formed vector to the codeword, obtain the codeword: с*=с+e.
Step 5. We form the codegram by removing (shortening) the initialization vector symbols: Step 6.We form the flawed text (the remainder) and the flag (damage) requiredProbability -the given probability of the block distortion, n is the total number of characters in the code (code length), k is the number of information symbols, d is the minimum distance of the Hamming code combinations, g is the genus of the curve, degF is the degree of the generator function, degCurve is the degree of the curve.

Step 1. Setting the code parameters
Х, P, D, G EC , IV  Step 2: Setting the code parameters, enter the private key and the codegram Х -non-degenerate k×k matrix over GF(q), Р -permutation n×n matrix over GF(q), D -diagonal n×n matrix over GF(q), Н EC -testing r×n matrix of elliptic code over GF(q),a i -set of coefficients of the polynomial curve a 1 … a 6 , IV -initialization vector, IV= |h| =½ k -elements of reduction

Stage 1. The formation of a meaningful code
n is the total number of characters in the code (code length), d is the minimum distance of the Hamming code combinations, f (x) is the flag, C (x) is the remainder Formation of information vector ( ) Removing the diagonal and permutation matrices ( ) ( ) Adding nulls of the initialization vector The decoding of a vector using the Berlekamp-Massey algorithm.Step 1. Obtaining a meaningful text of the codegram based on the MV2 algorithm: Step 2. Entering the codegram to be decoded.Entering the private key -the generator and/or parity check matrix of the elliptic code.
Step 3. The codegram is the codeword with errors in the elliptic code.The weight of the error vector w(e)£t.We decode the codegram -we find the error vector.
Step 4. We form the required information vector.
Let us consider a formal description of the mathematical model of Niederreiter hybrid MCCS, which is specified by the following elements: -a set of plaintexts -{ } is the parity check r×n matrix of the algebraic geometric block ( , , ) n k d code with elements from ( ), GF q that is, * : , is the set of coefficients of the polynomial curve a 1 …a 6 , "a i ÎGF(q), uniquely defining a specific set of points of a curve from the space Р 2 .
-a set of keys that parameterize inverse mappings (private key of an authorized user): × matrix with elements from ( ); GF q i P is the permutation randomly generated by the source of keys n n × matrix with elements from ( ); GF q i D is the diagonal formed by the source of keys n n × matrix with elements from ( ) GF q , i. e. -a set of flawed texts СFТ, -a set of direct damage (based on the use of the key -K i МV2 , and algorithm MV2)

K
and algorithm MV2).The initial data for describing the considered asymmetric crypto-code system of information protection are: -non-binary equilibrium code over GF (q), that is, the set of sequences of length n and weight ( ); i w e -algebraic geometric block (n, k, d) code С over GF(q), i. e. the set of codewords i С С Î such that the equality 0, T i С H = where Н is the parity check matrix of the algebraic geometric block code; -IV -initialization vector, IV=|h|=½ h v -elements of reduction (h e v -error vector symbols equal to zero, |h|=1/2e, i. e. e i =0, "e i Îh); -disguise matrix mappings given by a set of matrices i {X,P,D} , where Х is the non-degenerate k k × matrix over GF(q), Р is the permutation n n × matrix over GF(q) with one non-zero element in each row and in each column of the matrix, D is the diagonal n n × matrix over GF(q) with non-zero elements on the main diagonal; -r -some parameter the Hamming weight (the number of non-zero elements) of the vector does not exceed the correcting ability of the algebraic block ( , , ) n k d code: ( ) The cardinality of the sets М and C is determined by the admissible spectrum of the weights ( ), i w M that is, in the general case (for all admissible values ( ) i w M ) we have: It is the most appropriate to select the value ( ) i w M according to the required data transfer security value.
i M = Let's form the initialization vector IV=EC-h j , h j -information symbols equal to zero, |h|= 1 , 2 k that is, I i =0, "I i Îh.

Formation of the shortened error vector e x =e(A)-IV.
The public key is formed by multiplying the parity check matrix of the algebraic geometric code by the disguise matrices , where EC H is the parity check ( ) n n k × − matrix of the algebraic geometric block ( , , ) n k d code with elements from ( ).

GF q
The MV2 algorithm receives a syndrome sequence that is, unmasks the code sequence * .i X с After substitution, we obtain the equality: An authorized user who generated the vector * , с has the ability to apply a fast (polynomial complexity) algorithm for error-correction decoding and thus form the vector ( ) ( ) and the vector .
To restore the information equilibrium sequence i M it is enough to multiply the vector .
Formation of the sought error vector е: To construct the Niederreiter HCCS, we use the main algorithms of encryption/decryption of the system, considered in [14].Fig. 9, 10 show a block diagram of the Niederreiter MCCS, the main difference from the known construction methods is the use of the shortening mechanism for the symbols of the error vector obtained in the algorithm of equilibrium coding.The system on flawed codes can reduce the power of the alphabet, which reduces the power of GF(q) used and the computing power capacity of the system as a whole.
An analysis of the practical implementation of encryption/decryption algorithms in the Niederreiter HCCSFC shows that after the error vector is formed on the basis of the initialization vector, its shortening is performed -h v (error vector symbols equal to zero), |h|=1/2е, i. е. е i =0, "е i Îh.The initialization vector is formed by the PRSG in accordance with [21] in the trusted center and transmitted through closed channels to technical information protection systems (TIPS) to the issuer and acquirer banks.For transmission to the GI, the initialization vector is transformed by the MV2 algorithm into binary sequences of flawed text (CFT) and damage (СHD), each of which is transmitted through an independent open channel.
Generating a random order of alphabet characters from 0 to (2 n ) -1 Start Fig. 10.Schematic block diagram of the Niederreiter hybrid crypto-code system on flawed codes where n -the total number of characters in the code (code length); w is the weight of the codeword with elements from the set {0,1...g-1}; q is the power of the Galois field; A is an equilibrium non-binary sequence, A < M; M -the power of a non-binary equilibrium code is determined by the number of vectors of length n and weight of w.

Formation of the number A and its binary representation
Formation of non-binary equilibrium sequence The partition of the non-binary equilibrium vector into the positional and binomial vectors Calculation of Аp from the position vector Calculation of Аb from the binomial vector ( ) ( ) When decrypting the cryptogram (after receiving the error vector, before using the equilibrium coding algorithm), "zero" shortening symbols are introduced to obtain the information.The encryption and decryption algorithms are shown in Fig. 11, 12 (encryption), Fig. 13, 14 (decryption).
Algorithm for the formation of a cryptogram in the Niederreiter MCCS can be represented as a sequence of the following steps: Step 1. Entering information to be encoded.Entering the public key .
EC X H Step 2. Formation of the error vector e, whose weight does not exceed £t -the corrective power of the elliptic code based on the non-binary equilibrium coding algorithm [13,14].
Step 3. Formation of the shortened error vector: e x = =e(A)-IV. Step Formation of a shortened error vector e x =e(A) -IV ( )

S e h H
1 Х -non-degenerate k×k matrix over GF(q), Р -permutation n×n matrix over GF(q), D -diagonal n×n matrix over GF(q), Н EC -parity check r×n matrix of the elliptic code over GF(q), a i -a set of coefficients of the polynomial curve a 1 … a 6 , IV -initialization vector, IV= |h| =½ h е -elements of reduction Fig. 11.Algorithm for the formation of a cryptogram in the Niederreiter hybrid crypto-code system on flawed codes Algorithm for decoding the codegram in the Niederreiter MCCS can be represented as a sequence of the following steps: Step 1. Obtaining a meaningful text of the codegram based on the MV2 algorithm: Step 2. Entering the code S X to be decoded.Entering the private key -matrices X, P, D.
Step 3. Finding one of the possible solutions of the equation:
Step 8. Transformation of the vector e based on the use of non-binary equilibrium code in the information sequence.
Generating a random order of alphabet characters from 0 to (2 n ) -1 Getting CFT,CHD Step Thus, a new approach to using the method of two-factor authentication based on OTP passwords, allowing its further application is proposed.

Discussion of the results of using the multi-factor authentication method
The proposed advanced method of strict two-factor authentication with OTP passwords based on McEliece and Niederreiter crypto-code systems allows eliminating the main disadvantage of the protocol 2FA -the transfer of individual authentication tokens via open mobile communication channels.For this purpose, crypto-code systems on flawed codes providing the required safety indices on the basis of encryption using the Niederreiter/McEliece asymmetric crypto-code system, the rate of crypto-transformations at the level of block cryptographic algorithms and the provision of data transmission with direct error correction have been proposed.This approach can be implemented in modern mobile and desktop applications using the protocols of GI and/or mobile networks.
A schematic block diagram of practical implementation of the proposed HCCS on flawed codes is shown in Fig. 15.

Assessment of the cryptographic strength of the proposed HCCS on flawed codes
To assess the cryptographic strength, we use the entropy method proposed in [1].
The proposed hybrid cryptosystem is comparable in stability with the second method of damage -damage to the ciphertext considered in [23,24].In this case, we have a set of flawed ciphertexts and damages, all individually not corresponding to the original meaningful text.With a complete set of flawed ciphertexts and all damages, the unicity distance increases due to additional keys of damage to the ciphertext.Thus, additional encryption provides an increased unicity distance:   Step 4. Calculating the information vector 1 Х -non-degenerate k×k matrix over GF(q), Р -permutation n×n matrix over GF(q), D -diagonal n×n matrix over GF(q), Н EC -parity check r×n matrix of the elliptic code over GF(q), a i -a set of coefficients of the polynomial curve a 1 … a 6 , IV -initialization vector, IV= |h| =½ h е -elements of reduction Expression (1) makes it possible to evaluate the stability of the proposed McEliece and Niederreiter hybrid crypto-code systems on flawed codes.

Conclusions
1.The analysis of multi-factor authentication methods showed that in automated banking systems, 95 % of bank customers use electronic banking based on multi-factor OTP authentication.However, the use of OTP passwords in open data transmission systems in recent months has not met the security requirements.For further use, the NIST experts recommend using additional authentication factors with the mandatory transfer of OTP passwords in encrypted form and/or through closed communication channels, which significantly increases the cost and time of transmission.To solve the problem, a method of improving 2FA based on the use of hybrid crypto-code systems on flawed codes is proposed.These complex cryptosystems provide all the requirements for 2FA and allow expanding the range of use in IEN (CBS).
2. Mathematical models and practical algorithms for encryption/decryption of cryptograms/codegrams in hy-brid crypto-code systems based on modified Niederreiter and McEliece crypto-code systems on flawed codes are proposed.They differ from the error vector (initialization vector) symbol shortening, and provide the required cryptographic strength when transmitting data over open mobile communication channels.
3. The developed multi-factor authentication scheme based on the Niederreiter-McEliece HCCSFC allows eliminating a significant drawback of 2FA on the basis of SMS -providing confidentiality in the transmission of the OTP password via mobile communication channels.The conducted research confirms that the application of the proposed procedures ensures the high speed of crypto-transformations comparable with the BSE, the provable cryptographic strength based on the complexity-theoretic problem of decoding a random code (10 30 -10 35 group operations are provided), and reliability based on the use of a shortened algebraic geometric code (P er 10 -9 -10 -12 is provided).To further reduce the power of the alphabetthe Galois field to GF (2 4 -2 6 ), it is proposed to use systems on flawed codes that allow simultaneously forming multi-channel cryptosystems.

: 1 )
Certification Authority Public Key Index -since the terminal can work with several certification authorities, this value specifies which key the terminal must use when working with this card; 2) Issuer Public Key Certificate is signed by the appropriate certification authority; 3) Public Key Certificate of BC -is signed by the issuer and is formed on the basis of McEliece MCCS; 4) Issuer Public Key Modulus and Exponent; 5) Public Key Modulus and Exponent of BC; 6) Private Key of BC.

Fig. 3 .
Fig. 3. Block diagram of the protocol of the improved OTP authentication method based on the HCCSFC solving theoretical-complexity problems in random code decoding (general position code).
In the McEliece MACCS, the modified (shortened) algebraic geometric (n, k, d) code j k h C − with fast decoding algorithm is disguised as a random (n, k, d) code j k h C − * by multiplying the generating matrix G ЕС of the code the formation of the authorized user's public key: one-time session key, i. e. for a particular E j the vector e is generated randomly equiprobably and independently of the other ciphertexts.The communication channel receives * .On the receiving side, an authorized user who knows the rules of damage , r n

C
removes the effect of the secret permutation and diagonal matrices u P and : u

Fig. 4 .
Fig. 4. Block diagram of the calculation function of the code parameters

Fig. 5 .
Fig. 5. Error probability calculation function for the specified code parameters

Fig. 6 .
Fig. 6.Algorithm for the formation of a cryptogram in the McEliece hybrid crypto-code system on flawed codes

Generating a random order of alphabet characters from 0 to (2 n ) - 1 1Fig. 7 . 2 n
Fig. 7. Algorithm for the formation of a cryptogram in the McEliece hybrid crypto-code system on flawed codes

Fig. 8 .
Fig. 8. Decryption of the cryptogram in the McEliece HCCS on flawed codes v are the error vector symbols equal to zero, |h|= 1 , 2 e i. e. e i =0, "e i Îh; of direct mappings (based on the use of public key -parity check matrix of the elliptic code (EC): of inverse mappings (based on the use of a private key -disguise matrices) of keys that parameterize direct mappings (public key of an authorized user):

X
is the disguise nondegenerate randomly equiprobably generated by the source of keys k k the solution of the theoretic-complexity problem of decoding a random code (code of general position).

nF
is given by a bijective mapping between the set of permutations 1 of meaningful text (based on the use of the key - ,...,M } M = are formed as a result of some mapping ψ, realized by redundant coding by non-binary equilibrium codes of non-redundant information sequences.The formed ciphertext j C

с
carried out either by one or two independent channels.On the receiving side, an authorized user who knows the rule of damage , initialization vector (the number and places of the zero-point symbols of the error vector): is one (any) of the possible codewords of the disguised( , , )   n k d code with the parity check matrix ,

P
but in a different order:

Fig. 9 .
Fig. 9. Schematic block diagram of the hybrid Niederreiter crypto-code system on flawed codes

4 .Step 5 .
Formation of the codegram Formation of the flawed text (the remainder) and the flag (damage) probability of distortion of the block, n -total number of characters in the code (length of the code), k -number of information symbols, d -minimum distance of Hemming code combinations, g -genus of curve, degF -degree of generator function, degCurve -degree of curve.Step 1. Setting the code parameters Х, P, D, Н EC , IV Step 2. Formation of the error vector (equilibrium coding), public key Input n, w(e), q, A Step 3. Formation of the error vector Forming the number A and its binary representation I A е (А) Forming the number A and its binary representation I A The representation of the number A in the form Encoding number А p in the positional number system Encoding number А b in the binomial system Generating the generalized binomial-positional number code А Step 4. Syndrome formation Syndrome formation ( )

Step 4 .
Removing the action of the diagonal and permu-

Fig. 12 .
Fig. 12. Algorithm for the formation of a cryptogram in the Niederreiter hybrid crypto-code system on flawed codes The end

Formation
of the flawed text of CFT and damage СНD concatenation of the flags f(x) i and remainders C(x) i Formation of the flag f(x) and the remainder C(x) by replacing the symbols M i n is the total number of characters in the code (code length), d is the minimum distance of the Hamming code combinations, f (x) is the flag, C (x) is the remainder The channel / channels of communication receive a flawed text (remainder) and damage (flag) Symbol Length of the remainder Remainder

1 . The formation of a meaningful codegram 1 SplittingFig. 13 .
Fig. 13.Algorithm for decoding the cryptogram in the Niederreiter hybrid crypto-code system on flawed codes in the Niederreiter HCCS on flawed codes, 2 Mc i MV K is the key in the McEliece HCCS on flawed codes, I is the number of meaningful texts, B is the number of texts, m is the number of damages.

Fig. 14 .*
Fig. 14.Algorithm for decoding the cryptogram in the Niederreiter hybrid crypto-code system on flawed codes
, D N is the private key in the Niederreiter MCCS, G EC , , Mc is the private key in the McEliece MCCS,