Monitoring algorithm of two-factor authentication method based on рasswindow system

Authors

  • Сергей Петрович Евсеев Simon Kuznets Kharkiv National University of Economics pr. Lenina 9a, Kharkov, Ukraine, 61166, Ukraine
  • Вугар Гаджимахмудович Абдуллаев Azerbaijan State Oil Academy (ASOA) ANAS, Institute of Control Systems pr. Azadlig, 20, Baku, Azerbaijan, AZ1010, Azerbaijan https://orcid.org/0000-0002-3348-2267

DOI:

https://doi.org/10.15587/1729-4061.2015.38779

Keywords:

two-factor authentication, online attacks, social engineering

Abstract

The paper deals with the basic methods of constructing a two-factor authentication system based on cryptographic mechanisms for ensuring the cryptographic security of the authenticators formed. Risk assessment of various methods of online attacks against various two-factor authentication systems is carried out. The PassWindow system, which provides two-factor authentication on the unique ability of the matrix particles to transmit information in a way that it is deciphered only when imposing the physical template of characters of the intended recipient and barcode template, obtained through electron-network devices of users is considered. Resistance to the analysis is provided by a unique generation of barcode template of the card as unique statistical images, a sequence of characters or a more extended animated version.

The object of the research is the process of improving the integrity and authenticity of data packets in security protocols of banking transactions based on two-factor authentication methods. The subject of the study are control methods and algorithms of the integrity and authenticity of data packets in security protocols of banking transactions based on two-factor authentication methods.

The aim is to increase the integrity and authenticity of data packets in security protocols of banking transactions, threat assessment of two-factor authentication methods. A comparative analysis of various two-factor authentication systems with the PassWindow system in withstanding various Internet attack scenario is performed.

Author Biographies

Сергей Петрович Евсеев, Simon Kuznets Kharkiv National University of Economics pr. Lenina 9a, Kharkov, Ukraine, 61166

Ph.D., Associate Professor

Information Systems Department

Вугар Гаджимахмудович Абдуллаев, Azerbaijan State Oil Academy (ASOA) ANAS, Institute of Control Systems pr. Azadlig, 20, Baku, Azerbaijan, AZ1010

PhD

References

  1. Slyman, M., O’Neil, S., Nicolae, G. H., van der Merwe, B. (2009). An evaluation of hypothetical attacks against the PassWindow authentication method. The PassWindow method. Available at: http://www.passwindow.com/evaluation_of_hypothetical_attacks_against_passwindow.pdf
  2. Dvuxfaktornaya Autentifikaciya (2014). Aladdin. Available at: http://www.aladdin-rd.ru/solutions/authentication
  3. Nastrojka dvuxfaktornoj autentifikacii (2012). Citrix. Available at: http://support.citrix.com/proddocs/topic/web-interface-impington/nl/ru/wi-configure-two-factor-authentication-gransden.html?locale=ru
  4. Sem' metodov dvuxfaktornoj autentifikacii (2007). ITC.ua. Available at: http://www.infosecurityrussia.ru/news/29947
  5. Dvuxfaktornaya autentifikaciya pri udalennom dostupe (2006). Infosecurity. Available at: http://itc.ua/articles/dvuhfaktornaya_autentifikaciya_pri_udalennom_dostupe_23166
  6. Man In The Mobile Attacks Highlight Weaknesses In Out-Of-Band Authentication (2010). Information week. Available at: http://www.darkreading.com/risk/man-in-the-mobile-attacks-highlight-weaknesses-in-out-of-band-authentication/d/d-id/1134495
  7. Zeitz, C., Scheidat, T., Dittmann, J., Vielhauer, C., Agulla, E. G., Muras, E. O., Mateo, C. G., Alba, J. L. (2008). Castro Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth. Security, Forensics, Steganography, and Watermarking of Multimedia Contents X, 12. Available at: http://spie.org/Publications/Proceedings/Paper/10.1117/12.767632 doi: 10.1117/12.767632
  8. Barkan, E., Biham, E., Keller, N. (2007). Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. Journal of Cryptology, 21 (3), 392–429. Available at: http://dl.acm.org/citation.cfm?id=1356689 doi: 10.1007/s00145-007-9001-y
  9. Winterford (2011). ITnews. Available at: http://www.itnews.com.au/News/282310,45k-stolen-in-phone-porting-scam.aspx/0
  10. Schwartz, M. J. (2011). Zeus Banking Trojan Hits Android Phones. Information week. Available at: http://www.informationweek.com/mobile/zeus-banking-trojan-hits-android-phones/d/d-id/1098909
  11. Trojan Writers Target UK Banks With Botnets (2010). TechWorld. Available at: http://news.techworld.com/security/3228941/trojan-writers-target-uk-banks-with-botnets
  12. Network Forensic Analysis of SSL MITM Attacks (2011). NETRESEC Network Security Police Service. Available at: http://www.netresec.com/?page=Blog&month=2011-03&post=Network-Forensic-Analysis-of-SSL-MITM-Attacks
  13. Internet Banking Targeted Phishing Attack (2005). Metropolitan Police Service. Available at: http://www.webcitation.org/5ndG8erWg
  14. Krebs, B. (2010). Spike in phone phishing attacks. KrebsOnSecurity. Available at: http://krebsonsecurity.com/2010/06/a-spike-in-phone-phishing-attacks/

Downloads

Published

2015-04-20

How to Cite

Евсеев, С. П., & Абдуллаев, В. Г. (2015). Monitoring algorithm of two-factor authentication method based on рasswindow system. Eastern-European Journal of Enterprise Technologies, 2(2(74), 9–16. https://doi.org/10.15587/1729-4061.2015.38779

Issue

Vol. 2 No. 2(74) (2015): Information technology. Industry control systems

Section

Information technology

License

Copyright (c) 2015 Сергей Петрович Евсеев, Вугар Гаджимахмудович Абдуллаев

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.