Developing of multi-factor authentication method based on niederreiter-mceliece modified crypto-code system

Authors

DOI:

https://doi.org/10.15587/1729-4061.2016.86175

Keywords:

modified crypto-code system, modified algebrogeometric codes, multi-factor authentication

Abstract

Two-factor authentication methods to date, are considered by experts as authenticators resistance amplification mechanisms, while ensuring the authenticity services in various fields of high technology, financial and insurance sectors of the market, large banking institutions and public sector enterprises. Thus, authenticators based on OTP passwords and various types of tokens are typically used in the ABS. The suggested synergistic threat assessment approach revealed that attackers use a comprehensive approach to the implementation of threats, based on a combination of social engineering techniques with traditional methods, of disguise and infiltration. New types of cyber-attacks are also used to effectively embed malware on mobile communication devices, which in turn leads to a decrease in the profitability of the two-factor authentication methods based on SMS messages and OTP passwords in ABS. The proposed safety mechanisms based on modified crypto code Niederreiter and Mc-Eliece systems allow to ensure reliability (based on the use of elliptical error-correcting codes) and safety (proposed cryptosystem are secret models of provable resistance) of data transmitted. Their usage in the multi-factor authentication protocol ensures the security of the physical separation of transmission of the parts of authenticator of banking transactions through mobile lines (using the Niederreiter MCCS) and ABS (using the McEliece MCCS). The proposed mathematical model and algorithms of practical implementation of the Niederreiter MCCS allow, based on the error vector symbol shortening, to reduce the energy capacity of the group operations, reduce the power of the Galois field to GF 26–27, providing the required cryptographic resistance.

Author Biographies

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Information Systems 

Hryhorii Kots, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Information Systems 

Yehor Liekariev, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

Department of Information Systems 

References

  1. Reshenie po mnogofaktornoj autentifikacii 2FA One. Available at: https://habrahabr.ru/company/1cloud/blog/277901/
  2. Vazhnost' mnogofaktornoj autentifikacii. Available at: http://www.securitylab.ru/analytics/425166.php
  3. Jekspress-opros: «Kakie metody autentifikacii vy ispol'zuete doma/na rabote?». Available at: http://zlonov.ru/2016/07/statistic/
  4. Digital Authentication Guideline. Available at: http://www.3dnews.ru/936742?from=related-grid&from-source=940476
  5. Siadati, H., Nguyen, T., Gupta, P., Jakobsson, M., Memon, N. (2017). Mind your SMSes: Mitigating social engineering in second factor authentication. Computers & Security, 65, 14–28. doi: 10.1016/j.cose.2016.09.009
  6. Harini, N., Padmanabhan, T. R. (2013). 2CAuth: A New Two Factor Authentication Scheme Using QR-Code. International Journal of Engineering and Technology, 5 (2), 1087–1094. Available at: http://www.enggjournals.com/ijet/docs/IJET13-05-02-093.pdf
  7. D’Mello, D. P. (2015). An Alternative Approach in Generation and Possession of Backup Codes in MultiFactor Authentication Scheme. BIJIT – BVICAM’s International Journal of Information Technology, 7 (2), 883–885 Available at: http://www.bvicam.ac.in/bijit/downloads/pdf/issue14/05.pdf
  8. Gupta, N., Rani, R. (2015). Implementing High Grade Security in Cloud Application using Multifactor Authentication and Cryptography. International Journal of Web & Semantic Technology, 6 (2), 09–17. doi: 10.5121/ijwest.2015.6202
  9. Jiang, Q., Ma, J., Wei, F., Tian, Y., Shen, J., Yang, Y. (2016). An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks. Journal of Network and Computer Applications, 76, 37–48. doi: 10.1016/j.jnca.2016.10.001
  10. Kiljan, S., Vranken, H., van Eekelen, M. (2016). Evaluation of transaction authentication methods for online banking. Future Generation Computer Systems. doi: 10.1016/j.future.2016.05.024
  11. Android-vredonos Bankosy sposoben pohishhat' kody dvuhfaktornoj autentifikacii. Available at: http://www.securitylab.ru/news/478411.php
  12. Hryshchuk, R., Yevseev, S. (2016). The synergetic approach for providing bank information security: the problem formulation. Bezpeka іnformacіi, 22 (1), 64–74.
  13. Evseev, S. P., Abdullaev, V. G., Agazade, Zh. F., Abbasova, V. S. (2016) Usovershenstvovanie metoda dvuhfaktornoj autentifikacii na osnove ispol'zovanija modificirovannyh kripto-kodovyh shem. Sistemi obrobki іnformacіi, 9 (146), 132–145.
  14. Evseev, S. P., Abdullaev, V. G. (2015). Monitoring algorithm of two-factor authentication method based on рasswindow system. Eastern-European Journal of Enterprise Technologies, 2 (2 (74)), 9–15. doi: 10.15587/1729-4061.2015.38779
  15. Pjat' sposobov dvuhfaktornoj autentifikacii. Available at: https://lifehacker.ru/2016/02/15/two-factor-authentication/
  16. RSA SECURID® Autentifikacija po zaprosu. Available at: http://security.demos.ru/auth_access/mfa/ondemand.php
  17. Sem' metodov dvuhfaktornoj autentifikacii. Available at: http://www.infosecurityrussia.ru/news/29947
  18. Distancionnoe bankovskoe obsluzhivanie klientov: sposoby zashhity tranzakcij. Available at: http://www.prostobiz.ua/rko/stati/distantsionnoe_bankovskoe_obsluzhivanie_klientov_sposoby_zaschity_tranzaktsiy
  19. Blejhut, R. (1986). Teorija i praktika kodov, kontrolirujushhih oshibki. Moscow: Mir, 576.
  20. Klark, Dzh.-ml.; Cybakova, B. S. (Ed.) (1987). Kodirovanie s ispravleniem oshibok v sistemah cifrovoj svjazi. Moscow: Radio i svjaz', 392.
  21. Mak-Vil'jams, F. Dzh., Slojen, N. Dzh. A. (1979). Teorija kodov, ispravljajushhih oshibki. Moscow: Svjaz', 744.
  22. Yevseiev, S., Rzayev, K., Korol, O., Imanova, Z. (2016). Development of mceliece modified asymmetric crypto-code system on elliptic truncated codes. Eastern-European Journal of Enterprise Technologies, 4 (9 (82)), 18–26. doi: 10.15587/1729-4061.2016.75250
  23. Evseev, S. P., Rzaev, H. N., Cyganenko, A. S. (2016). Analiz programmnoj realizacii prjamogo i obratnogo preobrazovanija po metodu nedvoichnogo ravnovesnogo kodirovanija. Bezpeka іnformacіi, 22 (2), 196–203.

Downloads

Published

2016-12-27

How to Cite

Yevseiev, S., Kots, H., & Liekariev, Y. (2016). Developing of multi-factor authentication method based on niederreiter-mceliece modified crypto-code system. Eastern-European Journal of Enterprise Technologies, 6(4 (84), 11–23. https://doi.org/10.15587/1729-4061.2016.86175

Issue

Vol. 6 No. 4 (84) (2016): Mathematics and Cybernetics - applied aspects

Section

Mathematics and Cybernetics - applied aspects

License

Copyright (c) 2016 Serhii Yevseiev, Kots Hryhorii, Yehor Liekariev

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.