The development of the method of multifactor authentication based on hybrid crypto­code constructions on defective codes

Authors

DOI:

https://doi.org/10.15587/1729-4061.2017.109879

Keywords:

McEliece and Niederreiter hybrid crypto-code systems on flawed codes, multi-factor authentication

Abstract

The proposed security mechanisms in hybrid-crypto-code systems, based on Niederreiter and McEliece modified asymmetric crypto-code systems on flawed codes allow further use of the methods of strict two-factor authentication on OTP passwords (OTP based 2FA). To ensure the required security and efficiency in the multi-factor authentication protocol, the McEliece and Niederreiter modified asymmetric crypto-code systems, allowing integrated reliability provision in information transmission on the basis of error-correction coding on elliptic codes are used. The use of the MV2 algorithm ensures an increase in the total entropy of the key and the physical separation of the transmission of the authenticator parts by various mobile/Internet communication channels based on multi-channel cryptography systems on flawed codes. The proposed mathematical models and algorithms for the practical implementation of the Niederreiter and McEliece HCCSFC make it possible to significantly reduce the energy capacity of group operations by reducing the power of the Galois field to GF 24–26 by additional transformations based on the MV2 algorithm, ensuring the required cryptographic strength

Author Biographies

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor, Senior Researcher

Department of Information Systems 

Hryhorii Kots, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Information Systems 

Sergii Minukhin, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

Doctor of Technical Sciences, Professor

Department of Information Systems 

Olga Korol, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Information Systems

Anna Kholodkova, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Information Systems 

References

  1. Yevseiev, S., Korol, O., Kots, H. (2017). Construction of hybrid security systems based on the crypto-code structures and flawed codes. Eastern-European Journal of Enterprise Technologies, 4 (9 (88)), 4–21. doi: 10.15587/1729-4061.2017.108461
  2. Litvinov, V. A., Lypko, E. V., Yakovleva, A. A. Informacionnaya bezopasnost' vysshego uchebnogo zavedeniya v ramkah sovremennoy globalizacii. Available at: http://conference.osu.ru/assets/files/conf_reports/conf13/132.doc
  3. Rose, S., Barker, W. C., Jha, S., Irrechukwu, C., Waltermire, K. (2016). Domain name systems-based electronic mail security. U. S. Department of Commerce Penny Pritzker, Secretary, 240. Available at: https://nccoe.nist.gov/sites/default/files/library/sp1800/dns-secure-email-sp1800-6-draft.pdf
  4. Dang, Q. (2012). Recommendation for Applications Using Approved Hash Algorithms. U. S. Department of Commerce, 25. Available at: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-107r1.pdf
  5. Shnayder, B. (2012). Prikladnaya kriptografiya. Protokoly, algoritmy, iskhodnye teksty na yazyke Si. Moscow: Triumf, 815.
  6. Grassi, P. A., Fenton, J. L., Newton, E. M., Perlner, R. A., Regenscheid, A. R., Burr, W. E. et. al. (2017). Digital identity guidelines: authentication and lifecycle management. NIST. doi: 10.6028/nist.sp.800-63b
  7. Barrett, M., Marron, J., Pillitteri, V. Y., Boyens, J., Witte, G., Feldman, L. (2017). The Cybersecurity Framework. NIST, 41. Available at: http://csrc.nist.gov/publications/drafts/nistir-8170/nistir8170-draft.pdf
  8. Cichonski, J., Franklin, J. M., Bartock, M. (2016). Guide to LTE Security. NIST, 48. Available at: http://csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf
  9. Shapiro, L. (2012). Autentifikaciya na osnove odnorazovyh paroley. Teoreticheskie osnovy. Chast' 1. Sistemnyy administrator, 9, 88–91.
  10. Shapiro, L. (2012). Autentifikaciya i odnorazovye paroli. Chast' 2. Vnedrenie OTP dlya autentifikacii v AD. Sistemnyy administrator, 10.
  11. Kelsey, J., Change, S., Perlner, R. (2016). SHA-3 derived functions: cSHAKE, KMAC, TupleHash and ParallelHash. NIST. doi: 10.6028/nist.sp.800-185
  12. Yevseiev, S. P., Abdullaev, V. G. (2015). Monitoring algorithm of two-factor authentication method based on рasswindow system. Eastern-European Journal of Enterprise Technologies, 2 (2 (74)), 9–16. doi: 10.15587/1729-4061.2015.38779
  13. Yevseiev, S. P., Abdullaev, V. G., Agazade, Zh. F., Abbasova, V. S. (2016). Usovershenstvovanie metoda dvuhfaktornoy autentifikacii na osnove ispol'zovaniya modificirovannyh kripto-kodovyh skhem. Systemy obrobky informatsyi, 9 (146), 132–144.
  14. Yevseiev, S., Hryhoryi, K., Liekariev, Y. (2016). Developing of multi-factor authentication method based on niederreiter-mceliece modified crypto-code system. Eastern-European Journal of Enterprise Technologies, 6 (4 (84)), 11–23. doi: 10.15587/1729-4061.2016.86175
  15. Meyer, D. (2016). Time is running out for this popular online security technique. FORTUNE. Available at: http://fortune.com/2016/07/26/nist-sms-two-factor/
  16. Hackett, R. (2016). You’re implementing this basic security feature all wrong. FORTUNE. Available at: http://fortune.com/2016/06/27/two-factor-authentication-sms-text/
  17. Bartock, M., Cichonski, J., Souppaya, M., Smith, M., Witte, G., Scarfone, K. (2016). Guide for cybersecurity event recovery. NIST. doi: 10.6028/nist.sp.800-184
  18. Security requirements for cryptographic modules (2001). Change Notices. doi: 10.6028/nist.fips.140-2
  19. Annex A: Approved Security Functions for FIPS PUB 140-2 (2017). U. S. Department of Commerce. Available at: http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf
  20. Annex B: Approved Protection Profiles for FIPS PUB 140-2 (2016). U. S. Department of Commerce. Available at: http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexb.pdf
  21. Annex C: Approved Random Number Generators for FIPS PUB 140-2 (2016). U. S. Department of Commerce. Available at: http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf
  22. Yevseiev, S., Rzayev, K., Korol, O., Imanova, Z. (2016). Development of mceliece modified asymmetric crypto-code system on elliptic truncated codes. Eastern-European Journal of Enterprise Technologies, 4 (9 (82)), 18–26. doi: 10.15587/1729-4061.2016.75250
  23. Mishchenko, V. A., Vilanskiy, Yu. V. (2007). Ushcherbnye teksty i mnogokanal'naya kriptografiya. Minsk: Enciklopediks, 292.
  24. Mishchenko, V. A., Vilanskiy, Yu. V., Lepin, V. V. (2006). Kriptograficheskiy algoritm MV 2. Minsk, 177.
  25. Shennon, K. E. (1963). Teoriya svyazi v sekretnyh sistemah. Raboty po teorii informacii i kibernetike. Moscow: Il, 333–402.

Downloads

Published

2017-10-19

How to Cite

Yevseiev, S., Kots, H., Minukhin, S., Korol, O., & Kholodkova, A. (2017). The development of the method of multifactor authentication based on hybrid crypto­code constructions on defective codes. Eastern-European Journal of Enterprise Technologies, 5(9 (89), 19–35. https://doi.org/10.15587/1729-4061.2017.109879

Issue

Vol. 5 No. 9 (89) (2017): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2017 Serhii Yevseiev, Hryhorii Kots, Sergii Minukhin, Olga Korol, Anna Kholodkova

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.