MULTI-FACTOR AUTHENTICATION MODELLING

Authors

  • L. Dostálek University of West Bohemia Pilsen, Czechia
  • J. Šafařík University of West Bohemia Pilsen, Czechia

DOI:

https://doi.org/10.15588/1607-3274-2020-2-11

Keywords:

Аuthentication, multifactor authentication, risk-based authentication, omnifactor authentication, fraud detection system, password, digital fingerprint.

Abstract

Context. Currently, institutions and companies face massive cyber-attacks. Attacks are always focused on some authentication weakness that is part of a particular authentication protocol. In the event of an attack, it is necessary to respond flexibly to the weakening of authentication mechanisms. In the event of an attack, it is necessary to quickly identify the affected authentication factor and its importance to temporarily weaken. Subsequently, it is possible to detect the affected weakness and weaken the meaning of only the algorithms showing this weakness. Algorithms that do not show this weakness should be left unchanged. This paper introduces a mathematics model of authentication. By quick changing the model parameters, we can flexibly adapt the use of authentication means to the situation.

Objective. The purpose of this work is to propose a method that will allow to quantify the strength (quality) of authentication. In order it will be possible to dynamically change the authentication method depending on the current risks of attacks.

Method. The method is to design a mathematical model and its simulation. The model is then based on the sum of the strengths of the individual authentication factors. A risk-based mechanism is used to determine model parameters. 

Results. The paper then demonstrates the simulation results using commonly used authentication means. The paper then demonstrates the simulation results using commonly used authentication means: password, hardware based one-time password, device fingerprint, external authentication, and combination of this methods. Simulations have shown that using this mathematical model makes it easy to model the use of authentication resources.

Conclusions. With this model, it seems easy to model different security situations. In the real situation, the model parameters will need to be refined as part of the feedback assessment of the established security incidents. 

Author Biographies

L. Dostálek, University of West Bohemia Pilsen

M.Sc., Post-graduate student at the Department of Computer Science and Engineering

J. Šafařík, University of West Bohemia Pilsen

PhD, Professor, Professor of the Department of Computer Science and Engineering

References

Dostálek L., Dostálková I. Omnifactor Authentication, Advanced Computer Information Technologies: International Conference ACIT 2018, Ceske Budejovice, 1–3 June 2018: proceedings. Ternopil, TNEU, 2018, pp. 228– 231.

Alaca F., Oorschot P. C. Device fingerprinting for augmenting web authentication: classification and analysis of methods, Computer Security Applications: the 32nd Annual Conference ACSAC '16, Los Angeles, California, USA, 2016: proceedings. Los Angeles, California, USA, 2016, pp. 289–301. DOI: https://doi.org/10.1145/2991079.2991091

Yang Z., Zhao R., Yue C. Effective Mobile Web User Fingerprinting via Motion Sensors, Trust, Security And Privacy In Computing And Communications: 17th IEEE International Conference / Big Data Science And Engineering: 12th IEEE International Conference, 1–3 Aug. 2018: proceedings. New York, NY, USA, 2018, pp. 1398– 1405. DOI: 10.1109/TrustCom/BigDataSE.2018.00194

Arya V., Sethi D., Paul J. Does digital footprint act as a digital asset? – Enhancing brand experience through remarketing, International Journal of Information Management, 2019, Vol. 49, pp. 142–156. https://doi.org/10.1016/j.ijinfomgt.2019.03.013

Hinds J., Joinson A. Human and Computer Personality Prediction from Digital Footprints, Current Directions in Psychological Science, 2019, Vol. 28, Issue 2, pp. 204–211. https://doi.org/10.1177%2F0963721419827849

Varghese T. E., Fisher J. B., Harris S. L., Boseo D. D. Pat. US7,908,645B2 US, H04L63/20, System and Method for Fraud Monitoring, Detection, and Tired User Authentication/ (US), applicant Oracle International Corporation. № 11/412,997; 28.04.2006; 14.12.2006, 51p.

Carta S., Fenu G., Recupero D., Saia R. Fraud detection for E-commerce transactions by employing a prudential Multiple Consensus model, Journal of Information Security and Applications, 2019, Vol. 46, pp. 13–22.

Information technology Security techniques – Information security risk management: ISO/IEC 27005:2018. [Effective from 2018-07], 2018, 56 p.

Dostálek L., Multi-Factor Authentication Modeling, Advanced Computer Information Technologies: 9th International Conference ACIT’2019, Ceske Budejovice, Czech Republic, 5–7 June 2019: proceedings. Ternopil, TNEU, 2019, pp. 443–446. DOI: 10.1109/ACITT.2019.8780068.

Vijaya C. J., Challa N., Pasupuletti S. K. Authentication and authorization mechanism for cloud security, International Journal of Engineering and Advanced Technology, August 2019, Volume 8, Issue 6, pp. 2072–2078, E-ISSN:22498958

Downloads

How to Cite

Dostálek, L., & Šafařík, J. (2020). MULTI-FACTOR AUTHENTICATION MODELLING. Radio Electronics, Computer Science, Control, (2), 106–116. https://doi.org/10.15588/1607-3274-2020-2-11

Issue

No. 2 (2020): Radio Electronics, Computer Science, Control

Section

Progressive information technologies

License

Copyright (c) 2020 L. Dostálek, J. Šafařík

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Creative Commons Licensing Notifications in the Copyright Notices

The journal allows the authors to hold the copyright without restrictions and to retain publishing rights without restrictions.

The journal allows readers to read, download, copy, distribute, print, search, or link to the full texts of its articles.

The journal allows to reuse and remixing of its content, in accordance with a Creative Commons license СС BY -SA.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License CC BY-SA that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.