TWO-FACTOR AUTHENTICATION METHODS THREATS ANALYSIS

Authors

  • S. P. Evseev Department of Simon Kuznets Kharkiv National University of Economics, Kharkiv, Ukraine, Ukraine
  • B. P. Tomashevskyy Department of Simon Kuznets Kharkiv National University of Economics, Kharkiv, Ukraine, Ukraine

DOI:

https://doi.org/10.15588/1607-3274-2015-1-7

Keywords:

two-factor authentication, online attacks, social engineering.

Abstract

The article considers basic methods of two-factor authentication system constructing on the basis of the use of cryptographic mechanisms
to ensure the reliability, of formed authenticators, the risk of various methods of online attacks against a variety of two-factor authentication
systems is estimated, as well as a system PassWindow is considered, which provides two-factor authentication on the unique ability of the
matrix to transmit information in such a way that it is deciphered only to the imposition of the physical signs of the intended recipient pattern
and barcode pattern obtained by digital network devices, resistance to the analysis is provided by a unique barcode card pattern generation as
unique statistical images, a sequence of characters, or as more extended in an animated version. The object of the research is the process of improving the integrity and authenticity of data packets in banking transactions security protocols on the basis of two-factor authentication methods. The subject of the study is methods and algorithms of integrity control and authenticity of data packets in banking transaction security protocols on the basis of two-factor authentication methods. The aim of the paper is to increase the integrity and authenticity of data packets in banking transactions security protocols, a banking transaction, threat assessment on two-factor authentication methods. A comparative analysis of various systems with two-factor authentication PassWindow system in opposition to various Internet attack scenario is being carried out. An effective method for monitoring a practical twofactor authentication PassWindow system in its application to the banking system.

References

Evaluation of hypothetical attacks against PassWindow [Electronic resource] / S. O’Neil // PassWindow – 2009. – Access mode: h t t p : / / w w w . p a s s w i n d o w . c o m / evaluation_of_hypothetical_attacks_against_passwindow. 2. Двухфакторная Аутентификация [Электронный ресурс], Aladdin, 2014, Режим доступа: http://www.aladdin-rd.ru/ solutions/authentication. 3. Настройка двухфакторной аутентификации [Электронный ресурс], Citrix, 2012, Режим доступа: http://support.citrix.com/ proddocs/topic/web-interface-impington/nl/ru/wi-configure-twofactorauthentication-gransden.html?locale=ru. 4. Семь методов двухфакторной аутентификации [Электронный ресурс], ITC.ua, 2007, Режим доступа: http://www.infosecurityrussia.ru/news/29947. 5. Man In The Mobile Attacks Highlight Weaknesses In Out-Of-Band Authentication [Electronic resource] / E. Chickowski // Information week – 2010. – Access mode: http:// www.darkreading.com/risk/man-in-the-mobile-attacks-highlightweaknesses-in-out-of-band-authentication/d/d-id/1134495. 6. Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication [Electronic resource] / E. Barkan, E. Biham, N. Keller // ACM digital library. – 2008. – Access mode: http://dl.acm.org/citation.cfm?id=1356689. 7. $45k stolen in phone porting scam [Electronic resource] / Brett Winterford // ITnews – 2011. – Access mode: http://www.itnews.com.au/News/282310,45k-stolen-in-phone-portingscam. aspx/0. 8. Zeus Banking Trojan Hits Android Phones [Electronic resource] / M. J. Schwartz // Information week. – 2011. – Access mode: http://www.informationweek.com/mobile/zeus-banking-trojanhits-android-phones/d/d-id/1098909. 9. Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth [Electronic resource] / [C. Zeitz, T. Scheidat, J. Dittmann; at all.] // Proceedings of SPIE. – 2008. – Access mode: http://spie.org/Publications/Proceedings/Paper/10.1117/ 12.767632.

Downloads

How to Cite

Evseev, S. P., & Tomashevskyy, B. P. (2015). TWO-FACTOR AUTHENTICATION METHODS THREATS ANALYSIS. Radio Electronics, Computer Science, Control, (1). https://doi.org/10.15588/1607-3274-2015-1-7

Issue

No. 1 (2015): Radio Electronics, Computer Science, Control

Section

Progressive information technologies

License

Copyright (c) 2015 S. P. Evseev, B. P. Tomashevskyy

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Creative Commons Licensing Notifications in the Copyright Notices

The journal allows the authors to hold the copyright without restrictions and to retain publishing rights without restrictions.

The journal allows readers to read, download, copy, distribute, print, search, or link to the full texts of its articles.

The journal allows to reuse and remixing of its content, in accordance with a Creative Commons license СС BY -SA.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License CC BY-SA that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.