Multi factor authentication as a necessary solution in the fight with information technology security threats

In the publication multi factor authentication solutions are offered as a necessary tool for decrease of information technology security risks. The work includes description of authentication process from the viewpoint of information technology security aspect, as well as authentication factors are described, which can be used in authentication process modules. Some recommendations for decrease of security risks are given using multi factor authentication solutions. In the work a multi-factor authentication security testing experiment is described, which involves use of Linux remote console - SSH service. Analysis of data of unauthorised access efforts obtained during tests is described: it is determined from which countries or regions, as well as in which days there is the highest threat to information technology security

Multi-Factor Authentication: A Survey

Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.Peer reviewe

Security Schemes for Hack Resilient Applications Using “SNHA” (Securing Network, Host, and Application) Service

The very nature of web applications - their ability to collate, process and disseminate information over the Internet - exposes them in two ways. First and most obviously, they have total exposure by nature of being publicly accessible. Second, they process data elements from within HTTP requests - a protocol that can employ a myriad of encoding and encapsulation techniques. Any service available on the Internet requires authentication. Simple, one factor authentication schemes are vulnerable to hacking and require lot of discipline among authorized users - in the form of complying with strong password, One Time Password and password salt. The challenges start from making the authentication setup of the network services as secure and as simple as possible. In order to overcome this problem, we will develop a portal and authentication setup to address the problem of the directly making the authentication setup and the web services of the organization accessible from the internet. For our purposes we will concentrate on the combination of web servers and application servers interfacing to provide user authentication as multi-tenant applications. Keyword: - Network security, Web-Security, Multi tenant, Web-service, SAAS, SOP, WCF, multilevel authentication, one time password (OTP), Salt password

Secure Payment Authentication That Provides Strong Customer Authentication

Multi-factor verification steps currently used for authenticating online purchases, e.g., one-time codes sent to a phone, can prove to be a hurdle for some customers. This disclosure describes a strong customer authentication technique, referred to as secure payment authentication (SPA), that enables users to authenticate online transactions using device-bound tokens. Authentication is driven by payment service providers, and a simple device unlock can confirm a transaction. Strong customer authentication is made possible with just a single (or even zero) click. Cross-device authentication can be enabled, such that a customer can authenticate themselves on a payment app on a mobile device while performing transactions on a second device such as a laptop, etc

The Impact of Two-Factor Authentication Technology on the Adoption of Internet Banking

The security risks of Internet banking have always been a concern to the service providers and users. There has been a global trend to adopt a multi-factor authentication scheme to increase the security of Internet banking. However, the introduction of two-factor authentication has not been well received. Particularly, there has been a conception that it creates barriers to Internet banking use because extra efforts are required to perform transactions online. This study explores the impact of the two-factor authentication on the adoption of Internet banking in Australia as perceived by the users, through a qualitative survey. The findings show that the two factor authentication does not affect most of the key factors affecting Internet banking adoption including ease-of-use and it helps reduce the perceived risks. However, it increases the security awareness and concern of the users and it somehow affects users’ trust in using Internet banking

Multi-Factor Authentication for Shibboleth Identity Providers

The federated identity model provides a solution for user authentication across multiple administrative domains. The academic federations, such as the Brazilian federation, are examples of this model in practice. The majority of institutions that participate in academic federations employ password-based authentication for their users, with an attacker only needing to find out one password in order to personify the user in all federated service providers. Multi-factor authentication emerges as a solution to increase the robustness of the authentication process. This article aims to introduce a comprehensive and open source solution to offer multi-factor authentication for Shibboleth Identity Providers. Based on the Multi-factor Authentication Profile standard, our solution provides three extra second factors (One-Time Password, FIDO2 and Phone Prompt). The solution has been deployed in the Brazilian academic federation, where it was evaluated using functional and integration testing, as well as security and case study analysis

AI-Oriented Two-Phase Multi-Factor Authentication in SAGINs: Prospects and Challenges

Space-air-ground integrated networks (SAGINs), which have emerged as an expansion of terrestrial networks, provide flexible access, ubiquitous coverage, high-capacity backhaul, and emergency/disaster recovery for mobile users (MUs). While the massive benefits brought by SAGIN may improve the quality of service, unauthorized access to SAGIN entities is potentially dangerous. At present, conventional crypto-based authentication is facing challenges, such as the inability to provide continuous and transparent protection for MUs. In this article, we propose an AI-oriented two-phase multi-factor authentication scheme (ATMAS) by introducing intelligence to authentication. The satellite and network control center collaborate on continuous authentication, while unique spatial-temporal features, including service features and geographic features, are utilized to enhance the system security. Our further security analysis and performance evaluations show that ATMAS has proper security characteristics which can meet various security requirements. Moreover, we shed light on lightweight and efficient authentication mechanism design through a proper combination of spatial-temporal factors.Comment: Accepted by IEEE Consumer Electronics Magazin

A MULTILEVEL USER VALIDATION FRAMEWORK FOR ACCESSING CLOUD SERVICES

Cloud computing is a paradigm that offers enormous advantages to cloud users for example, huge memory, adaptable processing abilities, security to the data and boundless registering capabilities. To utilize the maximum capacity of Cloud computing, information is moved, handled and stored by Cloud Service Providers (CSP). Be that as it may, information owners are suspicious to put their information in cloud that is outside their own control. The main issue with Cloud computing is the manner by which to provide the security and protection of cloud user information being prepared and additionally stored in a Cloud computing condition. With regards to cloud information assurance, the techniques utilized can be fundamentally the same as ensuring information inside a conventional server group. To perform user validation for accessing cloud services, a strong cryptography method is introduced along with a multi factor verification process. Moving information into the cloud implies that the clients have less authority over their information, this implies the cloud clients must believe the CSP to secure the information from both outside and inside attacks. In the proposed work, a Multi Level User Authentication (MLUA) framework is introduced for accessing cloud services. The unauthorized users are not allowed to access cloud resources. The cloud user, data owner and cloud service providers are involved in multi factor authentication. The CSP will generate a Digital Unique Authentication Identity (DUAI) number along with general verification for undergoing multi level verification process. The proposed method is compared with the traditional methods and the results show that the proposed method is better in performance and accuracy in identification of valid cloud users

Keystroke dynamics based user authentication using deep multilayer perceptron

User authentication is an essential factor to protect digital service and prevent malicious users from gaining access to the system. As Single Factor Authentication (SFA) is less secure, organizations started to utilize Multi-Factor Authentication (MFA) to provide reliable protection by using two or more identification measures. Keystroke dynamics is a behavioral biometric, which analyses users typing rhythm to identify the legitimacy of the subject accessing the system. Keystroke dynamics that have a low implementation cost and does not require additional hardware in the authentication process since the collection of typing data is relatively simple as it does not require extra effort from the user. This study aims to propose deep learning model using Multilayer Perceptron (MLP) in keystroke dynamics for user authentication on CMU benchmark dataset. The user typing rhythm from 51 subjects collected based on the static password (.tie5Roanl) typed 400 times over 8 sessions and 50 repetitions per session. The MLP achieved optimum EER of 4.45% compared to original benchmark classifiers such as 9.6% (scaled Manhattan), 9.96% (Mahalanobis Nearest Neighbor), 10.22% (Outlier Count), 10.25% and 16.14% (Neural Network Auto-Assoc). © 2020 by the authors

Digital identity modelling and management

University of Technology, Sydney. Faculty of Engineering.User identification and authentication is the first and most important aspect of identity management in maintaining security and privacy of users and their assets. Due to the open nature of the Internet, without reliable identification and authentication, subsequent security and privacy protections become worthless. Amid the increase of the number of online services and users, identity fraud is on the increase. It has been widely reported that identity fraud costs the industry many billions of dollars each year around the world. Perpetrators use false identities to engage in fraudulent activities. False identities can be established in one of two ways: (i) creating fictitious identity by manufacturing, forging or fraudulently obtaining legitimate documentation to satisfy proof of identity (POI) requirements, and (ii) stealing or forging someone else’s identity from an actual person (living or dead) such as passwords, security tokens or biometric information. One of the effective ways to prevent identity fraud is to build defence against the use of false identities. Use of false identities can be prevented by implementing strong authentication, using multi-factor identity proofing (during service enrolment phase) and multifactor identity authentication (during service delivery sessions). To balance convenience and security, the strength of the authentication needs to match the required level of trust. If the implemented strength is lower than the required level of trust, it may introduce risk of fraudulent activities. On the other hand if the implemented strength is higher than the required level of trust, it may introduce inconvenience to the user, preventing the usage. To solve this issue, we propose CaMa (Credential Attribute Mapping) models to calculate the strength of authentication for multi-factor identity proofing and multifactor identity authentication scenarios. The strengths are calculated from the desired properties of identities and presented in two ways, (i) a process of summation of the weighting index of the desirable properties, and (ii) application of information theory. Further, a scheme for constructing digital representations of personal identities from conventional identity documents such as birth certificates, citizenship certificates, passports, driving licences, bank card and photo ID is also proposed. This digital representation of personal identity along with the concept of (i) active credentials, (ii) trusted identity providers, (iii) secure assertion protocol such as SAML and with the (iv) established policies and procedures, enable a user to assert their identity to a remote online service provider that request the proof of identity (POI) requirements. Thus, it will help freeing users from the limitation of personal presence during service enrolment. For example, in this way, it will be possible to open a bank account in the USA by remotely submitting trusted identity credentials online from Australia