Published in journal "Software systems and computational methods", 2016-2 in rubric "Data encryption and data protection", pages 173-183.
Resume: Two-factor authentication is required to establish a secure connection when a remote user tries to connect to the corporate web services. Authentication is a prerequisite for web services that process confidential information. Two-factor authentication is a way to improve the corporate information security. There are many ready solutions for the implementation of two-factor authentication system but these solutions have several disadvantages, such as high cost or difficult integration into existing corporate information structure. The aim of this study is to define the architecture of the system that overcomes the mentioned disadvantages. For designing a protection system against password guessing the authors previously used a method of static analysis to justify the demand for systems of this type. The authors also used data analysis method to determine the requirements for the system of two-factor authentication; an experiment confirmed the results of a research. Presented architecture provides protection from password guessing, does not depend on additional hardware or software and has a modular structure, which gives the advantage of scalability. The architecture defines advanced functionality for such systems: determining geographic location of real IP-addresses, address filtering based on geolocation and proxy addresses using a POST requests. It also allows building modules, which can be easily integrated with existing enterprise infrastructure. The result of using the proposed system shows that the percentage of intruders accessing corporate information system is reduced.
Keywords: information security, password guessing, single sign-on technology, service-oriented architecture, control permissions, one-time password, authentication code, two-factor authentication, secure connection, web service
Razzaq A., Hur A., Shahbaz S., Masood M., Ahmad R., Critical analysis on web application firewall solutions. IEEE Eleventh International Symposium on Autonomous Decentralized Systems: 2013, pp. 1-6.
Al-Kahtani M.A., Sandhu R.S. 2002. A Model for Attribute-Based User-Role Assignment. Proceedings of the 18th Annual Computer Security Applications Conference: 2002, pp. 353-362.
Liu J., Liu C., Jiao D., Chen J. The Research of a Multi-Factor Dynamic Authorization Model. Proceedings of the 2012 IEEE Ninth International Conference on e-Business Engineering: 2012, pp. 201-205.
Oh S. W., Kim H. Decentralized access permission control using resource-oriented architecture for the web of things. Advanced Communication Technology (ICACT), 2014 16th International Conference: 2014, pp. 749-753.
M'Raihi D., Rydell J., Bajaj S., Machani S., Naccache D. RFC 6287. OCRA: OATH Challenge-Response Algorithm. IETF, 201, p. 38.
M'Raihi D., Machani S., Pei M., Rydell J. RFC 6238. TOTP: Time-Based One-Time Password Algorithm. RFC Editor, 2011, 16 p.
Fergyuson N., Shnayer B. Prakticheskaya kriptografiya. M: Vil'yams, 2005, 424 c.
Babash A.V., Baranova E.K. Kriptograficheskie metody zashchity informatsii. Uchebnik. Seriya: "Bakalavriat i magistratura". M: Knorus, 2016, 189 c.
Bellare M., Canettiy R., Krawczykz H. Message Authentication using Hash Functions The HMAC Construction. CryptoBytes. 1996. 2(1): pp.1-2.
Eastlake D., Crocker S., Schiller J. RFC 1750: Randomness Recommendations for Security. RFC Editor, 1994, p. 30.
M'Raihi D., Bellare M., Hoornaert F., Naccache D., Ranen O.. RFC 4226. HOTP: An HMAC-Based One-Time Password Algorithm. RFC Editor, 2005, p. 37.
Kivi Berd. Kvantovaya kriptoneopredelennost'. Zhurnal «Komp'yuterra», 2004, ¹46. [Elektronnyy resurs]. – Rezhim dostupa: http://old.computerra.ru/206396/ svobodnyy. Yaz. russ. (data obrashcheniya 20.01.2016).
Nam S.Y., Djuraev S., Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks. Computer Networks: The International Journal of Computer and Telecommunications Networking, 2013. 57(18): pp. 3866–3884.
Pramanik S., Security Architecture Approaches. The Journal of Defense Software Engineering, 2013. 26(6): pp. 12-17.
Bürger J., Jürjens J., Wenzel S., Restoring security of evolving software models using graph transformation international. Journal on Software Tools for Technology Transfer, 2015, 17(3): pp. 267-289.
Correct link to this article:
just copy this link to clipboard