TO THE ISSUE OF SECURE MULTIFACTOR AUTHENTICATION IN WEB APPLICATIONS

Authors

DOI:

https://doi.org/10.18372/2410-7840.25.17675

Keywords:

multifactor authentication, security, WEB application, system model, hash function, message encryption algorithm

Abstract

The main segments of the smart city infrastructure using authentication in the security vector of Industry 4.0 technologies are considered. Approaches to secure authentication, in particular in WEB applications, are analyzed. A comparison of authentication methods in WEB applications by requirements and level of data security is made. Authentication threats, mechanisms and technologies of protection are analyzed and, on this basis, a system model of secure multifactor authentication in a WEB application based on the concept of "object – threat – protection" according to the structure "WEB page – WEB server – database" is created. An algorithmic and software implementation of a secure multi-factor authentication system in a WEB application based on the use of the SHA-1 cryptographic hash function and the AES symmetric message encryption algorithm using the JavaScript programming language is developed. The practical implementation of a step-by-step algorithm for multifactor authentication in WEB applications by factors such as login and password, fingerprint, and smartphone is presented.

References

Yurchak Oleksandr. "Ukrayins'ka stratehiya Industriyi 4.0 – 7 napryamiv rozvytku" [Електронний ресурс] Режим доступу: https://industry4-0-ukraine.com.ua/2019/01 02/ukrainska-strategiya-industrii-4-0-7-napriamkiv-rozvutku.

Стратегія кібербезпеки України. [Електронний ресурс]. Режим доступу: https: // zakon.rada.gov.ua/ laws/show/447/2021#n12.

Програма EU4Digital: Кібербезпека – Схід. [Електронний ресурс]. Режим доступу: https://eufor-digital.eu/uk /discover-eu/eu4digital-improving-cyber-resilience-in-the-eastern-partnership-countries/.

Дудикевич В.Б. Системна модель інформаційної безпеки “розумного міста” / В.Б. Дудикевич, Г.В. Микитин, М.О. Галунець // Системи обробки інформації. 2020. Випуск 2(161). С. 93-98.

Дудикевич В.Б. Елементи безпеки “розумного дому” / В.Б. Дудикевич, Г.В. Микитин, Д.В. Васильєв // Сучасна спеціальна техніка. 2020. № 4. С. 35-47.

Yuriy Bobalo, Valeriy Dudykevych, Galyna Mykytyn, Taras Stosyk Paradigm of Safe Intelligent Ecological Monitoring of Environmental Parameters.CEUR Workshop Proceedings, 2021, pp. 244-249 (Procee-dings of the 3rd International Conference on Information Security and Information Technologies (ISec-IT 2021) co-located with 1st International Forum "Digital Reality" (DRForum 2021), Odesa, Ukraine, September 13-19, 2021 (рр. 244-249) // http://ceur-ws.org/Vol-3200/; [Електронний ресурс] Режим доступу: http: / / ceur-ws.org / Vol-3200 / paper35. pdf].

Дудикевич В.Б. Захищений обмін інформацією в безпровідних мережах центру інформаційного забезпечення / В.Б. Дудикевич, Г.В. Микитин, М.В. Ленник // Сучасна спеціальна техніка. 2021. № 2. С. 7-19.

Kovalan K., Omar S. Z., Tang L., Bolong J., Abdullah R., Ahmad G., Akmar H., Pitchan M. A. A Systematic Literature Review of the Types of Authentication Safety Practices among Internet Users. The Scientific Annals of Computer Science, 2021, vol 31 (1), pp. 23-29.

Mathew G., Thomas S., PG Scholar. A novel multi-factor authentication system ensuring usability and security, The Journal arXiv of Computer Science, 2021.

AlJanah, S., Zhang, N., & Tay, S. W. A Multifactor Multilevel and Interaction Based (M2I) Authen-ticationFramework for Internet of Things (IoT) App-lications. IEEE Access, 2022, vol 10, pp. 47965-47996.

Ahmed S., Mahmood Q. An authentication based scheme for applications using JSON web token. International Conference on Computer and Informa-tion Sciences (ICCIS), 2021, pp. 1-6.

Drakonakis K., Ioannidis S., Polakis J. The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws. ACM SIG-SAC Conference on Computer and Communications Security (CCS '20), 2020, pp. 1953-1970.

Ben Fredj, Cheikhrouhou O., Krichen M., Hamam H., Derhab A. An OWASP Top Ten Driven Survey on Web Application Protection Methods. Interna-tional Conference on Cyber Security and Protection of Digital Services (CRiSIS), 2021, pp. 189-201.

Erdodi L., Zennaro F. M. The Agent Web Model: modeling web hacking for reinforcement learning. International Journal of Information Security volume, 2022, vol 21, pp. 293-309.

Downloads

Published

2023-08-01

Issue

Vol. 25 No. 2 (2023): Ukrainian Information Security Research Journal

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).