multifactor authentication, security, WEB application, system model, hash function, message encryption algorithm


The main segments of the smart city infrastructure using authentication in the security vector of Industry 4.0 technologies are considered. Approaches to secure authentication, in particular in WEB applications, are analyzed. A comparison of authentication methods in WEB applications by requirements and level of data security is made. Authentication threats, mechanisms and technologies of protection are analyzed and, on this basis, a system model of secure multifactor authentication in a WEB application based on the concept of "object – threat – protection" according to the structure "WEB page – WEB server – database" is created. An algorithmic and software implementation of a secure multi-factor authentication system in a WEB application based on the use of the SHA-1 cryptographic hash function and the AES symmetric message encryption algorithm using the JavaScript programming language is developed. The practical implementation of a step-by-step algorithm for multifactor authentication in WEB applications by factors such as login and password, fingerprint, and smartphone is presented.


Yurchak Oleksandr. "Ukrayins'ka stratehiya Industriyi 4.0 – 7 napryamiv rozvytku" [Електронний ресурс] Режим доступу: 02/ukrainska-strategiya-industrii-4-0-7-napriamkiv-rozvutku.

Стратегія кібербезпеки України. [Електронний ресурс]. Режим доступу: https: // laws/show/447/2021#n12.

Програма EU4Digital: Кібербезпека – Схід. [Електронний ресурс]. Режим доступу: /discover-eu/eu4digital-improving-cyber-resilience-in-the-eastern-partnership-countries/.

Дудикевич В.Б. Системна модель інформаційної безпеки “розумного міста” / В.Б. Дудикевич, Г.В. Микитин, М.О. Галунець // Системи обробки інформації. 2020. Випуск 2(161). С. 93-98.

Дудикевич В.Б. Елементи безпеки “розумного дому” / В.Б. Дудикевич, Г.В. Микитин, Д.В. Васильєв // Сучасна спеціальна техніка. 2020. № 4. С. 35-47.

Yuriy Bobalo, Valeriy Dudykevych, Galyna Mykytyn, Taras Stosyk Paradigm of Safe Intelligent Ecological Monitoring of Environmental Parameters.CEUR Workshop Proceedings, 2021, pp. 244-249 (Procee-dings of the 3rd International Conference on Information Security and Information Technologies (ISec-IT 2021) co-located with 1st International Forum "Digital Reality" (DRForum 2021), Odesa, Ukraine, September 13-19, 2021 (рр. 244-249) //; [Електронний ресурс] Режим доступу: http: / / / Vol-3200 / paper35. pdf].

Дудикевич В.Б. Захищений обмін інформацією в безпровідних мережах центру інформаційного забезпечення / В.Б. Дудикевич, Г.В. Микитин, М.В. Ленник // Сучасна спеціальна техніка. 2021. № 2. С. 7-19.

Kovalan K., Omar S. Z., Tang L., Bolong J., Abdullah R., Ahmad G., Akmar H., Pitchan M. A. A Systematic Literature Review of the Types of Authentication Safety Practices among Internet Users. The Scientific Annals of Computer Science, 2021, vol 31 (1), pp. 23-29.

Mathew G., Thomas S., PG Scholar. A novel multi-factor authentication system ensuring usability and security, The Journal arXiv of Computer Science, 2021.

AlJanah, S., Zhang, N., & Tay, S. W. A Multifactor Multilevel and Interaction Based (M2I) Authen-ticationFramework for Internet of Things (IoT) App-lications. IEEE Access, 2022, vol 10, pp. 47965-47996.

Ahmed S., Mahmood Q. An authentication based scheme for applications using JSON web token. International Conference on Computer and Informa-tion Sciences (ICCIS), 2021, pp. 1-6.

Drakonakis K., Ioannidis S., Polakis J. The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws. ACM SIG-SAC Conference on Computer and Communications Security (CCS '20), 2020, pp. 1953-1970.

Ben Fredj, Cheikhrouhou O., Krichen M., Hamam H., Derhab A. An OWASP Top Ten Driven Survey on Web Application Protection Methods. Interna-tional Conference on Cyber Security and Protection of Digital Services (CRiSIS), 2021, pp. 189-201.

Erdodi L., Zennaro F. M. The Agent Web Model: modeling web hacking for reinforcement learning. International Journal of Information Security volume, 2022, vol 21, pp. 293-309.