Software implementation of 2 FA Software implementation of two-factor authentication to ensure security when accessing an information system
DOI:
https://doi.org/10.26577/JMMCS-2019-1-620Keywords:
two-factor authentication, data security, one-time password (OTP) generation, security methods, mobile application, smartphoneAbstract
The article describes methods for applying two-factor authentication (2FA). An example of two-factor authentication using mobile devices as identifiers and the generation of a temporary password based on the hash function of encryption standards is considered. For an automated control system, a two-factor authentication model and a sequential algorithm for generating a temporary password using mathematical functions have been developed. Mathematical function is selected from the array of functions. To protect the opening of a one-time password, a secret string is read, consisting of a sequence of characters that will be generated randomly.Implemented software implementation on the Node.js software platform using the JavaScript programming language, as well as frameworks and connected system libraries. A document-based database management system with open source MongoDB, using for storing and processing information. The analysis of the software implementation of the proposed algorithm.
References
[2] Wang, D., He, D., Wang, P., Chu, C.H.: Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans. Depend. Secur. Comput. (2014), http://dx.doi.org/10.1109/TDSC.2014.2355850.
[3] R. Amin, S. Islam, M. K. Khan, A. Karati, D. Giri, and S. Kumari, "A two-factor rsa-based robust authentication system for multiserver environments", Security and Communication Networks, vol. 2017, 2017.
[4] L. Han et al. "An efficient and secure two-factor authentication scheme using elliptic curve cryptosystems", Peer-to-Peer Networking and Application, vol. 11(12), pp. 1aA ¸S11, 2016.
[5] Q. Xie, D. S. Wong, G. Wang, X. Tan, K. Chen, and L. Fang, "Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model", IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1382aA ¸S1392, 2017.
[6] Data Breach Investigations Report 2018. [Electronic resource]. – 2018. – URL: https://www.verizonenterprise.com/ resources/ reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf (last accessed January 10, 2019 г.).
[7] Providing information security. [Electronic resource]. – 2018. – URL:https://searchinform.ru/ (lastaccessedJanuary 25, 2019 г.).
[8] Two-factor authentication. [Electronic resource]. – 2019. – URL:https://www.infobip.com/ru/glossariy/dvukhfaktornaya - autentifikatsiya(last accessed January 10, 2019 г.).
[9] iOS and Android already occupy 99.9% of the market for mobile operating systems. [Electronic resource]. – 2018. – URL: https://www.ixbt. com/news/2018/02/24/ios-android-99-9.html (last accessed January27, 2019 г.).
[10] MySQLandMongoDB - when and what is better to use. [Electronic resource]. – 2017. – URL: https://habr. com/ru/ post/ 322532/ (last accessed February 02, 2019 г.).
[11] S. Nyssanbayeva, O. Ussatova. "Two-factor authentication in the automated control system"//the III International scientific conference "Information Science and Applied Mathematics" - Almaty, 2018, volume No. 2, 448 -pp 239-242.
[12] National Institute of Standards and Technology (NIST).[Electronic resource]. – 2018. – URL: https://www.nist.gov/ (last accessed September 02, 2018).
[13] FIPS 140-2 standard and self-encryption technology. [Electronic resource]. – 2018. – URL: https://www.seagate.com/files/ www-content / solutions-content / security-and-encryption / id / docs / faq-fips-sed-lr- mb-605-2-1302-ru.pdf / (last accessed November 12, 2018).
[14] National Security Agency .[Electronic resource]. – 2018. – URL:https://www.cryptomuseum.com/intel/nsa/index.htm / (last accessed November 12, 2018).