Abstract
Two-factor authentication methods to date , are considered by experts as authenticators resistance amplification mechanisms, while ensuring the authenticity services in various fields of high technology, financial and insurance sectors of the market, large banking institutions and public sector enterprises. Thus, authenticators based on OTP passwords and various types of tokens are typically used in the ABS. The suggested synergistic threat assessment approach revealed that attackers use a comprehensive approach to the implementation of threats, based on a combination of social engineering techniques with traditional methods , of disguise and infiltration. New types of cyber-attacks are also used to effectively embed malware on mobile communication devices, which in turn leads to a decrease in the profitability of the two-factor authentication methods based on SMS messages and OTP passwords in ABS. The proposed safety mechanisms based on modified crypto code Niederreiter and Mc-Eliece systems allow to ensure reliability (based on the use of elliptical error-correcting codes) and safety (proposed cryptosystem are secret models of provable resistance) of data transmitted. Their usage in the multi-factor authentication protocol ensures the security of the physical separation of transmission of the parts of authenticator of banking transactions through mobile lines (using the Niederreiter MCCS) and ABS (using the McEliece MCCS). The proposed mathematical model and algorithms of practical implementation of the Niederreiter MCCS allow, based on the error vector symbol shortening, to reduce the energy capacity of the group operations, reduce the power of the Galois field to GF 2 6 –2 7 , providing the required cryptographic resistance.
Highlights
The development of Internet services in the banking sector in the process of development of electronic technology, functionality expansion of payment cards and remote banking channels (RB) put forward new requirements for providing basic security services during conducting banking transactions
Improvement of multi-factor authentication method based on modified crypto-code systems using modified algebraic codes is a promising direction in solving the problem of privacy and reliability when transferring the One-time password (OTP) password over open mobile channels
The aim is to analyze the main methods of multi-factor authentication used in automated banking systems, ABS hacking threats based on electronic banking; an improved method of two-factor authentication through SMS messages on the basis of the Niederreiter-McEliece modified crypto-code systems (MCCS), the development of algorithms for encryption/decryption in the MCCS proposed to eliminate the disadvantages of the 2FA protocol based on SMS messages
Summary
The development of Internet services in the banking sector in the process of development of electronic technology, functionality expansion of payment cards and remote banking channels (RB) put forward new requirements for providing basic security services (integrity, confidentiality, availability and authenticity) during conducting banking transactions. For authenticity in the financial sphere while creating Internet banking, mobile banking services, an electronic digital signature, based on a multifactor or extended authentication is usually used. It is based on a composite authenticator, physically separated, which greatly increases the safety of information using, at least from the side of users who connect to information systems via secure and non-secure communication channels. Among the multi-factor authentication methods, the method based on SMS authentication became widespread Their use carries significant security risks and requires the use of other, safer methods such as the use of one-time password generators (TOTP – Time-based One-time Password Algorithm) with additional cryptographic protection
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Eastern-European Journal of Enterprise Technologies
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.