Improvised multi-factor user authentication mechanism using defense in depth strategy with integration of passphrase and keystroke dynamics

Abstract

As the technology has emerged, the need for computer systems and computer networks has increased, and so has the requirement for authentication been escalated. Multi-Factor Authentication has been used since the past decade and still is the best type of authentication available to us today. The only disadvantage is the type of factors being used in the multi factor architecture and mechanism. If better and complex factors are not engaged in proper order or sequence in any multi-factor authentication, it can jeopardize the information systems and result in data, especially the digital identity of user, being compromised. On the note for improving authentication systems, the proposed work introduces a 3 factor authentication system with 3 levels of security. Each level being more secure than the last one, thus implementing a defense in depth strategy. Every level uses different factor for the purpose of authentication. The factors being used in the mechanism include a 4 digit passcode, passphrase, and keystroke dynamics. These factors are considered to be economical and easy to integrate in multi factor authentication. Further, the proposed work’s security strength has been evaluated with the help of Shannon’s entropy theory and is compared with other recent works on multi factor authentication. The proposed work is sought to provide a multi factor authentication mechanism which is economical and provides robust security in this emerging technological era.