In the article, ISO/IEC 27001: 2013, an effective and user-friendly concept of reliable authentication for accessing a multi-server information critical system, which includes, in particular, a set of users, a set of servers and a dedicated server —a registration center for a system objects registration without the maintenance of verification tables, is proposed. Information exchange between the objects of the system is organized using secure sessions based on an secret keys with a matching mechanism based on one-way hash functions and cryptography of elliptic curves, which now provides the best correlation between encryption reliability and a size of a secret key among existing cryptosystems. Work with users is personalized using individual access cards, which are protected based on the provisions of the cryptographic theory of elliptical curves. Access cards, in addition to identification information and password, store biometric information about the features of the user's voice in the form of a information features vector. The application for authentication, which is installed on the user's computing device, is initiated by a two-step user recognition procedure (with an identification card) — according to the individual features of his voice and the entered password, which together with convenience ensures the reliability of the authentication process. The basic concept of introduction of the automated speaker recognition system in the authentication process for access to the critical system was proposed in the article, and according to the results of the tests it was concluded that it conforms to the requirements of the ISO/IEC 27001: 2013 standard. However, experience in the practical use of the authentication system for accessing information critical system found a number of vulnerabilities in the basic concept, for the purpose of eliminating them, an improved concept was created that also fully meets the requirements of ISO/IEC 27001: 2013. The article evaluates the computational efficiency of the proposed concepts on the basis of calculating the number of the most computationally complex operations — scalable multiplication Tm and calculating the hash function Th for authentication of objects as part of the information critical system (user, server, registration center and all these objects together). The final computational complexity of the basic concept was 4Tm + 15Th, and of the advanced one — 6Tm + 17Th, which in absolute terms is an average result in comparison with analogues. However, the use of cryptography of elliptical curves makes hashing operations about 6 times faster than hashing with the use of a public key, as in analogues.
Read full abstract