ArticleOriginal scientific text

Title

Modeling of the User’s Identification Security System of on the 2FA Base

Authors 1, 2, 3

Affiliations

  1. Al-Farabi Kazakh National University, Almaty, Kazakhstan and Institute of Information and Computational Technologies, Almaty, Kazakhstan
  2. Institute of Information and Computational Technologies, Almaty, Kazakhstan
  3. Lublin University of Technology, Nadbystrzycka 38a, 20-618 Lublin

Abstract

The article describes methods of user identification using authentication based on the second factor. Known algorithms and protocols for two-factor authentication are considered. An algorithm is proposed using mobile devices as identifiers and generating a temporary password based on the hash function of encryption standards. For an automated control system, a two-factor authentication model and a sequential algorithm for generating a temporary password using functions have been developed. The implementation of the system is based on the Node.js software platform using the JavaScript programming language, as well as frameworks and connected system libraries. MongoDB, an open source database management system for information storage and processing was used.

Keywords

two-factor authentication, data security, user identification, password generator

Bibliography

  1. [1] D. R. Yuryev and O. S. Rogova, “Comparative analysis of two-factor authentication”, Proc. of Int. Conference Technical sciences - from theory to practice to mater SibAK2017, Novosibirsk, 2017, pp.46–51.
  2. [2] Transfer of Customer Details OAuth, (2019, May) [Online], Available: https://www.ibm.com/developerworks/ru/library/seoauthjavapt2/index.html
  3. [3] HMAC: Keyed-Hashing for Message Authentication, (2019, May) [Online], Available: https://tools.ietf.org/ html/rfc2104
  4. [4] N. Moretto. (2019, Aug). Two-factor authentication with TOTP, Available: https://medium.com/@n.moretto/two-factor-authentication-with-totp-ccc5f828b6df
  5. [5] O. Ussatova, S. Nyssanbayeva and W. Wójcik, “Development of an authentication model based on the second factor in an automated control system,” KBTU News, vol. 16, pp. 115–118, 2019.
  6. [6] S. Nysanbayeva, W. Wojcik and O. Ussatova, “Algorithm for generating temporary password based on the two-factor authentication model,” Przegląd Elektrotechniczny 5(R95), pp. 101–106, 2019.
  7. [7] Two-factor authentication, (2019, Aug) [Online]. Available: https://www.infobip.com/ru/glossariy/dvukhfaktornaya-autentifikatsiya (last accessed September 07, 2019 y.).
  8. [8] FIPS 140-2 standard and self-encryption technology. (2018, Sep) [Online]. Available: https://www.seagate.com/files/www.content/solutions-content/security-and-encryption/id/docs/faq-fips-sed-lr-mb-605-2-1302-ru.pdf
  9. [9] National Security Agency. (2018, Jun). [Online]. Available: https://www.cryptomuseum.com/intel/nsa/index.htm
  10. [10] O. Ussatova and S. Nyssanbayeva, “Generators of one-time two-factor authentication passwords,” Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Środowiska, no. 2(R71), pp. 60–64, 2019.
  11. [11] MongoDB Tutorial. (2019, Sep) [Online]. Available: https://www.tutorialspoint.com/mongodb/index.htm
  12. [12] O. Ussatova, S. Nyssanbayeva and W. Wójcik, “Two-factor authentication algorithm implementation with additional security parameter based on mobile application,”, Proc. on International Conference on Wireless Communication, Network and Multimedia Engineering (WCNME2019), Guilin, 2019, pp. 84–86.
  13. [13] O. Ussatova, S. Nyssanbayeva and W. Wójcik, “Software implementation of two-factor authentication to ensure security when accessing an information system,” News of KazNU im. al-Farabi, 136, pp. 87–95, March 2019.