International Journal of Open Information Technologies

Authentication data, such as password, key word, passport number, etc., authentication material, such as biometric fingerprint, faces, etc., authentication objects, such as phone, passport, token, etc., can be spotted, forged and transferred to the malefactor. The existing systems of multifactorial authentication are "finite-factor" systems, i.e. the quantity of factors used in authentication system and listed above is finite and in advance known. These vulnerabilities are used by hackers who constructed multichannel viruses with the help of which the computer and the smart phone of the victim are far away and hiddenly controlled at the same time. Controlling the smart phone of the victim, the hacker can hiddenly read SMS passwords or sometimes push-notifications. Thus, the four existing groups of authentication factors, such as cognitive, based on knowledge of the subject, biometric, based on physiology and behavior of the subject, the factors based on location of the subject and factors of possession of information or token have the following vulnerabilities:

(1) the secret is separable from the user, and is on the client side,

(2) it is possible to repeat the password,

(3) it is possible to forge biometrics,

(4) the location can be arranged on conspiracy.

In the paper the new method of carrying out user authentication deprived of these vulnerabilities by means of the random questions created on the basis of the data which are available about the user is offered. The decision on success of the procedure of user authentication (polyfactor authentication) is being made on the base of results of his answers. The main problem of the offered method of authentication will be in finding optimum parameters of the authentication system implementing the offered algorithm and the algorithm implementing creation of questions. The purpose of research is to find such parameters.

I. Berov, “EBS gains height”, BIS Journal, no. 4(31), 29 Dec. 2018, Available: https://journal.ib-bank.ru/post/776.

A.K. Nag, A. Roy, D. Dasgupta, “An adaptive approach towards the selection of multi-factor authentication,” IEEE symposium series on computational intelligence, 2015, pp. 463–472.

M. Azimpourkivi, U. Topkara, B. Carbunar, “A Secure Mobile Authentication Alternative to Biometrics,” in ACSAC 2017 Proc. of the 33rd Annual Computer Security Applications Conference, 2017, pp. 28-41, Available: https://arxiv.org/pdf/1712.02483.pdf.

N. Micallef, N. A. G. Arachchilage, “Changing users’ security behaviour towards security questions: A game based learning approach,” in Australasian Conference on Information Systems, 2017, pp. 1-6. Available: https://arxiv.org/ftp/arxiv/papers/1709/1709.08623.pdf.

U. Mahbub and R. Chellappa, "PATH: Person authentication using trace histories," in 2016 IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, 2016, pp. 1-8. Available: https://ieeexplore.ieee.org/document/7777911.

F. Yao, S. Y. Yerima, B. Kang and S. Sezer, "Fuzzy logic-based implicit authentication for mobile access control," in 2016 SAI Computing Conference (SAI), London, 2016, pp. 968-975. Available: https://ieeexplore.ieee.org/document/7556097.

Le Ngu Nguyen, Stephan Sigg, “Personalized Image-based User Authentication using Wearable Cameras,” Aalto University, 2016, pp.1-11. Available: https://arxiv.org/abs/1612.06209.

F. Otterbein, T. Ohlendorf, M. Margraf, “The German eID as an Authentication Token on Android Devices,” 2017, Available: https://arxiv.org/ftp/arxiv/papers/1701/1701.04013.pdf.

F. Yao, S. Y. Yerima, B. Kang and S. Sezer, "Event-Driven Implicit Authentication for Mobile Access Control," in 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, Cambridge, 2015, pp. 248-255, Available: https://ieeexplore.ieee.org/document/7373251.

M. Portnoi and C. Shen, "Loc-Auth: Location-enabled authentication through attribute-based encryption," in 2015 International Conference on Computing, Networking and Communications (ICNC), Garden Grove, CA, 2015, pp. 89-93, Available: https://ieeexplore.ieee.org/document/7069321

A. A. Grusho, N. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, “About complex authentication,” Systems and Means of Informatics, vol. 27, no. 3, pp. 3-10, 2017.

A. A. Grusho, N. A. Grusho, E. E. Timonina, “Content analysis in information flows,” AIP Conference Proceedingsvol. 1738, pp. 220002-1–220002-4, 2016.

A. A. Grusho, N. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, “Parametrization in Applied Problems of Search of

the Empirical Reasons,” Informatics and Applications, vol. 12, no. 3, pp. 62-66, 2018.

A. A. Grusho, E. E. Timonina, S. Y. Shorgin, “Modelling for ensuring information security of the distributed information systems,” in Proc. of 31th European Conference on Modelling and Simulation, 2017, pp. 656-660.

A. Grusho, E. Timonina, “Prohibitions in discrete probabilistic statistical problems,” Discrete Mathematics and Applications, vol. 21, no. 3, pp. 275-281, 2011.

A. A. Grusho, N. A. Grusho, E. E. Timonina, “Statistical Methods of Definition of Bans of Probability Measures on Discrete Spaces,” Informatics and Applications, vol. 7, no. 1, pp. 54-57, 2013.

A. A. Grusho, M. I. Zabezhailo, A. A. Zatsarinny, “Information flow monitoring and control in cloud computing environment,” Informatics and Applications, vol. 9, no. 4, pp. 95-101, 2015.