E.O. Karpukhin – Ph.D.(Eng.), Associate Professor, Department of Radio Systems and Control Complexes, Information Transmission and Information Security, Moscow Aviation Institute (National Research University)
R.R. Gnezdilov – Undergraduate, Moscow Aviation Institute (National Research University)
Comprehensive coverage of the life of human society information systems imposes new requirements for the protection of information containing confidential information, which one way or another most often circulate in these systems. As you know, information can be placed on carriers of various types, among which there can be media of multiple access realized by combining digital information processing devices into infocommunication systems. To protect such information, it is necessary to use an integrated information security system. Within the framework of this article, one of the elements of such a system is considered – the delimitation of access to the resources of information and communication systems through multifactor authentication.
As a rule, one, two, and three-factor authentication are common today, and identifiers are divided into categories: «identification by knowledge», «identification by ownership», and «identification by property».
The paper describes the process of multifactor authentication from the standpoint of the effectiveness of its use in some cases. It should be noted that the introduction of multifactor authentication, in terms of access restriction, has a higher efficiency than the introduction of single-factor identification. From a number of other points of view, for example, from the economic point of view, this implementation may not be expedient.
To assess the economic efficiency, it was proposed to introduce variable coefficients: the cost of introducing N-factor authentication and the cost of information and communication systems. As a result of testing the developed methodology on the basis of typical examples, it was found that the choice of specific authentication tools should be made on the basis of comparing the cost of implementing such tools and the cost of information communication systems, while the cost of a three-factor authentication system significantly exceeds the cost of two-factor and one-factor.
The next step was proposed a mechanism for technical evaluation of the effectiveness of multifactor authentication. When analyzing the effectiveness, such parameters were taken into account as the probability of selecting a password, the probability of successful application of social engineering methods, the probability of acquiring and duplicating an authentication information carrier, the probability of a second kind error, which is the percentage of erroneous tolerances to the system. According to the results of the analysis and calculations, it was found that the use of authentication by three factors is significantly safer than the use of one or two factors, but it is not always economically feasible.
With the help of this study, it was determined that the probability values of bypassing multifactor authentication have a mathematical dependence on the aggressiveness of the environment in which the information and communication system operates. In this case, the choice of specific means of providing authentication is proposed to be carried out on the basis of an assessment of the economic and technical effectiveness of an information and communication system. To minimize the probability of a user not being allowed into the infocommunication system and bypassing the authentication system, it is necessary to take into account all three (and more) authentication factors, which is of interest for further research in this area.
- Vakulenko A., Yukhin A. Biometricheskie metody identifikatsii lichnosti: obosnovannyi vybor i vnedrenie [Elektronnyi resurs]. 2006. URL = https://www.bytemag.ru/articles/detail.php?ID=9077 (data obrashcheniya: 25.06.2018). (In Russian).
- Rainbow Technologies. Tekhnologiya biometricheskoi autentifikatsii Precise BioMatch. ISUP. 2007. № 1. (In Russian).
- Raschet bezopasnosti informatsionnoi sistemy v sootvetstvii s trebovaniyami po veroyatnosti vzloma za vremya zhizni informatsii [Elektronnyi resurs]. URL = https://vunivere.ru/work21268/page7 (data obrashcheniya: 20.07.2018). (In Russian).
- Shelupanov A.A., Zaitsev A.P., Meshcheryakov R.V., Skryl S.V., Golubyatnikov I.V. Tekhnicheskie sredstva i metody zashchity informatsii. Pod red. A.P. Zaitseva i A.A. Shelupanova. M.: OOO «Izdatelstvo Mashinostroenie». 2009. 508 s. (In Russian).
- Boll R.M., Konnel Dzh.KH., Ratkha N.K., Senor E.U., Pankanti Sh. Rukovodstvo po biometrii. M.: Tekhnosfera. 2007. 368 s. (In Russian).
- Simonchik K.K., Belevitin D.O., Matveev Yu.N., Dyrmovskii D.V. Dostup k internet-bankingu na osnove bimodalnoi biometrii. Mir izmerenii. 2014. № 3. (In Russian).
- Skorodumov A. Mnogofaktornaya autentifikatsiya – luchshe menshe, da luchshe. Informatsionnaya bezopasnost. 2015. № 6. (In Russian).