International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Access Management Using Knowledge Based Multi Factor Authentication In Information Security

  • Iftikhar, Umar (Computer and Information Systems Engineering Department NED University of Engineering and Technology) ;
  • Asrar, Kashif (Computer and Information Systems Engineering Department NED University of Engineering and Technology) ;
  • Waqas, Maria (Computer and Information Systems Engineering Department NED University of Engineering and Technology) ;
  • Ali, Syed Abbas (Computer and Information Systems Engineering Department NED University of Engineering and Technology)
  • Received : 2021.07.05
  • Published : 2021.07.30
Download PDF
⟨ Previous Next ⟩

Abstract

Today, both sides of modern culture are decisively invaded by digitalization. Authentication is considered to be one of the main components in keeping this process secure. Cyber criminals are working hard in penetrating through the existing network channels to encounter malicious attacks. When it comes to enterprises, the company's information is a major asset. Question here arises is how to protect the vital information. This takes into account various aspects of a society often termed as hyper connected society including online communication, purchases, regulation of access rights and many more. In this research paper, we will discuss about the concepts of MFA and KBA, i.e., Multi-Factor Authentication and Knowledge Based Authentication. The purpose of MFA and KBA its utilization for human.to.everything..interactions, offering easy to be used and secured validation mechanism while having access to the service. In the research, we will also explore the existing yet evolving factor providers (sensors) used for authenticating a user. This is an important tool to protect data from malicious insiders and outsiders. Access Management main goal is to provide authorized users the right to use a service also preventing access to illegal users. Multiple techniques can be implemented to ensure access management. In this paper, we will discuss various techniques to ensure access management suitable for enterprises, primarily focusing/restricting our discussion to multifactor authentication. We will also highlight the role of knowledge-based authentication in multi factor authentication and how it can make enterprises data more secure from Cyber Attack. Lastly, we will also discuss about the future of MFA and KBA.

Keywords

References

  1. VNI Ciso Global Mobile Data Traffic Forecast 2016-2021. White Paper, 2017.
  2. Lamport, L. Password authentication with insecure communication. Commun. ACM 1981, 24, 770-772. https://doi.org/10.1145/358790.358797
  3. Benarous, L.; Kadri, B.; Bouridane, A. A Survey on Cyber Security Evolution and Threats: Biometric Authentication Solutions. In Biometric Security and Privacy; Springer: Berlin, Germany, 2017; pp. 371-411.
  4. Boyd, C.; Mathuria, A. Protocols for Authentication and Key Establishment; Springer: Berlin, Germany, 2013.
  5. Mohsin, J.; Han, L.; Hammoudeh, M.; Hegarty, R. Two Factor vs. Multi-factor, an Authentication Battle in Mobile Cloud Computing Environments. In Proceedings of the International Conference on Future Networks and Distributed Systems, Cambridge, UK, 19-20 July 2017; ACM: New York, NY, USA, 2017; p. 39.
  6. Konoth, R.K.; van der Veen, V.; Bos, H. How anywhere computing just killed your phone-based two-factorauthentication. In Proceedings of the International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 22-26 February 2016; Springer: Berlin, Germany, 2016; pp. 405-421.
  7. Kim, J.J.; Hong, S.P. A method of risk assessment for multi-factor authentication. J. Inf. Process. Syst. 2011, 7, 187-198. https://doi.org/10.3745/JIPS.2011.7.1.187
  8. Dasgupta, D.; Roy, A.; Nag, A. Toward the design of adaptive selection strategies for multi-factor authentication. Comput. Secur. 2016, 63, 85-116. https://doi.org/10.1016/j.cose.2016.09.004
  9. Grassi, P.A.; Fenton, J.L.; Newton, E.M.; Perlner, R.A.; Regenscheid, A.R.; Burr, W.E.; Richer, J.P.; Lefkovitz, N.B.; Danker, J.M.; Choong, Y.Y.; et al. NIST Special Publication 800-63B. Digital Identity Guidelines: Authentication and Lifecycle Management; Technical Report; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2017.
  10. Gunson, N.; Marshall, D.; Morton, H.; Jack, M. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 2011, 30, 208-220. https://doi.org/10.1016/j.cose.2010.12.001
  11. Schneier, B. Two-factor authentication: Too little, too late. Commun. ACM 2005, 48, 136.
  12. Petsas, T.; Tsirantonakis, G.; Athanasopoulos, E.; Ioannidis, S. Two-factor authentication: Is the world ready?: Quantifying 2FA adoption. In Proceedings of the 8th EuropeanWorkshop on System Security, Bordeaux, France, 21 April 2015; ACM: New York, NY, USA, 2015; p. 4.
  13. Wang, D.; He, D.; Wang, P.; Chu, C.H. Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans. Dependable Secur. Comput. 2015, 12, 428- 442. https://doi.org/10.1109/TDSC.2014.2355850
  14. Sun, J.; Zhang, R.; Zhang, J.; Zhang, Y. Touchin: Sightless two-factor authentication on multi-touch mobile devices. In Proceedings of the Conference on Communications and Network Security (CNS), San Francisco, CA, USA, 29-31 October 2014; pp. 436-444.
  15. Bruun, A.; Jensen, K.; Kristensen, D. Usability of Single- and Multi-factor Authentication Methods on Tabletops: A Comparative Study. In Proceedings of the International Conference on Human-Centred Software Engineering, Paderborn, Germany, 16-18 September 2014; Springer: Berlin, Germany, 2014; pp. 299-306.
  16. Harini, N.; Padmanabhan, T.R. 2CAuth: A new two factor authentication scheme using QR-code. Int. J. Eng. Technol. 2013, 5, 1087-1094.
  17. Scheidt, E.M.; Domangue, E. Multiple Factor-Based User Identification and Authentication. U.S. Patent 7,131,009, 31 October 2006.