Browse > Article
http://dx.doi.org/10.22937/IJCSNS.2021.21.7.15

Access Management Using Knowledge Based Multi Factor Authentication In Information Security  

Iftikhar, Umar (Computer and Information Systems Engineering Department NED University of Engineering and Technology)
Asrar, Kashif (Computer and Information Systems Engineering Department NED University of Engineering and Technology)
Waqas, Maria (Computer and Information Systems Engineering Department NED University of Engineering and Technology)
Ali, Syed Abbas (Computer and Information Systems Engineering Department NED University of Engineering and Technology)
Publication Information
International Journal of Computer Science & Network Security / v.21, no.7, 2021 , pp. 119-124 More about this Journal
Abstract
Today, both sides of modern culture are decisively invaded by digitalization. Authentication is considered to be one of the main components in keeping this process secure. Cyber criminals are working hard in penetrating through the existing network channels to encounter malicious attacks. When it comes to enterprises, the company's information is a major asset. Question here arises is how to protect the vital information. This takes into account various aspects of a society often termed as hyper connected society including online communication, purchases, regulation of access rights and many more. In this research paper, we will discuss about the concepts of MFA and KBA, i.e., Multi-Factor Authentication and Knowledge Based Authentication. The purpose of MFA and KBA its utilization for human.to.everything..interactions, offering easy to be used and secured validation mechanism while having access to the service. In the research, we will also explore the existing yet evolving factor providers (sensors) used for authenticating a user. This is an important tool to protect data from malicious insiders and outsiders. Access Management main goal is to provide authorized users the right to use a service also preventing access to illegal users. Multiple techniques can be implemented to ensure access management. In this paper, we will discuss various techniques to ensure access management suitable for enterprises, primarily focusing/restricting our discussion to multifactor authentication. We will also highlight the role of knowledge-based authentication in multi factor authentication and how it can make enterprises data more secure from Cyber Attack. Lastly, we will also discuss about the future of MFA and KBA.
Keywords
Cyber security; evolution; vision; SFA; 2FA; MFA; data breach; KBA;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Konoth, R.K.; van der Veen, V.; Bos, H. How anywhere computing just killed your phone-based two-factorauthentication. In Proceedings of the International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 22-26 February 2016; Springer: Berlin, Germany, 2016; pp. 405-421.
2 Boyd, C.; Mathuria, A. Protocols for Authentication and Key Establishment; Springer: Berlin, Germany, 2013.
3 Lamport, L. Password authentication with insecure communication. Commun. ACM 1981, 24, 770-772.   DOI
4 Mohsin, J.; Han, L.; Hammoudeh, M.; Hegarty, R. Two Factor vs. Multi-factor, an Authentication Battle in Mobile Cloud Computing Environments. In Proceedings of the International Conference on Future Networks and Distributed Systems, Cambridge, UK, 19-20 July 2017; ACM: New York, NY, USA, 2017; p. 39.
5 VNI Ciso Global Mobile Data Traffic Forecast 2016-2021. White Paper, 2017.
6 Kim, J.J.; Hong, S.P. A method of risk assessment for multi-factor authentication. J. Inf. Process. Syst. 2011, 7, 187-198.   DOI
7 Dasgupta, D.; Roy, A.; Nag, A. Toward the design of adaptive selection strategies for multi-factor authentication. Comput. Secur. 2016, 63, 85-116.   DOI
8 Schneier, B. Two-factor authentication: Too little, too late. Commun. ACM 2005, 48, 136.
9 Sun, J.; Zhang, R.; Zhang, J.; Zhang, Y. Touchin: Sightless two-factor authentication on multi-touch mobile devices. In Proceedings of the Conference on Communications and Network Security (CNS), San Francisco, CA, USA, 29-31 October 2014; pp. 436-444.
10 Scheidt, E.M.; Domangue, E. Multiple Factor-Based User Identification and Authentication. U.S. Patent 7,131,009, 31 October 2006.
11 Benarous, L.; Kadri, B.; Bouridane, A. A Survey on Cyber Security Evolution and Threats: Biometric Authentication Solutions. In Biometric Security and Privacy; Springer: Berlin, Germany, 2017; pp. 371-411.
12 Grassi, P.A.; Fenton, J.L.; Newton, E.M.; Perlner, R.A.; Regenscheid, A.R.; Burr, W.E.; Richer, J.P.; Lefkovitz, N.B.; Danker, J.M.; Choong, Y.Y.; et al. NIST Special Publication 800-63B. Digital Identity Guidelines: Authentication and Lifecycle Management; Technical Report; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2017.
13 Gunson, N.; Marshall, D.; Morton, H.; Jack, M. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 2011, 30, 208-220.   DOI
14 Bruun, A.; Jensen, K.; Kristensen, D. Usability of Single- and Multi-factor Authentication Methods on Tabletops: A Comparative Study. In Proceedings of the International Conference on Human-Centred Software Engineering, Paderborn, Germany, 16-18 September 2014; Springer: Berlin, Germany, 2014; pp. 299-306.
15 Petsas, T.; Tsirantonakis, G.; Athanasopoulos, E.; Ioannidis, S. Two-factor authentication: Is the world ready?: Quantifying 2FA adoption. In Proceedings of the 8th EuropeanWorkshop on System Security, Bordeaux, France, 21 April 2015; ACM: New York, NY, USA, 2015; p. 4.
16 Wang, D.; He, D.; Wang, P.; Chu, C.H. Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans. Dependable Secur. Comput. 2015, 12, 428- 442.   DOI
17 Harini, N.; Padmanabhan, T.R. 2CAuth: A new two factor authentication scheme using QR-code. Int. J. Eng. Technol. 2013, 5, 1087-1094.