Simulation Modeling of a Post-Biometric Method of Authentication on the Basis of User's Data
暂无分享,去创建一个
Authentication data, such as password, key word, passport number, etc., authentication material, such as biometric fingerprint, faces, etc., authentication objects, such as phone, passport, token, etc., can be spotted, forged and transferred to the malefactor. The existing systems of multifactorial authentication are "finite-factor" systems, i.e. the quantity of factors used in authentication system and listed above is finite and in advance known. These vulnerabilities are used by hackers who constructed multichannel viruses with the help of which the computer and the smart phone of the victim are far away and hiddenly controlled at the same time. Controlling the smart phone of the victim, the hacker can hiddenly read SMS passwords or sometimes push-notifications. Thus, the four existing groups of authentication factors, such as cognitive, based on knowledge of the subject, biometric, based on physiology and behavior of the subject, the factors based on location of the subject and factors of possession of information or token have the following vulnerabilities: (1) the secret is separable from the user, and is on the client side, (2) it is possible to repeat the password, (3) it is possible to forge biometrics, (4) the location can be arranged on conspiracy. In the paper the new method of carrying out user authentication deprived of these vulnerabilities by means of the random questions created on the basis of the data which are available about the user is offered. The decision on success of the procedure of user authentication (polyfactor authentication) is being made on the base of results of his answers. The main problem of the offered method of authentication will be in finding optimum parameters of the authentication system implementing the offered algorithm and the algorithm implementing creation of questions. The purpose of research is to find such parameters.