Oleshko I. Models and methods for assessing security of multi-factor authentication mechanisms from unauthorized access

Українська версія

Thesis for the degree of Candidate of Sciences (CSc)

State registration number

0414U001821

Applicant for

Specialization

  • 05.13.21 - Системи захисту інформації

08-04-2014

Specialized Academic Board

К 64.052.05

Kharkiv National University Of Radio Electronics

Essay

The dissertation is devoted to development of mathematical models and methods for assessing information and resources security from unauthorized access using multi-factor authentication (MFA) mechanisms and comparative analysis of MFA mechanisms to minimize the probability of unauthorized access to information and resources. This paper describes mathematical models for assessing information and resources security from unauthorized access using MFA mechanisms based on the calculation of unauthorized access probabilities and uptime probabilities to estimate unauthorized access probabilities for multi-factor authentication schemes. Also it describes methods for assessing security from unauthorized access using MFA mechanisms based on attacks complete list determining against this factor, attacks classification, analysis of criteria and indicators compare and choose from such attacks, which can be implemented and would ensure the achievement of the maximum complexity values of cryptanalysis. These methods allow to estimate unauthorized access probabilities as using each factor separately and in a MFA schemes in general. Here we propose the iris entropy model based on the quantity of information contained in the iris, which allows to calculate the amount of iris biometric information and compare not only the biometric features among themselves but also with the PIN, password and other authentication means by using their entropy estimates. Also we improve ISO/IEC 9798-5 authentication method by changing transformations in the multiplicative group to the group of points of an elliptic curve to achive the exponential complexity for the "full disclosure" attack, as well as reduce key length while preserving the safety time.

Files

Similar theses