Abstract:

Abstract The article considers basic methods of two-factor authentication system constructing on the basis of the use of cryptographic mechanisms to ensure the reliability, of formed authenticators, the risk of various methods of online attacks against a variety of two-factor authentication systems is estimated, as well as a system PassWindow is considered, which provides two-factor authentication on the unique ability of the matrix to transmit information in such a way that it is deciphered only to the imposition of the physical signs of the intended recipient pattern and barcode pattern obtained by digital network devices, resistance to the analysis is provided by a unique barcode card pattern generation as unique statistical images, a sequence of characters, or as more extended in an animated version. The object of the research is the process of improving the integrity and authenticity of data packets in banking transactions security protocols on the basis of two-factor authentication methods. The subject of the study is methods and algorithms of integrity control and authenticity of data packets in banking transaction security protocols on the basis of two-factor authentication methods. The aim of the paper is to increase the integrity and authenticity of data packets in banking transactions security protocols, a banking transaction, threat assessment on two-factor authentication methods. A comparative analysis of various systems with two-factor authentication PassWindow system in opposition to various Internet attack scenario is being carried out. An effective method for monitoring a practical twofactor authentication PassWindow system in its application to the banking system. References Evaluation of hypothetical attacks against PassWindow [Electronic resource] / S. O’Neil // PassWindow – 2009. – Access mode: h t t p : / / w w w . p a s s w i n d o w . c o m / evaluation_of_hypothetical_attacks_against_passwindow. 2. Двухфакторная Аутентификация [Электронный ресурс], Aladdin, 2014, Режим доступа: http://www.aladdin-rd.ru/ solutions/authentication. 3. Настройка двухфакторной аутентификации [Электронный ресурс], Citrix, 2012, Режим доступа: http://support.citrix.com/ proddocs/topic/web-interface-impington/nl/ru/wi-configure-twofactorauthentication-gransden.html?locale=ru. 4. Семь методов двухфакторной аутентификации [Электронный ресурс], ITC.ua, 2007, Режим доступа: http://www.infosecurityrussia.ru/news/29947. 5. Man In The Mobile Attacks Highlight Weaknesses In Out-Of-Band Authentication [Electronic resource] / E. Chickowski // Information week – 2010. – Access mode: http:// www.darkreading.com/risk/man-in-the-mobile-attacks-highlightweaknesses-in-out-of-band-authentication/d/d-id/1134495. 6. Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication [Electronic resource] / E. Barkan, E. Biham, N. Keller // ACM digital library. – 2008. – Access mode: http://dl.acm.org/citation.cfm?id=1356689. 7. $45k stolen in phone porting scam [Electronic resource] / Brett Winterford // ITnews – 2011. – Access mode: http://www.itnews.com.au/News/282310,45k-stolen-in-phone-portingscam. aspx/0. 8. Zeus Banking Trojan Hits Android Phones [Electronic resource] / M. J. Schwartz // Information week. – 2011. – Access mode: http://www.informationweek.com/mobile/zeus-banking-trojanhits-android-phones/d/d-id/1098909. 9. Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth [Electronic resource] / [C. Zeitz, T. Scheidat, J. Dittmann; at all.] // Proceedings of SPIE. – 2008. – Access mode: http://spie.org/Publications/Proceedings/Paper/10.1117/ 12.767632.

Keywords: