Indicator framework for evaluating the performance of multi-factor authentication procedures in Web applications

The relevance of the study is due to the increasing use of multi-factor authentication mechanisms in Web applications, the popularization of Web technologies as well as the lack of specific standards in the Russian Federation describing the operation of multi-factor authentication procedures and establishing requirements for Web applications that use these procedures. The purpose of the research is to develop an indicator framework for assessing the performance of multi-factor authentication procedure information security in Web applications based on the previously developed classification of the procedures under consideration. An analysis of scientific publications on the issue under study was carried out; linguistic scales for indicators were proposed: costs, reliability, safety, efficiency as well as factors affecting the indicators. Acceptable indicator values were identified, which will be clarified using the method of expert assessments in subsequent publications on this issue. As part of the study, methods for calculating the values of cost, reliability, safety, and efficiency indicators were proposed. The findings of the study can later be specified in compliance with the list of the objectives aimed at ensuring the information security of multi-factor authentication procedures. The materials of the research are of theoretical value for further research in this field.

1. Biryukov A. Comparison of two-factor authentication systems. Sistemnyi Administrator. 2011;102(5):60–65. (In Russ.).

2. Antipov A. The importance of multi-factor authentication. URL: https://www.securitylab.ru/analytics/425166.php [accessed on 12.05.2023]. (In Russ.).

3. Gorbenko Yu.I., Oleshko I.V. Models and methods for assessing the security of multi-factor authentication mechanisms. Vostochno-Evropeiskii zhurnal peredovykh tekhnologii = Eastern-European Journal of Enterprise Technologies. 2013;6(2):4–10. (accessed on 12.05.2023) (In Russ.).

4. Bogdanov D.S., Klyuev S.G. Сlassification and comparative analysis of technologies of multifactor authentication in Web applications. Modeling, Optimization and Information Technology. 2020;8(1). URL: https://moit.vivt.ru/wpcontent/uploads/2020/02/BogdanovKluev_1_20_1.pdf. DOI: 10.26102/2310-6018/2020.28.1.033 (In Russ).

5. Sukharevskaya E.V. Research of authentication systems. Mezhdunarodnyi studencheskii nauchnyi vestnik. 2018;1(1):71. (In Russ.).

6. Malkov A. Evaluation of the effectiveness and security of authentication mechanisms. URL: https://habr.com/ru/post/179179 [accessed on 10.04.2023]. (In Russ.).

7. Makukha M.Yu., Klyuev S.G. Analysis and criteria for the effectiveness of modern methods and methods for detecting encapsulated TCP/IP traffic packets. Sovremennaya nauka: Aktual'nye problemy teorii i praktiki. Seriya: Estestvennye i tekhnicheskie nauki = Modern Science: actual problems of theory and practice. Series “Natural & Technical Sciences”. 2020;6:110–115. (In Russ.).

8. Goryun K.N., Klyuev S.G. Features of information security audit and monitoring in distributed information systems. Sovremennaya nauka: Aktual'nye problemy teorii i praktiki. Seriya: Estestvennye i tekhnicheskie nauki = Modern Science: actual problems of theory and practice. Series “Natural & Technical Sciences”. 2020;7:58–61. (In Russ.).

9. Threat Data Bank – typical vulnerabilities of Web applications. FSTEK: 2023. URL: https://bdu.fstec.ru/webvulns [accessed on 20.06.2023]. (In Russ.).

10. Methodology for assessing information security threats. FSTEC: 2021. URL: http://www.garant.ru/products/ipo/prime/doc/400325044 [accessed on 20.06.2023]. (In Russ.).