Journal of Applied Informatics

Editorial Board

Journal archive

For authors

For advertisers

Useful links

Contacts

Authors

< Back to the list of authors

Styugin M.

Degree	PhD in Technique, Reshetnev Siberian State University of Science and Technology
E-mail	styugin@gmail.com
Location	Krasnoyarsk
Articles	Password authentication with implementation of dynamic keys Authentication still remains one of the major problems in information security. There is a large number of solutions aimed at providing security of authentication. Some of the solutions are intended to ensure that authentication data are impossible to be compromised by accessing the transfer channel for authentication data (class A attacks). Other types of security methods protect authentication data in their storage (class B attacks). Authentication by username and password is currently the most widely used authentication method. Passwords are stored on a server with implementation of one-way hash functions. Password hash can be cracked by brute force enumeration, which allows successful class B attacks. The paper presents a password identification method, which does not involve storing passwords in one centralized place. Passwords are split in many parts that are stored on separate computers on the Internet. Assuming that one or several computers of such network are compromised it will not result in disclosure of any useful authentication data. Hence, remote nodes may be untrusted and all internet users can become participants of the data exchange. The solution presented in this paper provides a multiple increase of user password security against class B attacks even should an adversary succeed in cracking the server and a part of the network nodes. DKAuth is the practical implementation of the presented technology. The above solutions were tested as an authentication service. The data obtained evidence that the DKAuth Protocol can be used even in applications with high operation loads. Read more... Implementation of the protection against research technology to raise the security level of computer information systems Complexity of computer information systems at present does not allow an overall verification to ensure absence errors and vulnerabilities at the development stage. Consequently, the more complex is the system, the more it is subjected to the information security risks. Recently there have been several approaches to solving the security problem for complex information systems. The paper presents a generalized algorithm for development of systems secure from research. The algorithm includes methods for blurring system parameters and methods based on the moving target technology. Both above methods are versatile and can be implemented for typical solutions as well as for unique algorithms applicable to hardware-software solutions. The algorithm includes detection of critical components which when compromised may be a security threat. The search for sources of randomness and parameters, which can be used for building a blurring process or a self-complication process for a computer information system. A system’s protection from research prevents attackers from gathering information sufficient for exploiting vulnerabilities, while the system’s vulnerabilities are not eliminated. A method for quantitative evaluation of changes in the security level of information systems is presented. The method is based on changing the set of potential attacks after implementation of the methods for protection against research. Analysis of the results achieved by implementation of the DKAuth password authentication technology and the BSRouter network security software and hardware complex showed the decreased potential for successful attacks by 25% and 12.26% accordingly. Read more... Program code signature analysis technology to protect against exploitation of vulnerabilities The problem of exploitation of program code vulnerabilities is one of the most relevant for ensuring information systems security. This problem is frequently related to developer errors, to the lack of validation of input data and to subroutines. Recently, many different solutions for this problem have been proposed. However, their low efficiency is due to the inability to automatically separate a piece of code that is useful (from the point of view of the system’s function) from a code or range of values that are useless in terms of user value as well as those that are vulnerable. A method for analyzing a program execution based on signatures is proposed in this work. Thus, the input data generate a certain algorithm signature. Anomalies at the signature level indicate possible exploitation of vulnerabilities. Therefore, we can launch anomalous activity in a sandbox or correct the program code based on anomalous activity automatically. The implementation of the proposed technology uses a web server as an example and exhibits a high efficiency for detecting any remote attacks on the program code. Shortcomings include a high percentage of false positives. This percentage can be lowered by taking into account additional analysis of input values, which may be a future development direction of this study. Read more... Evaluation of security level improvement after implementation of system reconnaissance protection techniques The growing complexity of information systems raises popularity of techniques and methods of information security that are aimed at overcoming information asymmetry between an attacker and defense. Methods for protecting information systems from reconnaissance by an external intruder are among the areas in which such solutions are developed. Reconnaissance protection can be based on misinformation techniques or continuous modification of the system. Thus, information about the key parameters obtained by an adversary becomes obsolete either in the next instant of time or when applied to another software copy. Evaluation methods to be applied to the results of implementing the protection tools in terms of evaluating enhancement of the system’s security level in general are a matter of difficulty. The present paper presents a formalized procedure for evaluation of Reconnaissance Protection Techniques (RPT) based on mathematical models of Cyber Epidemic Dynamics. Additional terms and definitions, such as «network cohesion components», «border nodes», and «radially independent networks» were introduced into the model. It enabled calculating the relative level of the system’s security from being compromised based on the security parameters of the system’s border elements and graph connectivity components. The presented model enables defining the overall system security level with consideration to graph topology and pre-calculated security parameters of elements and subsystems. Consequently, we created a formalized evaluation method, which enables deriving relative security indices at the stage of designing architecture of information systems. Read more...