Resumen

En 2008, Fujii et al. propusieron un sistema de autenticación utilizando un identificador de llamadas y dos métodos de autenticación, conocidos como Telelogin. En 2013, Fujii y Tsuruoka propusieron un método de autenticación de tres factores para solucionar los inconvenientes de seguridad en su trabajo anterior. Sin embargo, encontramos áreas de oportunidad para mejorar la seguridad utilizando autenticación basada en imágenes como contraseña biometría de huellas dactilares y posesión de un teléfono inteligente que combinados con algoritmos criptográficos incrementan la seguridad en todo el proceso. El resultado es una versión segura de los mecanismos de autenticación multifactor mediante telefonía.

Palabras Claves: autenticación multifactor, contraseña única, huella dactilar, utilizar un dispositivo personal.

Abstract

In 2008, Fujii et al. proposed an authentication system using a caller ID and two-authentication methods, known as Telelogin. In 2013, Fujii and Tsuruoka proposed a three-factor authentication method to remedy security drawbacks in their previous work. However, we found opportunities areas to enhance the security using image-based authentication as password, fingerprint biometric-based, and possession of a smartphone combining with cryptographic algorithms improve the security of the entire process. The result is a secure version of multifactor authentication mechanisms using telephony.

Keywords: bring your own device, fingerprint, multi-factor authentication, one-time password.

Allan, D. Microsoft’s sharper speech recognition tech should supercharge Cortana, Future Publishing Limited Quay House, 2017.

Ayala-Vaca, R. Autenticación Multi-factor para reducir los riesgos de seguridad, Tecnotrend, vol. 5, p. 54, 2018.

CONDUSEF, Spoofing, Proteja su dinero, no. 220, pp. 22-24, 2018.

CSID, Consumer Survey: Password Habits. A study of password habits among American consumers, 2012.

De Saint-Exupéry, A. El Principito, México: Diana, 1956.

Dhamija, R. y Perrig, A. Deja Vu: A User Study Using Images for Authentication, USENIX Security Symposium, 2000.

Dong-Ju, K., Kwang-Woo, C., Kwang-Seok, H. Person authentication using face, teeth and voice modalities for mobile device security. IEEE Transactions on Consumer Electronics, vol. 56, no. 4, pp. 2678-2685, 2010.

Fujii, H., Shigematsu, N., Kurokawa, H., and Nakagawa, T. Telelogin: a two-factor two-path authentication technique using caller ID. NTT Techincal Review, vol. 6, no. 8, 2008.

Fujii H., Tsuruoka Y. Three-Factor User Authentication Method Using Biometrics Challenge Response. Financial Cryptography and Data Security, vol. 7859, 2013.

Guccione, D. What the Most Common Passwords of 2016 List Reveals, 2017.

Kinnunen, T., Zhizheng, W., Kong, A.L., Filip, S., Eng, S.C., Haizhou, L. Vulnerability of Speaker Verification Systems Against Voice Conversion Spoofing Attacks: the Case of Telephone Speech. IEEE International Conference on Acoustics, Speech and Signal Processing, 2012. Martinez-Pelaez, R., Pomykała, J., Rico-Novella, F., Satizabal, C. Using fingerprint biometric-based identification on tables of poker and blackjack to enhance the security in casinos. Metody biometryczne i kryptograficzne w zintegrowanych systemach bezpieczeństwa, 2011.

OI, T. ssdeep - fuzzy hashing program, SSDEEP Project, 2017.

Ortega García, F. Diseño de un mecanismo para firmado múltiple de documentos digitales., Leon: Universidad De La Salle Bajio, 2018.

Pastorino, C. Estadísticas y reglas para predecir contraseñas: ¿es obsoleta la fuerza bruta?, 2017.

Piotrowski, Z., Gajewski, P. Voice spoofing as an impersonation attack and the way of protection. Journal of Information Assurance and Security, vol. 2, pp. 223-225, 2007. Rhodes, M. Information Security The Complete Reference, McGraw-Hill, 2013.

Schneier, B. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth). Jhon Wiley & Sons, Inc. 1996.

Sosa-Valles, P., Villalobos-Serrano, J. G., Velarde-Alvarado, P., García, V., Parra-Michel, J. R., Mena, L., y Martínez-Peláez, R. My Personal Images as My Graphical Contraseña, IEEE Latin America Transactions, vol. 16, no. 5, pp. 1516-1523, 2018.

Velásquez, I. Caro, A., Rodríguez, A. Authentication schemes and methods: A systematic literature review. Information and Software Technology, vol. 94, pp. 30-37, 2018.

Zahid, H., Khan, U. Comparative Study of Authentication Techniques. International Journal of Video & Image Processing and Network Security, vol. 10. no. 4, pp. 9-13, 2010.