Abstract [eng] |
The infrastructure systems of a high-importance (critical ones) encompass the most important areas and services that ensure the proper functions of a society. These critical systems are at risk of becoming targets of cyber-crimes and attacks because they are essential both at the level of state and society. One of the most prominent threats, posed to the security of these systems, is weak remote access control – the management of user identity. This work proposes and analyses a multi-factor authentication method intended to protect remote access to critical infrastructure system – management dashboard of Kubernetes system. The method is based on the synergy of push notification technology, digital certificates, and authorization of authentication requests that aim to satisfy security requirements established for the process of authentication within critical infrastructure systems and to ensure secure verification of user identity. The authentication method is implemented in the prototype of a single-sign-on system. Research of qualitative and quantitative characteristics of the method as well comparative analysis of those results with methods, introduced in other papers and related with the process of subject's authorization, are presented in this work. The experimental analysis of the method and its supporting single-sign-on system is based on the static analysis of system components; analysis of the method usability, deployment, and security qualitative characteristics; static and dynamic analysis of WEB servers’ configuration; penetration and performance testing of the API endpoints; measurement of method configuration and authentication processes completion time. Approbation of the work results: 1. Jurgilas, Konstantinas. Subjekto 2FA skaitmeninio autentifikavimo prie kritinės infrastruktūros informacinės sistemos struktūrizuotas vertinimas // Proceedings of the Conference "Lithuanian MSc Research in Informatics and ICT". Vilnius: Vilnius University Press. ISBN 978-609-07- 0623-7. 2021, p. 23-33. DOI: https://doi.org/10.15388/LMITT.2021. |