SIN '19- Proceedings of the 12th International Conference on Security of Information and Networks

Full Citation in the ACM Digital Library

Managing influence in complex systems to ensure safety of their operation

• Alexander Tselykh, Vladislav Vasilev, Larisa Tselykh
• This article proposes a new methodology for identifying influences to ensure the safety of a complex system operation. The process of identifying influences uses the Algorithm of Effective Controls for graph models presented in the form of a directed weighted signed graph with a causal relationship on the edges. A fuzzy cognitive map (FCM) is used as a graph model. The result of the influence identification process is a set of components of the influence vector and impact vector with the required level of productivity. The result can be validated.

Forecasting complex multi-component time series within systems designed to detect anomalies in dataflows of industrial automated systems

• A. N. Ragozin V. F. Telezhkin P. S. Podkorytov
• The need for detection, identification and prediction of anomalies emerged just a short time ago. This task brings multiple challenges that are mainly associated with recording and detection of novel attacks and influences. It draws attention of experts in network security and diagnostics of information and industrial systems. Detection of anomalies in dynamic dataflows largely determines the efficiency of management of computer network information security within information and industrial systems. At the same time, the technology of dynamic dataflow prediction is also very important for building systems intended to detect anomalies in data protection within industrial control systems. Any automated systems are based on available computer capabilities and advances in management theory, mathematical modeling and optimizations methods. Processes that occur in industrial automated systems and that are reflected in dataflows being observed constitute complex multi-component processes, thus making it more complicated to predict such processes. In this case, complex multi-component time series data should be predicted at different (short-term, medium-term and long-term) time scales. A neural network architecture matching the structure of the multi-component time series being predicted should be built for generating a multi-component prediction. It is proposed to decompose the complex multi-component time series into several basic components using the digital signal processing technology, i. e. to perform a preliminary structural analysis of multi-component time series within the observed range of all time series that reflect operation of the industrial control system. Separate predictions with different time horizon are formed for each basic component of the multi-component time series using the available neural network architecture and machine learning taking into account dynamic characteristics of the above components. Anomalies in the observed range of multiple time series that reflect operation of the industrial control system are detected (identified) through component-wise comparison of each component (resulted from the above preliminary digital processing) of any time series within the observed range of all time series, with each prediction of the relevant component of the above time series within the observed range of all time series. This approach that implies component-wise comparison will allow to detect anomalies within the range of observed time series of the industrial control system separately by their different dynamic characteristics, and thus will improve the efficiency of management of information security within information and industrial systems.

Combined authentication schemes with increasing level of resistance and methods for improving the security of electronic signature schemes: kombinirovannye skhemy autentifikacii s povyshennym urovnem stojkosti i metody povysheniya bezopasnosti skhem elektronnoj podpisi

• Antonina Komarova, Anatoly Korobeynikov
• The highly topical and groundbreaking issue of many studies is quantum technology. More and more articles appear not only in the world's leading scientific publications, but also in the media, on the creation of a quantum computer capable of solving the factorization problem (FP), the discrete logarithm in a simple finite field problem (DLSFFP) and discrete logarithm in the group of points of an elliptic curve problem (DLECP) in polynomial time. Some scientists give a 20-year timeline to implement a full-scale quantum computer [1]. This means that cryptographic mechanisms based on the above tasks will lose their cryptographic stability. Such mechanisms include the current standard of the Russian Federation GOST 34.10-2012 "Information technology. Cryptographic information security. Processes of formation and verification of electronic digital signature" and the current standard of the United States of America ECDSA, and many other protocols. In view of the above, methods of improving the safety of combined authentication schemes are an important topic of research. The article considers possible ways of combining different number theory problems and lattice theory problems in one electronic signature (ES) scheme. A distinctive feature of the proposed schemes is the use of post-quantum short integer solution (SIS) problem related to the lattice theory. It provides a higher level of cryptographic strength. The paper presents general methods of combining several difficult tasks in one scheme. These methods are based on induction output and can be used for increasing the resistance of electronic signature schemes. Induction consists in reducing the mechanisms used in particular schemes to more general methods. Due to this, it is possible to increase the resistance of existing authentication schemes, including potential attacks performed on the quantum computer. The paper also shows that the proposed methods can be applied to any electronic signature schemes based on lattice theory.

Steganalysis method of static JPEG images based on artificial immune system

• Alexey Nikolaevich Shniperov, Aleksandra Vladimirovna Prokofieva
• The purpose of this work is to develop the steganalysis method of static JPEG images, based on the usage of artificial immune systems. A model of an artificial immune system was developed for the problem of detecting hidden information in JPEG images. Basic requirements were determined, and basic elements of an artificial immune system were considered, mutation and antibody cloning operations were introduced. Also, formal description of main nodes of the artificial immune system is presented. In addition, a brief overview and analysis of the state of the steganalysis problem is provided in the paper. Furthermore, analysis of the obtained experimental results and an assessment of the effectiveness are performed for the developed method. The proposed method allows to detect the presence of hidden information, embedded by various popular steganography tools (like OutGuess, Steghide and F5) in static JPEG images with a sufficiently high accuracy. The theoretical significance of this work consists in the development of a fairly promising approach of heuristic steganalysis using artificial immune systems. The practical significance lies in the developed software product, as well as in experimental data, that confirms the effectiveness of the steganalysis method towards the detection of hidden information in JPEG images.

The use of machine learning algorithms for detecting advanced persistent threats

• Hope Nkiruka Eke, Andrei Petrovski, Hatem Ahriz
• Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. Due to their capability to navigates around defenses and to evade detection for a prolonged period of time, targeted APT attacks present an increasing concern for both cyber security and business continuity personnel. This paper explores the application of Artificial Immune System (AIS) and Recurrent Neural Networks (RNNs) variants for APT detection. It has been shown that the variants of the suggested algorithms provide not only detection capability, but can also classify malicious data traffic with respect to the type of APT attacks.

Liveness detection methods implementation to face identification reinforcement in gaming services

• Vyacheslav V. Zolotarev, Alina O. Povazhnyuk, Ekaterina A. Maro
• Gaming services, including EduTech services, do not use strong user identification and authentication practically. The most serious barrier in terms of information security is biometrics. The problem of replacing the biometric identifier taken from a smartphone or mobile computer camera is considered in the article. Solution of this problem for gaming services is based on the hybrid method called liveness detection. The article describes the requirements and experimental values for enhanced identification. The architecture and parameters of a convolutional neural network that implements the recognition of an additional feature are also shown. The order and results of testing the enhanced identification module are given. The developed identification module has the an additional feature recognition accuracy up to 100% in situation that user's head is turned up to 30°, and up to 70% when the user's head is turned up to 45°. The FAR value of this system was 1%. The FRR value was 0%. The module does not use additional hardware and can be used on a smartphone or mobile computer without upgrading the latter. Attack with the substitution of a biometric feature supplied from the camera is much more difficult to be realized if suggested solution is implemented.

Optimization of the cyber security system structure based on accounting of the prevented damage cost

• Igor Kotenko, Igor Saenko, Yury Sineshchuk, Valery Kuvatov, Oleg Chudakov
• Searching the optimum structure of cyber security systems is an important problem which should be solved to realize security mechanisms (means) in computing systems, especially when there are significant resource restrictions (small enterprises, built-in systems, cyber-physical systems, etc.). The complexity of this problem is caused by its uncertain, probabilistic, and nonlinear character. The paper proposes a mathematical model for determination of the cost of the damage prevented by cyber security means and the costs of installation and maintenance of the cyber security system under analysis. The optimization criterion is the minimal cost of the prevented damage. The variables of the problem are the quantities of the security means of various types installed in the security system. The paper considers a method to solve the problem and the features of its implementation. The possibilities of using various methods to increase the accuracy of initial data for the proposed model are analyzed.

Investigation of the different implementations for the new cipher Qamal

• Kunbolat Algazy, Rustem Biyashev, Nursulu Kapalova, Ludmila Babenko, Evgeniya Ishchukova, Saule Nyssanbayeva
• Currently, the Republic of Kazakhstan is creating a new standard for symmetric data encryption. Qamal encryption algorithm developed by the Institute of Information and Computer Technologies (Almaty, Republic of Kazakhstan), which is one of the candidates to be approved as a standard, is the subject of our study. We analyze in detail the basic cipher transforming work principles, approaches to its quick implementation and the results of the implementation experiments in several programming languages. The encryption algorithm under study uses the round subkeys generating procedure, which seems to be several times more complicated than the single block processing procedure. The software implementation approaches suggested can significantly reduce computation time by using logic operations instead of accessing data arrays. Our article is the first step to a comprehensive research of Qamal properties; its resistance to different cryptanalysis types is yet to be analyzed.

Hybrid neural network framework for detection of cyber attacks at smart infrastructures

• Vasiliy Krundyshev, Maxim Kalinin
• Last decade, the speed of wireless data transmission has increased dozens of times, while in the near future a widespread introduction of 5G/5G+ technology is expected which will significantly improve the stability and reliability of inter-device communications in smart cyber infrastructures: Internet of Things (IoT/IIoT), e-hospitals, Factory-of-the-Future (FoF). The presence of high-speed and reliable wireless communications leads to a rapid jump in the creation of modern machine-to-machine smart infrastructures. However, such an environment provides new opportunities for intruders to commit new cyber attacks, e.g. Black hole, Gray hole, massive DDoS, which can lead to serious consequences in dynamic network routing. Researchers thus face the challenge of creating new methods for countering cyber attacks of such kinds. One of the approaches is to apply artificial neural network (ANN). We suggest to utilize the modern ANNs corresponding security tasks in dynamic infrastructures. The paper identifies their major advantages and evaluates the possibility of their application for solving the issue of accurate attacks detection at machine-to-machine (m2m) adhoc self-organizing networks. An assessment is made of the effectiveness of the activation functions and optimization methods to improve accuracy in detecting the network routing attacks. A complex neural framework protecting the m2m-network against attacks on dynamic routing has been discussed, and accuracy of the developed hybrid is estimated. The ensemble of modern ANNs demonstrates 96% accuracy in detecting all types of routing attacks. This neural network complex can be applied to protect smart infrastructures against linkage collapses and network disunity.

Development of information security quest based on use of information and communication technologies

• Ishchukova Evgenia, Maro Ekaterina, Veselov Gennady
• The article presents a developed quest based on information security tasks and aimed at involving students in the field of information security, as well as the practical implementation of professional competencies. Quest's scenario based on investigation of crimes, which committed using computer information technology. According to the game scenario a flash drive was stolen from the office of the famous bank "CoinInvest", this flash drive contains keys and passwords from entire client base of the bank. The investigation team founds an envelope and several clues at the crime scene.

Analysis of the initial security of the robotics system

• Elena Basan, Oleg Makarevich, Evgeny Abramov, Dmitry Popov
• The relevance of the work lies in the fact that after solving the tasks, the results obtained, namely, the guidelines will be used in assessing the security analysis of the network of mobile robots. Indeed, the main problem in the analysis of such systems is the difference of this type of network from the usual computer networks, which in turn requires the creation of new methods and approaches to the analysis of the security of a network of mobile robots. The main goal of the work is to develop a methodology for analyzing the security of a network of mobile robots, based on research and assessment of threats and security vulnerabilities of a group of mobile robots. To achieve this goal it is necessary to solve the following tasks: to systematize data on robotic systems, to analyze the structural and functional characteristics of mobile robots, develop a typical information system for a group of mobile robots, develop a model of the offender for a group of mobile robots.

IDS-DL: A description language for detection system in cloud computing

• Daoud Mohamed Amine, Dahmani Youcef, Mostefaoui Kadda
• When designing cybersecurity measures in the cloud, many decisions need to be made and conditions must come together with such as the purpose of security, the set of deployment and the actors used. Several cloud detection systems are similar in their operation but their proposals are different in their objectives and their integrated concepts. This leads to the fact that the effective implementation of an intrusion detection system is a difficult goal to achieve. In this work, we contribute to an unified framework by a conceptual meta-model of cloud-based detection systems, called meta-IDS, while helping the community to identify work on this topic and making it easier for researchers to find, identify and use existing solutions. This meta-IDS can later be used to extend the library reuse process to help the detection process to accurately describe the problems encountered for different IDS (intrusion detection system).

Actual and historical state of side channel attacks theory

• Andrey V. Krasovsky, Ekaterina A. Maro
• The traditional classification of side-channel attacks is based on the fundamental work of Kocher [1, 2], i.e genesis of modern classical and generally accepted classification of attacks is based on performance, security, hardware, architecture, software solutions for computing devices 1990-2000s. By 2019 the relevance of this method of security analysis (means of obtaining information through side-channels) was tested, but presently there are many new types of side-channel attack (SCA) [3--6]. New methods and algorithms are not presented in the traditional classification of SCA, but significant in the context of the current state of the SCA theory, therefore they require additional systematization. This paper aims to develop a discourse on the current status of SCA, a review of state-of-art edge of SCA theory and extend classical classification scheme to position new SCA methods on it. Also paper include review of current SCA directions for symmetric block cipher (Advanced Encryption Standard (AES), PRESENT, GOST R 34.12-2015 (Magma, Kuznyechik)).

TLS certificate as a sign of establishing a connection with the network Tor

• Vitaly Lapshichyov, Oleg Makarevich
• Ensuring the confidentiality, integrity and availability of electronic resources in data networks is one of the important tasks of information security. The purpose of this article is to present the basic points of X.509 certificates of SSL/TLS encryption protocol analysis using the freely distributed software tools Wireshark and NetworkMiner of the Swedish company Netresec in data networks that are based on identifying key features inherent in software certificates of Tor Bundle. In the course of this study, the main features that allow determining the belonging of the transmitted data to the Tor network without using the list of its IP addresses are highlighted. To determine the signs, a number of certificate parameters are used that are transmitted during the implementation of the so-called SSL/TLS handshake between the client equipment and the Tor node. At the same time, identification of certificates is based not on a statistical, but on a discrete value of features, which simplifies the identification process and ensures greater accuracy. This approach to identifying the use of anonymizer allows to apply ready-made server solutions to block access to users already at the stage of establishing a connection to the Tor network. The principle of determining belonging to this anonymous network can be used in the development of a set of measures to legally block the use of the Tor Bundle at the stage of connecting it to a provider in the segment between the user equipment and the Internet service provider.

Bad-token: denial of service attacks on WPA3

• Karim Lounis, Mohammad Zulkernine
• WPA3 (Wi-Fi Protected Access 3) is a certification that augments its predecessor WPA2 with protection mechanisms, such as resistance against password dictionary attacks through SAE (Simultaneous Authentication of Equals) handshake, MFP (Management Frame Protection) against management frame spoofing, and forward secrecy to prevent an attacker from decrypting old packets if it manages to crack the network key in the future. The mechanism is still under implementation by various device vendors. WPA3-capable devices are supposed to be on the market by the end of this year (2019) or early next year (2020). In this work, we describe a vulnerability that we have discovered in WPA3 authentication protocol. This vulnerability, named bad-token, can be exploited by an attacker in a race condition to cause a denial of service to Wi-Fi clients. The attacker sends fake authentication messages that contain a bad token (WPA3 authentication confirm value) during the WPA3 authentication and prevents legitimate clients from connecting to a WPA3 network. We also present two denial of service attacks related to WPA2, but can be inherited by WPA3. We start by presenting the WPA3-SAE mechanism and then introduce the bad-token vulnerability. We implement an attack that exploits the vulnerability using the Linux software utilities hostapd-2.7 and wpa_supplicant-2.7 on Raspberry Pis and show the impact of the attack on a legitimate WPA3 network. We provide a countermeasure to mitigate the attack. Finally, we present the two WPA2-related attacks that can occur on WPA3 if certain security measures are not applied. We experimentally show the feasibility of these two attacks and propose countermeasures to mitigate them and direct device vendors to better implement security in their future devices.

Combining spark and snort technologies for detection of network attacks and anomalies: assessment of performance for the big data framework

• Igor Kotenko, Nikolay Komashinsky
• The paper proposes an approach to security information processing in order to detect computer attacks and network anomalies based on big data technologies. The main contribution of the work is in the development, implementation and investigation of the proposed combined framework for processing security data using parallel computing environment and measuring the performance of the implemented system for detection of network attacks and anomalies. The research goal is to increase the performance of attack detection (under the given requirements for accuracy of solutions) compared to the traditional IDS application. The implemented approach is built using the open source systems Snort and Spark. The paper discusses the capabilities and performance assessment of parallel data processing in order to detect computer attacks and network anomalies, as well as key principles of working with big data. The presented main results of an experimental performance evaluation of the applied approach confirm its high efficiency for analyzing network traffic and security events.

A secure priority vehicle movement based on blockchain technology in connected vehicles

• Anil Saini, Shreyansh Sharma, Palash Jain, Vikash Sharma, Arvind Kumar khandelwal
• With the rapid advancement in internet connectivity, Connected Vehicle network is becoming a promising technology in the current years. However, the increased connectivity most often results in intensifying risk of cyber security threats. In this regard, the network of connected vehicle is also vulnerable to various cyber-attacks. This paper discussed the security issues with connected Priority Vehicle. A priority vehicle must ensure the high level of security otherwise, the results would be devastating and the consequences might be very serious. To ensure the safe and secure movement of connected priority vehicle on the road using blockchain technology. In our proposed system, the priority vehicle movement is controlled by blockchain network, and it only accept messages and signals from blockchain authorized nodes. In particular, the priority vehicle's location, speed and travel time are the important parameters that we secure using blockchain network. This paper also discusses the possible attacks on the priority vehicles and show how our solution can mitigate these attacks. Here it justifies the effectiveness and performance of our security solution using simulation and proves that the blockchain technology shows the potential application towards securing the information in the connected vehicle network.

Development of information security system mathematical models by the solutions of the multigrade Diophantine equation systems

• V. O. Osipyan, K. I. Litvinov, R. Kh. Bagdasaryan, E. P. Lukashchik, S. G. Sinitsa, A. S. Zhuk
• In this paper there are theorems that demonstrate the validity of using Diophantine equations parametric solutions properties for information security system mathematical models. For this the proof of a generalization of the known Frolov's theorem has been done and represented. Also we present new theorem as a mathematical model of information security system containing Diophantine problems. On the basis of two particular solutions a new method of parameterization of multigrade systems of Diophantine equations has been invented and presented in this paper. Particulary, on the basis of two equations with less variables this method allows to get general parametric solutions for multigrade Diophantine equations. On the example of the fifth degree equation, the parametric solutions of the multigrade system of Diophantine equations have been used as a mathematical model of a new cryptosystem. The new approach has been proposed for the development of information security system. It generalizes the principle of construction public key cryptosystems: one part of the conditional identity is used for the direct transformation of an original message, and other part is used for the inverse transformation. The represented mathematical models demonstrate the potential of using Diophantine equations for the development of information security system with a high degree of reliability. These models give an ability to build both a symmetrical system and an public key system. Such systems allow an existence of a countable set of equally probable keys that leads to Diophantine problems.

Method of identifying and assessing of automated process control systems vulnerable elements

• Denis Chernov, Alexey Sychugov
• The purpose of this work is to improve quality of developed threat models for automated process control system (APCs) information security. In accordance with the purpose of the work the authors set the task to develop a method for identifying potential vulnerable elements typical for multi-level APCs and their assessing in order to calculate probability of vulnerability implementation. The peculiarities of APCs that determine occurrence of threats to information security and vulnerable elements are considered. Possible types of threats to information security that can be implemented by an intruder in APCs are given. While carrying out the task the authors propose a method for identifying actual vulnerable system elements. The estimation of APCs security on the basis of the applied security measure analysis is carried out. A way to determine the probability of favorable conditions when using vulnerabilities and formation of the final list of vulnerable elements of APCs is proposed. While confirming efficiency of the developed method, the authors calculate assessment of implementation probability of APCs vulnerabilities through actual vulnerable elements. Implementation of the results into APCs will increase fault tolerance, find potential weaknesses of developed APCs and decrease their operation and protection costs. The results of the research are recommended to use when designing information security systems in APCs.

Evaluation of information reliability of complex systems using intuitionistic fuzzy graphs

• Stanislav Belyakov, Alexander Bozhenyuk, Olesiya Kosenko, Evgeny Kosenko
• The article considers the possibility of using intuitionistic fuzzy graphs to form effective solutions for the operation of complex systems. Complex systems are characterized by many interdependent parameters, multi-criteria and multi-dimensionality. Based on the assignment of initial parameters and connections of graph in the form of a fuzzy intuitionistic set, a fuzzy distance calculation is presented, which will make it possible to discard obviously ineffective solutions.

Adaptation of an authentication protocol based on asymmetric keys for use in UAV C2 link security systems

• Kirill Borisov, Irina Lubushkina, Sergey Panasenko
• The paper describes one of possible ways of mutual authentication in unmanned aircraft systems supporting exterior hardware cryptographic keystorage devices. The suggested method is based on the elliptic curve Diffie-Hellman (ECDH) protocol. In addition to authentication procedure, it provides the key distribution scheme among all the entities and the generation of session keys. Consequent message encryption procedure includes the protection against replay attacks. The introduced protection methods are intended to be used in a robust Command and Control (C2) link security system of an unmanned aerial vehicle (UAV). It allows to ensure the integrity and confidentiality of packets transmitted via C2 link. At the same time, the design of the system takes into account the limited UAV hardware resources.

Safety analysis of the flow of cartographic data with defects

• Stanislav Belyakov, Alexander Bozhenyuk, Marina Savelyeva, Marina Belyakova
• The paper considers the flow of cartographic data that arises when solving applied problems by visual analysis of maps, plans or schemes. The flow arises in the process of interactive user-analytics and geographic information services. It is assumed that to solve the task the analyst builds the working area of the analysis, filling it with the necessary objects and relationships. The paper discusses the vulnerability of the analysis process, which is due to the influence of objects with defects on the analyst's situational awareness. An attack using this vulnerability is described. The result of the attack is making inadequate decisions and the occurrence of damage. The paper considers the analysis of the security of the data stream from the geoservice to the client. A model for estimating the allowable level of defects is proposed. A method of analyzing the "characteristic" points of the time series describing the cartographic images in the session is proposed. A method for finding a protective context from a set of contexts used by a server is proposed.

Applying of digital signal processing techniques to improve the performance of machine learning-based cyber attack detection in industrial control system

• Alexander N. Sokolov, Andrey N. Ragozin, Ilya A. Pyatnitsky, Sergei K. Alabugin
• Traditional approaches to building attack detection systems, such as a signature-based approach, do not allow detecting zero-day attacks. To improve the performance of attack detection, one resort to use methods of machine learning, in particular, neural networks. This paper considers the problem of detecting cyber attacks in Industrial Control Systems (ICS) using digital signal processing (DSP) technology. By processing signals from sensors using a comb of digital low-pass filters (LPF), additional informative features, that describe the control system, have been created. Experimental studies were conducted on the Secure Water Treatment (SWaT) dataset, which showed that the use of additional features obtained using DSP technologies improves the accuracy of detecting cyberattacks on ACS by reducing errors of the second kind.

Modeling of low-rate DDoS-attacks

• Yaroslav Tarasov, Ekaterina Pakulova, Oleg Basov
• The paper presents the results of the analysis and simulation study of Denial of Service attacks for a variety of services that store, process and transmit data to the Internet. Focuses on the simulation of low-rate Distributed Denial of Service attacks on the infrastructure of the global dynamic routing Border Gateway Protocol (BGP) and HyperText Transfer Protocol (HTTP). We choose the following software for the set-up: Apache2, Nginx, Quagga, Debian, VMware and Citrix XenServer with the most popular configuration options. The study analyzed the vulnerability of data communication protocols of the transport and application layer, leading to the possibility of the threat of low-rate DDoS-attacks. This study demonstrates the implementation of such an attack on real computer systems and computer networks.

Verification of internet protocol properties using cooperating automaton objects

• Dmitriy Levonevskiy, Fedor Novikov, Ludmila Fedorchenko, Irina Afanasieva
• Reliable verification of compliance with information security requirements when exchanging data on the Internet is an urgent task. Information is transferred through interaction protocols that are being constantly updated and changed. Methods for verifying the compliance of new protocols with safety requirements are practically significant. Among compliance verification methods, an important place belongs to formal methods based on the study of adequate protocol models and software that implements these protocols. Such methods are known as symbolic protocol verification methods. The article describes a method for symbolic verification of such protocols. The advantage of the proposed method is the comparative simplicity and straightforwardness of the verification process achieved due to the expressive power of the used behavior specification language. The protocol specification uses the model of interacting automaton objects. The language used is CIAO (Cooperative Interaction of Automata Objects). Verification is considered using the TLS (Transport Level Security) handshake protocol as an example.

Multi-path multimodal authentication system for remote information system

• Ekaterina Pakulova, Artem Ryndin, Oleg Basov
• Today, the usage of cloud information system is ubiquitous. Users have access to information systems for various purposes (banking systems, medical systems, systems for obtaining government services, cloud data storage, etc.) through mobile user terminals or specialized means. Such systems don't longer require to run applications and Internet services that need storage and computation. But they must guarantee the security of user's information. One of the modern procedures which provide information security in an information system is multimodal authentication. We propose multi-path multimodal authentication system. We suggest using multi-path scenario for authenticated data transmission thus increasing the security level. It is supposed that multimodal data is separated into parts and transmitted through various paths. Thus, make the interception of multimodal information more complicated for the adversary.

Cryptographic protocols implementation security verification of the electronic voting system based on blind intermediaries

• Liudmila Babenko, Ilya Pisarev, Elena Popova
• The development of electronic voting systems is a complex and urgent task in today's time. At the heart of the security of any system using network interaction are cryptographic protocols. Their quality is verified by means of formal verification. However, formal verification tools work with protocols in an abstract form of Alice-Bob format, which does not allow to completely check the protocol for all sorts of attacks. In addition, when implementing the protocol in practice using any programming language, it is possible to change this protocol relative to its original form. As a result, the abstract initial form of the protocol, which was verified by means of formal verification, is considered safe, but a modified implemented protocol that has a different type can no longer be recognized as safe. Thus, verification of the cryptographic protocol of the electronic voting system using source codes is relevant. The paper described an electronic voting system based on blind intermediaries. A parser is described to extract the structure of the cryptographic protocol with which the structure of the voting protocol was obtained. The cryptographic e-voting protocol was translated into the CAS+ specification language for the Avispa automated verifier for protocol security verification.

Is it better to choose seen or unseen distracters for graphical passwords

• Abdul Ashraf, Ron Poet
• We investigate a form of recognition-based graphical passwords where users choose their pass images from a system provided collection. In these systems the user is presented with a challenge set containing their pass images, together with distracters, when they login. They need to recognise their pass images to gain access. The distracters come from the same system provided collection and can be either images that the user has already seen when registering or images that they have not seen. Our experiment investigates which approach is more usable, measured by login accuracy and login time. Our results show that it is better to use images that the user has already seen as distracters. This does not affect the accuracy but leads to faster login times. In our experiment users were presented with one 60 images challenge set that contained both their pass images and distracters. Most login errors were caused by choosing the two images in the wrong order. Participants also thought that the system was easier to use than text based passwords, both when registering and logging in. They also suggested using three images rather than two for more security. This suggests that a more usable system would have three pass images that could be selected in any order.

SIN 2019 - Accompanying presentations (in Russian)