<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz29</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Казахстанско-Британского технического университета</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of the Kazakh-British Technical University</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1998-6688</issn><issn pub-type="epub">2959-8109</issn><publisher><publisher-name>Казахстанско-Британский Технический Университет</publisher-name></publisher></journal-meta><article-meta><article-id custom-type="elpub" pub-id-type="custom">kaz29-275</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОКОММУНИКАЦИОННЫЕ СЕТИ И КИБЕРБЕЗОПАСНОСТЬ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFOCOMMUNICATION NETWORKS AND CYBERSECURITY</subject></subj-group></article-categories><title-group><article-title>ДВУХФАКТОРНАЯ АУТЕНТИФИКАЦИЯ С ИСПОЛЬЗОВАНИЕМ АЛГОРИТМОВ ШИФРОВАНИЯ TWOFISH И ВИЗУАЛЬНОЙ КРИПТОГРАФИИ ДЛЯ БЕЗОПАСНОЙ ПЕРЕДАЧИ ДАННЫХ</article-title><trans-title-group xml:lang="en"><trans-title>TWO FACTOR AUTHENTICATION USING TWOFISH ENCRYPTION AND VISUAL CRYPTOGRAPHY ALGORITHMS FOR SECURE DATA COMMUNICATION</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Дуйсен</surname><given-names>Г.</given-names></name><name name-style="western" xml:lang="en"><surname>Duisen</surname><given-names>G.</given-names></name></name-alternatives><bio xml:lang="ru"><p>студент</p></bio><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Разак</surname><given-names>А.</given-names></name><name name-style="western" xml:lang="en"><surname>Razaque</surname><given-names>A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>PhD, ассоц. профессор</p></bio><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сейиткалиева</surname><given-names>Ж.</given-names></name><name name-style="western" xml:lang="en"><surname>Seiitkaliyeva</surname><given-names>Zh.</given-names></name></name-alternatives><bio xml:lang="ru"><p>студент</p></bio><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Естаева</surname><given-names>Р.</given-names></name><name name-style="western" xml:lang="en"><surname>Yestayeva</surname><given-names>R.</given-names></name></name-alternatives><bio xml:lang="ru"><p>студент</p></bio><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Амсаад</surname><given-names>Фати</given-names></name><name name-style="western" xml:lang="en"><surname>Amsaad</surname><given-names>Fathi</given-names></name></name-alternatives><bio xml:lang="ru"><p>PhD, профессор</p><p>Миссисипи</p></bio><bio xml:lang="en"><p>Mississippi</p></bio><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Международный университет информационных технологий<country>Казахстан</country></aff><aff xml:lang="en">International Information Technology University<country>Kazakhstan</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru">Университет Южной Миссисипи<country>Соединённые Штаты Америки</country></aff><aff xml:lang="en">University of Southern Mississippi<country>United States</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2019</year></pub-date><pub-date pub-type="epub"><day>15</day><month>11</month><year>2021</year></pub-date><volume>16</volume><issue>3</issue><fpage>219</fpage><lpage>230</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Дуйсен Г., Разак А., Сейиткалиева Ж., Естаева Р., Амсаад Ф., 2021</copyright-statement><copyright-year>2021</copyright-year><copyright-holder xml:lang="ru">Дуйсен Г., Разак А., Сейиткалиева Ж., Естаева Р., Амсаад Ф.</copyright-holder><copyright-holder xml:lang="en">Duisen G., Razaque A., Seiitkaliyeva Z., Yestayeva R., Amsaad F.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.kbtu.edu.kz/jour/article/view/275">https://vestnik.kbtu.edu.kz/jour/article/view/275</self-uri><abstract><p>Рост зависимости человеческих нужд от Интернета породил необходимость безопасного и конфиденциального  процессирования данных в мировой паутине. Следовательно, безопасная обработка информации влечет за собой необходимость быстроты и доступности систем. Повышение надежности и конфиденциальности систем напрямую зависит от полностью защищенного метода аутентификации. Существуют разные методы аутентификации и защиты, которые были разработаны для обеспечения конфиденциальности и надежности. Их основная часть базируется на буквенно-цифровом пароле, и лишь маленькая часть классифицируется как двухфакторная аутентификация. В этой статье мы предлагаем улучшенный графический метод аутентификации на основе Алгоритма шифрования Twofish и Визуальной Криптографии (TEVC). Предлагаемый авторами TEVC организован так, что невозможно предугадать правильный графический пароль, и дополнительно осложнен тем, что для аутентификации необходимо предъявить правильный его порядок, что делает его надежнее буквенно-цифрового пароля. TEVC был разработан и протестирован на языке программирования JAVA. После проведения тестирования можно утверждать, что предлагаемый метод аутентификации удовлетворяет необходимым требованиям безопасности. TEVC был определен как удобный и безопасный метод аутентификации с меньшей временной сложностью по сравнению с другими известными методами аутентификации.</p></abstract><trans-abstract xml:lang="en"><p>The growing dependence of human needs on the Internet has pleased the need for secure and confidential processing of data on the World Wide Web. Therefore, the safe processing of information entails the needfor speed and availability ofsystems. Improving the reliability and privacy ofsystems directly depends on a fully protected authentication method. There are various authentication and protection methods that have been developed to ensure confidentiality and security. Their main part is based on an alphanumeric password, and only a small part is classified as two-factor authentication. In this article, we offer an improved graphical authentication method based on Twofish Encryption algorithm and Visual Cryptography (TEVC). The proposed TEVC is organized in such a way that it is impossible to predict the correct graphic password, and is further complicated by the fact that for authentication it is necessary to present its correct order, which makes it safer than an alphanumeric password. TEVC was developed and tested in the programming language JAVA. After testing, we can argue that the proposed authentication method satisfies the necessary security requirements. TEVC has been identified as a convenient and secure authentication method with less time complexity compared to other known authentication methods.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>шифрование Twofish</kwd><kwd>визуальная криптография</kwd><kwd>шифрование</kwd><kwd>графический пароль</kwd><kwd>система буквенно-цифровых паролей</kwd><kwd>метод аутентификации</kwd><kwd>двухфакторная аутентификация</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Yang, G., &amp; Hwang, J. (2017). U. S. Patent No. 9, 679,123. Washington, DC: U. S. Patent and Trademark Office.</mixed-citation><mixed-citation xml:lang="en">Yang, G., &amp; Hwang, J. (2017). U. S. Patent No. 9, 679,123. Washington, DC: U. S. Patent and Trademark Office.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Go, W., Lee, K., &amp; Kwak, J. (2014). Construction of a secure two-factor user authentication system using fingerprint information and password. Journal of Intelligent Manufacturing, 25 (2), 217-230.</mixed-citation><mixed-citation xml:lang="en">Go, W., Lee, K., &amp; Kwak, J. (2014). Construction of a secure two-factor user authentication system using fingerprint information and password. Journal of Intelligent Manufacturing, 25 (2), 217-230.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Anwar, M., &amp; Imran, A. (2015). A Comparative Study of Graphical and Alphanumeric Passwords for Mobile Device Authentication. In MAICS (pp. 13-18).</mixed-citation><mixed-citation xml:lang="en">Anwar, M., &amp; Imran, A. (2015). A Comparative Study of Graphical and Alphanumeric Passwords for Mobile Device Authentication. In MAICS (pp. 13-18).</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Petsas, T., Tsirantonakis, G., Athanasopoulos, E., &amp; Ioannidis, S. (2015, April). Two-factor authentication: is the world ready?: quantifying 2FA adoption. In Proceedings of the eighth european workshop on system security (p. 4). ACM.</mixed-citation><mixed-citation xml:lang="en">Petsas, T., Tsirantonakis, G., Athanasopoulos, E., &amp; Ioannidis, S. (2015, April). Two-factor authentication: is the world ready?: quantifying 2FA adoption. In Proceedings of the eighth european workshop on system security (p. 4). ACM.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Erdem, E., &amp; Sandikkaya, M. T. (2019). OTPaaS—One Time Password as a Service. IEEE Transactions on Information Forensics and Security, 14 (3), 743-756.</mixed-citation><mixed-citation xml:lang="en">Erdem, E., &amp; Sandikkaya, M. T. (2019). OTPaaS—One Time Password as a Service. IEEE Transactions on Information Forensics and Security, 14 (3), 743-756.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Persson, O., &amp; Wermelin, E. (2017). A Theoretical Proposal of Two-Factor Authentication in Smartphones.</mixed-citation><mixed-citation xml:lang="en">Persson, O., &amp; Wermelin, E. (2017). A Theoretical Proposal of Two-Factor Authentication in Smartphones.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Raypure, R. M., &amp;Keswani, V. (2017). Implementation For Data Hiding Using Visual Cryptography.</mixed-citation><mixed-citation xml:lang="en">Raypure, R. M., &amp;Keswani, V. (2017). Implementation For Data Hiding Using Visual Cryptography.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Chanda, K. (2016). Password security: an analysis of password strengths and vulnerabilities. In ternational Journal of Computer Network and Information Security, 8 (7), 23.</mixed-citation><mixed-citation xml:lang="en">Chanda, K. (2016). Password security: an analysis of password strengths and vulnerabilities. In ternational Journal of Computer Network and Information Security, 8 (7), 23.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... &amp; Margolis, D. (2017, Oc­tober). Data breaches, phishing, or malware?: Understanding the risks of stolen credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1421-1434). ACM.</mixed-citation><mixed-citation xml:lang="en">Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... &amp; Margolis, D. (2017, Oc­tober). Data breaches, phishing, or malware?: Understanding the risks of stolen credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1421-1434). ACM.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Gualdoni, Joseph, et al. “Secure Online Transaction Algorithm: Securing Online Transaction Using Two-Factor Authentication.” Procedia computer science 114 (2017): 93-99.</mixed-citation><mixed-citation xml:lang="en">Gualdoni, Joseph, et al. “Secure Online Transaction Algorithm: Securing Online Transaction Using Two-Factor Authentication.” Procedia computer science 114 (2017): 93-99.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Cherdmuangpak, Niramai, Tanapat Anusas-amonkul, and BenchaphonLimthanmaphon. “Two factor image-based password authentication for junior high school students.” 2017 14th Interna­tional Joint Conference on Computer Science and Soft ware Engineering (JCSSE). IEEE, 2017.</mixed-citation><mixed-citation xml:lang="en">Cherdmuangpak, Niramai, Tanapat Anusas-amonkul, and BenchaphonLimthanmaphon. “Two factor image-based password authentication for junior high school students.” 2017 14th Interna­tional Joint Conference on Computer Science and Soft ware Engineering (JCSSE). IEEE, 2017.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Khandelwal, N. S., &amp; Kamboj, P. (2015, January). Notice of Retraction Two factor authentication using Visual Cryptography and Digital Envelope in Kerberos. In 2015 International conference on electrical, electronics, signals, communication and optimization (EESCO) (pp. 1-6). IEEE.</mixed-citation><mixed-citation xml:lang="en">Khandelwal, N. S., &amp; Kamboj, P. (2015, January). Notice of Retraction Two factor authentication using Visual Cryptography and Digital Envelope in Kerberos. In 2015 International conference on electrical, electronics, signals, communication and optimization (EESCO) (pp. 1-6). IEEE.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards &amp; Interfaces, 32 (5-6), 321-325.</mixed-citation><mixed-citation xml:lang="en">Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards &amp; Interfaces, 32 (5-6), 321-325.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Zhao, H., &amp; Li, X. (2007, May). S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07) (Vol. 2, pp. 467-472). IEEE.</mixed-citation><mixed-citation xml:lang="en">Zhao, H., &amp; Li, X. (2007, May). S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07) (Vol. 2, pp. 467-472). IEEE.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Jin, A. T. B., Ling, D. N. C., &amp; Goh, A. (2004). Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern recognition, 37 (11), 2245-2255.</mixed-citation><mixed-citation xml:lang="en">Jin, A. T. B., Ling, D. N. C., &amp; Goh, A. (2004). Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern recognition, 37 (11), 2245-2255.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., &amp; Ferguson, N. (1998). Twofish: A 128-bit block cipher. NIST AES Proposal, 15, 23.</mixed-citation><mixed-citation xml:lang="en">Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., &amp; Ferguson, N. (1998). Twofish: A 128-bit block cipher. NIST AES Proposal, 15, 23.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Ibrahim, R., &amp; Kuan, T. S. (2011). Steganography algorithm to hide secret message inside an image. arXiv preprint arXiv:1112.2809.</mixed-citation><mixed-citation xml:lang="en">Ibrahim, R., &amp; Kuan, T. S. (2011). Steganography algorithm to hide secret message inside an image. arXiv preprint arXiv:1112.2809.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
