**2.2 User authentication using devices**

To authenticate users of information systems, there are well-known techniques. The first group of such methods is based on checking the knowledge of the user based on some memorized secrets (e.g., secret combination password). In the authentication process, knowledge of this secret is validated. The second group of authentication methods is based on checking the user ownership of certain hardware which becomes the subject (device), such as a smart card or USB token. The device contains the base secret of the user (e.g., its private key digital signature), which does not need to remember. Third party authentication methods are based on checking whether a user has characteristics that could not be separated from it. These characteristics, for example, can be printing finger, face, or voice.

But all these methods are as effective as possible in local authentication, when there is no doubt about the source of information for user authentication. If remote authentication has no such confidence, because data for verification can be provided to outsider, you want to create new authentication methods, suitable for use in remote access to information systems. These methods can be used in addition to the existing methods of authentication. Additional authentication methods, for example, are to verify a user based on the knowledge test about his preferences and

Data on user knowledge can be collected using the analysis of the content the user has visited Internet resources. Such an analysis could be based on the methods

Traditional methods of authentication (verification of secret knowledge-based reusable password and verification of biometric characteristics and devices) have a common disadvantage: the ability to intercept confirming the authenticity of the user information with its subsequent playback of the infringer to perform any action against a target system on behalf of a registered user. To improve protection against unauthorized access to sensitive information, it is usually recommended to

Consider the drawbacks of traditional methods of authenticating users of infor-

The main advantage of validation of knowledge-based authentication of user secret reusable password is the ease of its implementation and use. At the same

• many users choose passwords that are easy enough to pick up due to lack of

• the possibility of using the violator of readily available software tools for

• the ability to use social engineering techniques by the infringer (obtain the

• the ability to "steal" the password as you type with the keyboard or intercept

Such methods are related to biometric authentications.

*Wireless Mesh Networks - Security, Architectures and Protocols*

competencies.

of classification of text documents.

**2. Analysis of existing methods**

use the two or multifactor authentication.

picking passwords;

**68**

password by tricking the user); and

mation systems in the case of remote access systems.

time, the password authentication has many drawbacks:

password length, their simplicity, and repetitiveness;

the password when it is sent over a computer network.

**2.1 User authentication based on validation of secret knowledge**

User name authentication using authentication devices is based on the uniqueness and the confidentiality of the information contained in the memory of the device. As such, information, for example, the private (secret) key of the user's electronic signature could be used. In the process of authenticating, the correctness of such key is validated using the user's public key certificate issued by a trusted certificate authority and is stored in an information system in which the user registered.

Most often the following devices are used for authentication:


For active USB devices, added protection from theft applies reusable passwords (so-called PIN-codes), the knowledge of which confirms the use of authentication devices to its rightful owner. Other advantages of authentication devices are no limits in the length and complexity of storage in the device memory and the ability to detect the fact that the device is lost or stolen and lock it in this case.

Authentication procedure using active devices may include the generation and verification of one-time passwords or occasional request response calculation (model "handshake").

But the use of authentication devices also has a number of disadvantages:

