DEVELOPMENT OF A TWO-FACTOR AUTHENTICATION APPLICATION FOR DATA PROTECTION IN GOVERNMENT AGENCIES OF THE KR
Keywords:
protection, two-factor authentication, government agencies, accounts, Backend, Go programming languageAbstract
With the rapid advancement of digital technologies, government institutions face an urgent need to implement reliable mechanisms for protecting user credentials. Currently, government agencies in the Kyrgyz Republic lack local solutions for two-factor authentication, forcing them to rely on foreign services. However, such solutions do not always meet national security requirements, pose a risk of data leakage, and complicate centralized management of user accounts.
This paper analyzes existing authentication methods, including one-time passwords (OTP), hardware tokens, and biometric authentication, highlighting their advantages and limitations. As an alternative, the paper proposes the development of a local authenticator that ensures secure authentication, seamless integration with government information systems, and centralized user management.
The paper describes the architectural principles and technological stack of the proposed solution, including the use of a microservices architecture, the Go programming language, PostgreSQL for data storage, and interaction mechanisms through REST API and WebSocket. Additionally, it explores algorithms for generating one-time passwords, user account management, and security measures to protect against potential attacks.
The presented prototype demonstrates the feasibility of implementing secure authentication without reliance on foreign authentication services, making it a promising solution for adoption in government institutions.
References
1. Стандарты и исследования по двухфакторной аутентификации: RFC 6238. TOTP: Time-Based One-Time Password Algorithm. [Электронный ресурс]: https://datatracker.ietf.org/doc/html/rfc6238
2. RFC 4226. HOTP: An HMAC-Based One-Time Password Algorithm. [Электронный ресурс]: https://datatracker.ietf.org/doc/html/rfc4226, Национальный институт стандартов и технологий США (NIST).
3. Спецификация для двухфакторной аутентификации. [Электронный ресурс]: https://pages.nist.gov/800-63-3/
4. Исследование угроз фишинга и атак на двухфакторную аутентификацию. ACM Journal of Cybersecurity, 2022.
5. Документация Go: https://golang.org/doc/
6. PostgreSQL Documentation: https://www.postgresql.org/docs/
7. WebSocket API – MDN Web Docs: https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API
8. OpenID Connect, спецификация аутентификации: https://openid.net/specs/openid-connect-core-1_0.html
9. Практические исследования и государственные проекты
10. Криптографическая безопасность двухфакторной аутентификации. Journal of Information Security, 2021.
11. Применение TOTP и HOTP в государственных системах: опыт Эстонии и Германии. European Journal of Digital Governance, 2023.
12. "Внедрение многофакторной аутентификации в правительственных сервисах" – доклад Министерства цифрового развития РФ, 2022.
13. Публикации по кибербезопасности и аутентификации
14. Schneier B. "Applied Cryptography", 2nd edition. John Wiley & Sons, 1996.
15. Ross J. "Implementing Two-Factor Authentication", O’Reilly Media, 2018.
16. Biryukov A., Khovratovich D., Perrin L. "Security Analysis of Authentication Protocols". Journal of Cryptology, 2021.
