|Intelligent Automation & Soft Computing |
Analysis and Intellectual Structure of the Multi-Factor Authentication in Information Security
1Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak, 94300, Kota Samarahan, Malaysia
2Computer and Information Science, Prince Sultan University, Riyadh, KSA
3Faculty of Computing and Informatics, Universiti Malaysia Sabah, Jalan UMS, 88400, Kota Kinabalu Sabah, Malaysia
4Faculty of Computer Science, University of Bisha, Bisha, Saudi Arabia
5Faculty of Computing & Informatics, Multimedia University, Persiaran Multimedia, 63100, Cyberjaya, Selangor, Malaysia
*Corresponding Author: Adnan Shahid Khan. Email: firstname.lastname@example.org
Received: 14 July 2021; Accepted: 04 October 2021
Abstract: This study presents the current state of research on multi-factor authentication. Authentication is one of the important traits in the security domain as it ensures that legitimate users have access to the secure resource. Attacks on authentication occur even before digital access is given, but it becomes quite challenging with remote access to secure resources. With increasing threats to single authentication schemes, 2Factor and later multi-factor authentication approaches came into practice. Several studies have been done in the multi-factor authentication discipline, and most of them proposed the best possible approaches, but there are very limited studies in the area that can comprehend all these innovative and effective approaches. Using Web of Science data of the research publications on the topic, the study adopted the bibliometric approach to find the evolution of authentication in the security domain, especially multi-factor authentication. This study finds the impact of the research in the selected domain using bibliometric analysis. This research also identifies the key research trends that most of the researchers are paying attention to. The highest number of publications on multi-factor authentication were published in 2019 while the highest number of citations were received in 2014. United States, India, and China are the leading countries publishing the most on multi-factor authentication.
Keywords: Multi-factor authentication; bibliometrics; scient metrics; authentication; information security
The security domain is getting a lot of attention since the last decade due to the increased number of attacks, reliance on wireless and remote setup, and especially the movement of financial transactions to online mediums. A lot of efforts have been made in the area of security by the introduction of passwords, encryption, hashing, biometric authentication, and the list goes on. Still, lack of security awareness, security loopholes have always been a challenge and resulted in a security compromise. In the current era, two-level or multilevel security is getting a lot of attention where multiple factors are considered for implementing security. In this way, security can be ensured to mitigate attacks caused by human carelessness, lack of awareness, and other bot attacks to protect sensitive data from possible security attacks [1–6] like distributed denial of service (DDoS) attacks [7–10] as the first line of defense. Furthermore, information security is big factor to implement internet of things (IoT) for smart cities [11–19] using software-defined networking [SDN] [20–26], named data networking (NDN) [27–29] and cloud computing network  with voice over IP (VoIP) [31–34] fiber optic [35–37], worldwide interoperability for microwave access (WiMAX) [37–40], swarm intelligence (SI) , artificial intelligence (AI), machine learning (ML) , deep learning (DL) [42–44], and artificial neural network (ANN) .
Legitimate access to any resource requires authentication of the person accessing the protected resource . Usually, this protection is done through a username and password which if, compromised, may result in total failure of the system. It can easily be comprehended by considering if someone can sneak into your mobile phone, and the only security provided is a passcode or pin. Biometric, a common authentication scheme, was introduced as a replacement to the password that ensures that a legitimate person is logging. However, it can be compromised as the famous case of Apple Hack in 48 h in a security conference in Germany . Two-factor authentication was introduced where the combination of password and biometric was preferred to be used as it provide chances to have better security. This research focuses on finding the evolution of different authentication schemes and how different combinations of authentication schemes are used to form multi-factor authentication schemes .
Several studies and authentication schemes are currently in use for providing legitimate access to the protected resources. Each scheme has its pros and cons making it challenging to adapt in every possible scenario. This results in a multiple-level authentication scheme based on the nature of the resource [47–50]. The following section presents the common authentication schemes and how they are used.
Password: Usage of password or pin or even passcode is one of the oldest mechanisms for protecting resources from legitimate access. Passwords are considered secure; based on their size and complexity. But the number of passwords released over the dark web as well as other compromises has resulted in failure of the scheme or even, in some cases, ransom or maligning of person. Secondly, if a password is compromised, the whole security scheme becomes null and void .
Biometric: Several biometric schemes are used for providing authentication such as facial recognition, fingerprint, and iris authentication. It allows guarantee of real and legitimate human access but advances in the recreation of images, biometric has resulted in the compromise of the scheme .
One Time Password (OTP): OTP scheme is widely used these days as it allows live access to resources using a fresh password. Usually, OTP is used in conjunction with other authentication schemes but still can be compromised using a Man-in-the-Browser attack or malware .
Smartcard: Barkadehi et al. and Velásquez et al. discussed that smart cards are often used to provide security and authentication by keeping the secret information protected. It is widely used to authenticate resources smartly and efficiently. But it is complex to handle because it may be lost or stolen to resources; also, indirect gains and rouge relay attacks are possible.
Blind-Fold Challenge Scheme: Owing to the increased number of bot attacks, currently verification of human factor has been introduced by random challenges such as identification of the object in the picture, captcha, easy math equation or set of challenges but still with advances in image recognition made it possible to crack captcha, it is challenging for blind or low sight user to use complex scheme. Secondly the blindfold challenge scheme cannot be used as security scheme it only distinguishes humans from machines [53–55].
Profiling: Security profiling of users is often considered to be an adaptive authentication scheme where a user profile is completely built, and whenever a slight deviation is considered from normal behavior, complex authentication schemes are introduced again. This scheme results in fast access and ensures legitimate users are using the resources but, in some cases, due to an emergency, if the user is behaving abnormally all of the access may get blocked and may result in some serious injury. Profiling can be location-based, timing-based, device type, or even connection-based. All of them can be used in conjunction with other approaches to achieve better security [55–57].
MFA works on three major principles (1) knowledge: what you know such as your pin, password, etc. (2) possession: an asset that you have in hand such as a mobile phone and (3) inherence that refers to what is unique to you such as biometric information . A better approach must use all these three together based on the level of security that resource requires. This research adopts bibliometric analysis to find out how multifactor is analyzed in scientific literature and which principles are covered in these approaches. Bibliometric analysis is a statistical approach evaluate the published scientific literature. There are several studies that have been conducted using bibliometric studies in the area of security and authentication schemes, but very limited studies have been done in the area of multifactor authentication.  conducted a bibliometric study about authentication that covered a variety of security and the Internet of Things (IoT).  researched around smart grid and Internet of Things security. Both pieces of research investigate publications made in a vast area and provide a highlight of keywords for consideration also.  conducted a bibliometric study on security and application of bibliometric, while  conducted a bibliometric study for how security is analyzed in the blockchain. There are few studies about security such as [63–67] analyzed the security issues using bibliometric studies and extracted the major publication patterns. MFA is not a new research area, but the real usage came with a number of security issues on a rise. Security experts worked on approaches that include MFA but there is a lack of studies that can comprehend what has been done in area and what are the current researches heading too.
The main objective of this study is to present the current state of research on multi-factor authentication. To achieve the stated objective, the study aimed to answer the following research questions interpreting the scope of the research as well.
• How have the research publications and citations on multi-factor authentication evolved over time?
• What is the impact and citation structure of the research on multi-factor authentication?
• What are the research trends in multi-factor authentication in terms of authorship patterns, active countries, institutions, journals and researchers?
• What are the main themes in the domain and how have these themes evolved over time?
• What are the recent research trends in this domain?
2 Methodology of the Research
2.1 Bibliometric Terminology
This study used bibliometric terminology and abbreviations as under Tab. 1.
Active authors, institutions and countries are those with the highest number of publications.
2.2 Tools Used
Gephi, an open-source tool was used to visualize the keywords co-occurrences, present co-citation graphs, and create the bibliometric coupling. Thematic evolution and collaboration trends were explored using another open-source tool Biblioshiny [68–70], version 2.0. Microsoft Excel was used to scan the titles and abstracts.
2.3 Data Source
The selection of a database is an important task in bibliometric studies. Web of Science (WoS) was selected to retrieve data as it is one of the most comprehensive and premier citations and abstract databases of scientific literature in the selected domain. WoS indexes the relevant, authoritative and top-ranked journals and has a wider coverage of scholarly literature on computer security and allied subject domains.
Bibliometric method of research analysis was applied to conduct this study. The method is widely used in evaluating the research performance in particular fields of knowledge, institutions, regions and journals.
2.5 Search Query and Data Retrieval
To retrieve the bibliographic and citation records of “multi-factor authentication” a search query with the keyword “Multi-factor authentication” was run in the “Topic” field in the Web of Science Core Collection. The topic field brings results from the title, keywords, and abstracts of the publications. The search was performed on February 22, 2021. Two of the authors retrieve the data simultaneously to validate the retrieved data. The titles and abstracts of the results were scanned to check their relevancy.
3 Analysis, Results and Discussion
In this section, data analysis, and results have presented with analytical discussion.
3.1 Evolution of Publications and Citations in Multi-Factor Authentication
Fig. 1 explains the chronological growth of publications and citations in the multi-factor authentication domain. Data indicated a gradual increase in the multi-factor authentication publications and citations with minor fluctuations. The first publication on the topic appeared in 2004, while the year 2019 witnessed the highest number of publications (n = 55). The highest number of citations (n = 240 and n = 154) were received in the years 2014 and 2015, respectively. The citation structure provided in Tab. 2 revealed that the highest number of cited publications were in 2019, while the best average citation per publication and the average citations per cited publications were observed in the publications in the year 2014. The best h-index of six (6) was recorded to the publications in the years 2014, 2015, 2016.
3.2 Active Countries and Institutions
Data in Tab. 3 indicates that the United States is the most active country publishing research in multi-factor authentication with 49 publications, followed by India and China with 40 and 31 publications, respectively. The best citation impact of 15.50 was recorded to the publications affiliated with Australian institutions. Purdue University, Tampere University of Technology, ITMO University, The University of Buckingham, and Mimos Berhad published four publications each on the topic. Publications of Wuhan University attracted the highest number of citations (135) and created the best citation impact of 45 among the top active institutions. Purdue University followed Wuhan University in getting the second most (75) citations.
3.3 Influential Journals
IEEE Access was the most active journal publishing research on multi-factor authentication. Most of the journals presented in Tab. 4 are impact factor journals listed in Journal Citation Reports of Clarivate Analytics. The majority of these journals are ranked in the first and second quartiles of journal rankings. All of the top ten journals are based in the United States and European countries.
3.4 Most Cited Manuscripts in the Multi-Factor Authentication Domain
Tab. 5 lists the top ten manuscripts that have received the highest number of citations. The manuscript titled “Enhanced Three-factor Security Protocol for Consumer USB Mass Storage Devices”, (He, Debiao, 2014), published in IEEE Transactions on Consumer Electronics, received the highest number of citations (107), with an average of 15.29 citations annually. The article titled “Molecules for security measures: from keypad locks to advanced communication protocols” (Andreasson, J. 2018), published in Chemical Society Reviews, received the best average of 19 citations per year.
3.5 Authorship Pattern
Most of the research on multi-factor authentication is done collaboratively, as indicated in Fig. 2. Three-author studies are the most common trend followed by the studies prepared by joint effort of two authors. Seventeen studies were prepared by single authors. Studies prepared in collaboration received citations with better a average than the single-author studies. Studies with eight authors were cited with an average of 12 citations per publication. The second-best citation average of 7. 5 was recorded to the publications with five authors. Single author studies received the lowest citation average of 2 citations per publication.
3.6 Co-occurrences Analysis of Keywords
Using Gephi software, the co-occurrences of author-supplied keywords were analyzed. The keywords with a minimum of four assurances were selected to appear in Fig. 3; 28 keywords met the threshold. Fig. 3 shows interesting co-relations between the author keywords indicating connections to multi-factor authentication. Based on the weight of co-occurrences and total link strength, multi-factor authentication was the most frequently used keyword establishing its connections to biometrics, security, and authentication. Seven different colors represent seven clusters.
3.7 Bibliographic Coupling of the Countries of the Authors
Fig. 4 presents the bibliographic coupling of the countries of the authors of multi-factor authentication articles. A threshold of five publications was set. Nineteen countries met the criteria and appeared on the coupling map. The United States had the best strength based on the number of publications, while China was on the top based on the total link strength and citations. The nodes in Fig. 4 represent the countries, while the edges represent the network. The width of the edge indicates the association level. The color of the nodes represents the clusters.
3.8 Bibliographic Coupling of the Authors’ Affiliated Institutions
Fig. 5 shows the bibliographic coupling of the institutions of the authors who are publishing on multi-factor authentication. With the threshold of three publications, fifteen institutions qualified to appear on the coupling map. The representation of institutions from around the world indicates that research on multi-factor authentication is being carried out globally. A strong collaboration can be observed between the ITMO University and the Tempere University of Technology.
3.9 Three-Field Analysis of Keywords, Countries and Journals
Fig. 6 shows a three-field plot of keywords (left), countries (center), and journals (right), identifying the relationship among the keywords, countries, and journals. “Multi-factor authentication” and “authentication” keywords were the most frequently used keywords, as indicated by the size of the boxes. India, China, and United States are using these keywords the most, while the journals IEEE Access, and Computers and Society have published most of the research on these keywords.
3.10 Thematic Evolution of Keywords
Fig. 7 presents the thematic evolution of keywords used in the multi-factor authentication research. The temporal analysis was made on the main themes of the domain that divides the research life span over three different time slices. Results indicate that multi-factor authentication, password, and authentication were the popular keywords since the emergence of the field. Confidentiality, biometrics, and security were the new areas of focus from 2016 to 2018. Behavior, OTP, anonymity, and information security emerged as the new research themes during the last two years. Multi-factor authentication has been the focus of research throughout the lifespan of the field.
3.11 Journals with the Best Citation Bursts
Fig. 8 presents the citation bursts on the journals publishing research on mulita-factor authentication. The strongest citation burst with the burst strength of 4.65 was recorded to the IEEE Transactions on Pattern Analysis and Machine Intelligence. The burst lasted for eight years, from 2010 to 2017. The other journals with the notable bursts were Communications in Computer and Information Science and IEEE Access with the burst strengths of 4.13 and 4.02, respectively.
4 Limitations and Future Research Directions
The data source of this study is WoS database. Other citations and abstract databases such as Scopus, Google Scholar may reflect a different number of publications and citations on MFA. The study used the “multi-factor authentication” keyword to search for and retrieve the data. Other keywords will yield other results as databases retrieve a different set of records with the change of keywords. A systematic review of MFA will be a good source of knowledge for the researchers in the field. A bibliometric study using the other abstract and indexing databases to map the current research landscape of MFA will be a good addition to the current literature in the domain. A comparative study of different regions and countries can be carried out that may reflect on priorities or, even in some cases, weakness in the domain. The same study can select best and effective practices to create a general framework for effective multi-factor authentication schemes.
Authentication is an essential aspect of security and has always gained attention as well as attacks over time. This research study focuses on MFA that was coined a long time ago as two-factor or three-factor authentication. The selected data source shows 2004 when it received an approach comprising of MFA and then a steady increase was observed. It was a decade after when MFA gained more popularity and impact, as shown through citation analysis, that was due to the usage of intelligent approaches for compromising the authentication. The United States, India, and China were the most active countries publishing MFA research, while Purdue University was the most prolific institution. The highest number of studies were published in IEEE Access. Researchers preferred to conduct their research collaboratively. MFA, biometrics, security, and authentication were the most frequently used keywords. Behavior, OTP, anonymity, and information security emerged as the new research themes during the last two years, while confidentiality, biometrics, and security were the areas of focus from 2016 to 2018. The study recommends future researchers conduct a systematic literature review on the topic to uncover the research on MFA in terms of security approaches adapted.
Acknowledgement: The authors would like to acknowledge the support of Prince Sultan University for paying the Article Processing Charges (APC) of this publication. The authors would like to thank the editors of IASC and anonymous reviewers for their time and review of this manuscript and Professor Dr. Yong-Jin Park (IEEE Life member and former Director IEEE Region 10) valuable comments and suggestions on improving the paper.
Funding Statement: This research is funded by Prince Sultan University and Research, Innovation and Enterprise Centre (RIEC), Universiti Malaysia Sarawak under the Grant No. F08/PGRG/2058/2021, Y. Javed and A. S. Khan received the grant, sponsors’ websites: https://www.riec.unimas.my.
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
|This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.|