A Hybrid Multi-Factor Authentication System with GPS-Based on SPECK Encryption in Oil Cybersecurity
Article Sidebar
Main Article Content
Abstract
The oil and gas sector has become increasingly exposed to sophisticated cyberattacks, where classic single- or two-factor authentication mechanisms are insufficient for securing online transactions in oil-and-gas operational environments. This paper proposes a hybrid multi-factor authentication (H-MFA) system that integrates six security components, consisting of four authentication factors (Time-based One-Time Passwords (TOTP), GPS-based location validation, Password Salting and Hashing, and Biometric template factor (simulated) and two cryptographic enablers (SPECK lightweight encryption and Non-Interactive Zero-Knowledge (NIZK)-based privacy-preserving verification). The presented system attempts to reach a desirable trade-off between security assurance and computational feasibility for resource-limited industrial endpoints and edge gateways. Moreover, a Real-or-Random (RoR) inspired security model is incorporated as a theoretical security argument to provide indistinguishability-based validation against inference and distinguishing attacks on authentication outputs. We have implemented the system in Java and evaluated it through repeated experimental runs using an access-behavior dataset under different parameter settings. The evaluation considers metrics such as decision-level determinism, randomness of stochastic token outputs, stability towards repeated experiments, and scalability towards increasing workload and concurrency. We conducted a simulation-based feasibility evaluation using the same access-behavior dataset, where TOTP/GPS/biometric-template and NIZK-related outputs are instantiated via controlled proxies. Security discussion is supported by a RoR-inspired indistinguishability argument under stated assumptions, while engineering performance is evaluated separately using latency, throughput, CPU, and memory. In general, this paper provides an integrated and implemented MFA design that combines factor diversity, privacy-preserving verification, and secure audit-log protection for reliable online transactions authentication in critical oil and gas infrastructures.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
Deprecated: json_decode(): Passing null to parameter #1 ($json) of type string is deprecated in /home/u273879158/domains/mesopotamian.press/public_html/journals/plugins/generic/citations/CitationsPlugin.php on line 68
How to Cite
References
[1] R. H. Razzaq and M. Al-Zubaidie, “Formulating an advanced security protocol for Internet of Medical Things based on blockchain and fog computing technologies,” Iraqi J. Comput. Sci. Math., vol. 5, no. 3, p. 14, 2024, doi: 10.30880/ijcsm.2024.05.03.046.
[2] K. Sasikumar and S. Nagarajan, “Enhancing cloud security: A multi-factor authentication and adaptive cryptography approach using machine learning techniques,” IEEE Open J. Comput. Soc., 2025, doi: 10.1109/OJCS.2025.3538557.
[3] V. P. Temani, “Fortifying the future: A comprehensive study of Fin-Tech security measures,” Indian J. Public Admin., vol. 70, no. 3, pp. 621–630, 2024, doi: 10.1177/00195561241271618.
[4] H. K. Abdali, M. A. Hussain, Z. A. Abduljabbar, and V. O. Nyangaresi, “Implementing blockchain for enhancing security and authentication in Iraqi e-government services,” Eng. Technol. Appl. Sci. Res., vol. 14, no. 6, pp. 18222–18233, Dec. 2024, doi: 10.48084/etasr.8828.
[5] H. A. Al-Tameemi et al., “A systematic review of metaverse cybersecurity: Frameworks, challenges, and strategic approaches in a quantum-driven era,” Mesopotamian J. CyberSecurity, vol. 5, no. 2, pp. 770–803, 2025, doi: 10.58496/MJCS/2025/045.
[6] S. M. Umran, S. Lu, Z. A. Abduljabbar, and V. O. Nyangaresi, “Multi-chain blockchain-based secure data-sharing framework for industrial IoTs smart devices in petroleum industry,” Internet Things, vol. 24, Art. no. 100969, 2023, doi: 10.1016/j.iot.2023.100969.
[7] R. H. Razzaq et al., “Sturdy blockchain combined with e-apps repositories based on reliable camouflaging and integrating mechanisms,” Int. J. Comput. Netw. Inf. Secur., vol. 17, no. 3, pp. 35–53, 2025, doi: 10.5815/ijcnis.2025.03.03.
[8] M. Al-Zubaidie and W. A. Jebbar, “Blockchain-powered dynamic segmentation in personal health record,” Mesopotamian J. CyberSecurity, vol. 5, no. 3, pp. 953–976, 2025, doi: 10.58496/MJCS/2025/054.
[9] V. Pothana, G. V. Gokapai, and A. N. Ramaseri-Chandra, “Cybersecurity in the oil and gas sector: Vulnerabilities, solutions, and future directions,” in Proc. Int. Conf. Comput. Artif. Intell. Renew. Syst. (CARS), Oct. 2024, doi: 10.1109/CARS61786.2024.10778682.
[10] A. M. Aburbeian and M. Fernández-Veiga, “Secure internet financial transactions: A framework integrating multi-factor authentication and machine learning,” AI, vol. 5, no. 1, pp. 177–194, Jan. 2024, doi: 10.3390/ai5010010.
[11] V. R. Kebande et al., “A blockchain-based multi-factor authentication model for a cloud-enabled internet of vehicles,” Sensors, vol. 21, no. 18, Art. no. 6018, Sep. 2021, doi: 10.3390/s21186018.
[12] M. Wazid, A. K. Das, N. Kumar, and J. J. P. C. Rodrigues, “Secure three-factor user authentication scheme for renewable energy based smart grid environment,” IEEE Trans. Ind. Informatics, early access, 2017, doi: 10.1109/TII.2017.2732999.
[13] M. Sain, O. Normurodov, C. Hong, and K. L. Hui, “A survey on the security in cyber physical system with multi-factor authentication,” ICACT Trans. Adv. Commun. Technol., vol. 9, no. 6, pp. 1322–1329, Nov. 2020.
[14] Q. Wang and D. Wang, “Understanding failures in security proofs of multi-factor authentication for mobile devices,” IEEE Trans. Inf. Forensics Security, vol. 18, pp. 1–15, Nov. 2022, doi: 10.1109/TIFS.2022.3227753.
[15] B. Hawash et al., “Factors affecting Internet of Things (IoT) adoption in the Yemeni oil and gas sector,” in Proc. Int. Conf. Technol., Sci. Admin. (ICTSA), Mar. 2021, doi: 10.1109/ICTSA52017.2021.9406527.
[16] R. K. Mahmood et al., “Optimizing network security with machine learning and multi-factor authentication for enhanced intrusion detection,” J. Robot. Control, vol. 5, no. 5, pp. 1502–1519, 2024, doi: 10.18196/jrc.v5i5.22508.
[17] S. Bergset and A. J. Nyland, “Ensuring safe and secure operations in the Norwegian petroleum industry,” M.S. thesis, Dept. Inf. Sec. Commun. Technol., Norwegian Univ. Sci. Technol., Trondheim, Norway, Jun. 2023.
[18] T. N. I. Alrumaih et al., “Cyber resilience in industrial networks: A state of the art, challenges, and future directions,” J. King Saud Univ. – Comput. Inf. Sci., vol. 35, Art. no. 101781, Sep. 2023, doi: 10.1016/j.jksuci.2023.101781.
[19] A. Bhardwaj et al., “Unmasking vulnerabilities by a pioneering approach to securing smart IoT cameras,” Egyptian Informatics J., vol. 27, Art. no. 100513, Aug. 2024, doi: 10.1016/j.eij.2024.100513.
[20] S. Abdelkader et al., “Securing modern power systems: Implementing comprehensive strategies to enhance resilience,” Results Eng., vol. 23, Art. no. 102647, Jul. 2024, doi: 10.1016/j.rineng.2024.102647.
[21] N. A. Alshuraify et al., “Blockchain-based authentication scheme in oil and gas industry data with thermal CCTV cameras,” Int. J. Intell. Eng. Syst., vol. 17, no. 6, pp. 260–272, Dec. 2024, doi: 10.22266/ijies2024.1231.21.
[22] V. A. Cunha et al., “TOTP moving target defense for sensitive network services,” Pervasive Mobile Comput., vol. 74, Art. no. 101412, 2021, doi: 10.1016/j.pmcj.2021.101412.
[23] W. A. Jebbar and M. Al-Zubaidie, “Transaction-based blockchain systems security improvement employing micro-segmentation,” SN Comput. Sci., vol. 5, no. 7, Art. no. 898, 2024, doi: 10.1007/s42979-024-03239-9.
[24] M. McGiffen, “Hashing and salting of passwords,” in Pro Encryption in SQL Server 2022. Berkeley, CA, USA: Apress, 2022, pp. 269–275, doi: 10.1007/978-1-4842-8664-7_19.
[25] Z. N. Al-Qudsy et al., “Securing DNA profiles using AES cryptography,” Iraqi J. Comput. Informatics, vol. 51, no. 2, pp. 70–85, 2025, doi: 10.25195/ijci.v51i2.598.
[26] M. Al-Zubaidie and T. G. Tregi, “A quantum resilient security system for smart power grid data,” Appl. Data Sci. Anal., pp. 201–220, 2025, doi: 10.58496/ADSA/2025/017.
[27] R. H. Altaie and H. K. Hoomod, “Hybrid SPECK encryption algorithm for Internet of Things (IoT),” in Proc. Int. Conf. Reliable Inf. Commun. Technol., Cham, Switzerland: Springer, 2023, pp. 317–326, doi: 10.1007/978-3-031-59711-4_27.
[28] R. H. Razzaq, M. Al-Zubaidie, and Atiyah, “Intermediary decentralized computing and private blockchain mechanisms,” Mesopotamian J. CyberSecurity, vol. 4, no. 3, pp. 152–165, 2024, doi: 10.58496/MJCS/2024/020.
[29] S. Bamashmos, N. Chilamkurti, and A. S. Shahraki, “Two-layered multi-factor authentication using decentralized blockchain,” Sensors, vol. 24, no. 11, Art. no. 3575, 2024, doi: 10.3390/s24113575.
[30] Y. Wu et al., “An identity management scheme based on multi-factor authentication,” Sensors, vol. 25, no. 7, Art. no. 2118, 2025, doi: 10.3390/s25072118.
[31] A. Alabdulatif, R. Samarasinghe, and N. N. Thilakarathne, “A novel robust geolocation-based multi-factor authentication method,” Appl. Sci., vol. 13, no. 19, Art. no. 10743, 2023, doi: 10.3390/app131910743.
[32] M. Saideh, J.-P. Jamont, and L. Vercouter, “Opportunistic sensor-based authentication factors in and for the IoT,” Sensors, vol. 24, no. 14, Art. no. 4621, 2024, doi: 10.3390/s24144621.
[33] J. Choi et al., “A PUF-based secure authentication and key agreement scheme for the Internet of Drones,” Sensors, vol. 25, no. 3, Art. no. 982, 2025, doi: 10.3390/s25030982.
[34] V. O. Nyangaresi and G. K. Yenurkar, “Anonymity preserving lightweight authentication protocol,” High-Confidence Comput., vol. 4, no. 2, Art. no. 100178, 2024, doi: 10.1016/j.hcc.2023.100178.
[35] T. Segkoulis and K. Limniotis, “Enhancing multi-factor authentication for mobile devices through cryptographic zero-knowledge protocols,” Electronics, vol. 14, no. 9, Art. no. 1846, 2025, doi: 10.3390/electronics14091846.