• PDF / 193,050 Bytes
• 6 Pages / 430 x 660 pts Page_size
• 60 Downloads / 187 Views

DOWNLOAD

REPORT

2

Google Inc. Columbia University

Abstract. In this position note we review the notion of “User Authentication,” i.e., the idea of a person facing the computer and in need of authenticating herself to the system in order to get access to her account. We analyze the state of the art of user authentication and that of “Authentication Factors,” i.e., the techniques and instruments the user can present to the computer. We compare the state of the art of these factors with the acceptable textbook view.

1

Introduction

Authentication factors are the basic instruments available to a human user to authenticate herself in order, e.g., to convince a computing system of her true “identity” as is known or registered in the system. These factors, presented by a human claiming to be a specific user (and get access to that specific user’s account), are passed to elements of the system (e.g., a software program in a server) which, in turn, make a decision whether the human is the claimed specific user. Determination is based on registered information that the elements hold about the actual specific user. The accepted classification of authentication factors, as expressed in numerous textbooks, distinguishes three basic types of factors: 1. “Something You Know” (e.g., a password); 2. “Something You Have” (e.g., a device generating one-time passwords); and 3. “Something You Are” (e.g., biometrics information). Given the current state of the art and the fact that nowadays, Internet Computing is based on human interaction with the computing infrastructure, this works re-examines the notion of authentication factors. Based on the evolution of computing systems and modern computing in general, the work reviews the parallel evolution of authentication factors and explains it and its impact on user security.

2

The Traditional Characteristics Vs. Non-bilateral Factors

The above three characteristics of the nature of authentication factors is very natural, since a user facing a system indeed can present to it evidence of the three Dingyi Pei et al. (Eds.): Inscrypt 2007, LNCS 4990, pp. 5–10, 2008. c Springer-Verlag Berlin Heidelberg 2008 

6

M. Yung

basic characteristics. However, these characteristics were made in the setting of a basic model of a user facing a machine or an operating system , which was a good view of a traditional time-sharing stand-alone system. what we note is that modern computing environment is much different, and we claim that in modern environments it is rarely the case that a user faces “alone” a single system. In fact, nowadays there are various system elements that are present in modern infrastructure. Elements can be part of the computing components, networking infrastructure components, or other aspects of the entire system. Today, when a user presents the factors, they may be directly given to the system or there may be a sequence of transfers. Even if virtually, the user believes he has interacted with “the system,” the infrastructure behind this interaction is complex. A first demonstrative example consi

Recommend Documents

User Authentication

162 26 49MB

The Evolution of Authentication

142 48 295KB

Quickest Multiple User Active Authentication

154 47 9MB

Mobile User Authentication Scheme Based on Minesweeper Game

208 31 2MB

User-Silicon Entangled Mobile Identity Authentication

157 50 3MB

On the Use of Rough Sets for User Authentication Via Keystroke Dynamics

166 71 218KB

Electrocardiogram signals-based user authentication systems using soft computing techniques

262 38 4MB

Exploiting Group Signature to Implement User Authentication in Cloud Computing

170 112 356KB

Improvement of a User Authentication Scheme for Wireless Sensor Networks Based on Internet of Things Security

224 69 2MB

Transparent User Authentication Biometrics, RFID and Behavioural Pro

142 74 6MB

User-mediated authentication protocols and unforgeability in key collision

179 52 689KB

Multitrait Selfie: Low-Cost Multimodal Smartphone User Authentication

139 48 10MB