• PDF / 1,086,652 Bytes
• 11 Pages / 439.37 x 666.142 pts Page_size
• 90 Downloads / 203 Views

DOWNLOAD

REPORT

Abstract This paper describes biometric-based methods for achieving strong, low cost mutual and multi-factor authentication on the Internet of Things (IoT). These methods can leverage telebiometric authentication objects (TAO), tagged physical objects functionally coupled with biometric sensors and connected to a telecommunications network. Methods presented are convenient for people to use, support Universal Access (UA) goals, and ensure the confidential exchange of information between communicating parties. The described one and two-factor authentication methods use cryptographic techniques to achieve mutual authentication and data confidentiality through password and biometric authenticated key exchange (AKE). These key establishment techniques rely on the use of a Diffie-Hellman key agreement scheme to create a strong symmetric key from a weak secret. AKE protocols can provide forward secrecy and prevent disclosure of user credentials during authentication attempts to thwart active phishing and man-in-the-middle attacks. TAO combined with AKE provides mutual authentication and strong, three-factor user authentication.













Keywords Authentication Key exchange Security Telebiometrics Universal access

1 Introduction Authentication of identity is a critical frontline control for managing risk of unauthorized access to information systems. To manage this risk, access control systems must balance ease of access by legitimate users against the need to defend the system from attack. Defending an information system includes ensuring availability while protecting the user, their credentials, and their sensitive data from exposure. P.H. Griffin (&) Griffin Information Security, 1625 Glenwood Avenue, Raleigh, NC 27608, USA e-mail: phil@phillipgriffin.com © Springer International Publishing Switzerland 2016 D. Nicholson (ed.), Advances in Human Factors in Cybersecurity, Advances in Intelligent Systems and Computing 501, DOI 10.1007/978-3-319-41932-9_5

43

44

P.H. Griffin

Access control systems achieve these goals through mutual authentication and strong multi-factor user authentication. This requires ensuring user credentials retain their integrity, and remain confidential throughout the entire authentication process, during transfer, processing and storage. The system must implement safeguards that thwart identity theft, phishing and man-in-the-middle attacks, yet still provide easy to use access. The role of human factors in successful attacks becomes a key consideration in the selection of these security safeguards. Biometrics-based access controls provide something-you-are authentication options that support ease of use and Universal Access (UA), an inclusive user-interface design concept. A primary goal of UA is to provide “the utility of modern information technology to as broad a range of individuals as possible” [1]. Biometric technologies are a “natural choice for implementing authentication” in systems that seek an inclusive design that strikes a balance between ease of use and security. The potential for inte

Recommend Documents

Cybersecurity

180 8 2MB

Cybersecurity Lexicon

206 14 1MB

Cybersecurity Ontology

198 55 2MB

Cybersecurity 101

187 44 14MB

Cybersecurity 101

180 46 17MB

Automotive Cybersecurity

183 28 49MB

Vehicle Cybersecurity

140 63 49MB

Cybersecurity Leadership

187 0 2MB

AI in Cybersecurity

299 72 6MB

Cybersecurity in Israel

240 33 2MB

Cybersecurity in France

222 7 2MB

Cybersecurity in Brazil

192 34 221KB