Skip to main content
SpringerLink
Log in
Book cover

Guarding Your Business pp 119–149Cite as

Securing Business’s Front Door

Password, Token, and Biometric Authentication

  • Chapter

Abstract

Human authentication is the security task whose job is to limit access to computer networks and physical locations only to those with authorization. This is done by equipping authorized users with passwords or tokens, or using their biometrics. However, due to human limitations, these are often used poorly, thus weakening security, or they are secure but so inconvenient as to be circumvented. This chapter describes common means for authentication as well as their strengths and weaknesses. Some of the major issues are detailed to emphasize the tradeoffs required when considering different authentication schemes. Examples of common systems applications are given with appropriate authentication choices. Finally, future trends are described to help to understand how soon and to what degree the security-convenience tradeoff will be improved.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. SecurityStats.com, “Password Security”, http://www.securitystats.com/tools/password.asp

  2. Computer Security Institute, “Cyber crime bleeds U.S.,” 7-Apr-Ol, http://www.gocsi.com/press/20020407.html

  3. D. S. Onley, “DISA official: users should be accountable for security,” Government Computer News, 25-Apr-01, http://www.gcn.com/voll no1/daily-updates/4028-1.html

  4. U.S. Office of the Comptroller of the Currency, Comptroller of the Currency Administrator of National Banks, NR 2001-41, 30-Apr-2001.

    Google Scholar 

  5. Federal Trade Commission, Identity Theft Resource Center, http://www.consumer.gov/idtheft/

  6. R. Morris, K. Thompson, “Password security: A case history,” Comm. ACM, Vol. 22, no. 11, Nov. 1979, pp. 594–597.

    Article  Google Scholar 

  7. B. L. Riddle, M. S. Miron, J. A. Semo, “Passwords in use in a university timesharing environment,” Computers and Security, Vol. 8, no. 7, 1989, pp. 569–579.

    Google Scholar 

  8. D. L. Jobusch, A. E. Oldehoeft, “A survey of password mechanisms: Weaknesses and potential improvements,” Computers and Security, Vol. 8, no. 8, 1989, pp. 675–689.

    Google Scholar 

  9. D.C. Feldmeier and P.R. Kara, “UNIX password security-ten years later,” Advances in Cryptology-CRYPTO’ 89 Proceedings, Springer-Verlag, 1990, pp. 44–63.

    Google Scholar 

  10. J. Bunnell, J. Podd, R. Henderson, R. Napier, J. Kennedy-Moffat, “Cognitive, associative, and conventional passwords: Recall and guessing rates,” Computers and Security, Vol. 16, no. 7, 1997, pp. 645–657.

    Google Scholar 

  11. S. M. Furnell, P. S. Dowland, H. M. Illingworth, P. L. Reynolds, “Authentication and supervision: A survey of user attitudes,” Computers and Security, Vol. 19, no. 6, 2000, pp. 529–539.

    Google Scholar 

  12. National Institute of Standards and Technology, U.S. Department of Commerce, “Security requirements for cryptographic modules,” FIPS 140-2, May 2002.

    Google Scholar 

  13. A. Jain, R. Bolle, S. Pankanti (ed.s), Biometrics: Personal Identification in Networked Society, Kluwer Press, The Netherlands, Nov. 1998.

    Google Scholar 

  14. S. Pankanti, R. M. Bolle, A. Jain, “Biometrics: The future of identification,” special issue of Computer, Vol. 33, no. 2, Feb. 2000.

    Google Scholar 

  15. X. Xia, L. O’Gorman, “Innovations in fingerprint capture devices,” special issues of Pattern Recognition, Vol. 36, No. 2, 2003.

    Google Scholar 

  16. L. O’Gorman, “Practical Systems for Personal Fingerprint Authentication,” IEEE Computer, Feb. 2000, pp. 58–60.

    Google Scholar 

  17. L. O’Gorman, “Seven issues with human authentication technologies,” IEEE Workshop on Automatic Identification Advanced Technologies, Tarrytown, NY, Mar. 2002, pp. 185–186.

    Google Scholar 

  18. B. Schneier, “Biometrics: truths and fictions,” Crypto-gram, 15-Aug-98 http://www.counterpane.com/crvpto-grani-9808.html

  19. S. M. Matyas Jr., J. Stapleton, “A biometric standard for information management and security,” Computers and Security, Vol. 19, no. 5, 2000, pp. 428–441.

    Google Scholar 

  20. S. M. Bellovin, M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks,” Proc. 1992 IEEE Computer Society Conference on Research in Security and Privacy, 1992, pp. 72–84.

    Google Scholar 

  21. Thomas Wu. “The secure remote password protocol,” Proc. of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111, San Diego, CA, March 1998. http://citeseer.nj.nec.com/article/wu98secure.html

  22. R. Dhamija and A. Perrig, Déjà Vu: A User Study Using Images for Authentication, 9th Usenix Security Symposium, August 2000.

    Google Scholar 

  23. Nicholas J. Hopper and Manuel Blum, “Secure Human Identification Protocols”, In: Advances in Crypotology, Proceedings of Asiacrypt 2001.

    Google Scholar 

  24. Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin. The Design and Analysis of Graphical Passwords. In Proceedings of the 8th USENIX Security Symposium, August, Washington DC, 1999.

    Google Scholar 

  25. Biometrics Consortium, www.biometrics.org

    Google Scholar 

  26. N. Frykholm and A. Juels. Error-Tolerant Password Recovery. In P. Salfrati, ed., Eighth ACM Conference on Computer and Communications Security, pages 1–8. ACM Press. 2001.

    Google Scholar 

  27. C. Ellison, C. Hall, R. Milbert, B. Schneier, “Protecting secret keys with personal entropy, ” J. of Future Generation Computer Systems, 16(4), Feb. 2000, pp. 311–318

    Google Scholar 

  28. A. Martin, M. Przybocki, “The NIST 1999 Speaker Recognition Evaluation-An Overview,” Digital Signal Processing, Volume 10, Numbers 1–3, 2000, pp. 1–18, http://www.idealibray.com/links/toc/dspr/10/1/0

    Google Scholar 

  29. D.M. Blackburn, J.M. Bone, and P.J. Phillips, “FRVT 2000 Evaluation Report,” Feb. 2001, www.dodcounterdrug.com/facialrecognition/DLs/FRVT_2000.pdf

    Google Scholar 

  30. D. Maio, D. Maltoni, R. Cappelli, J.L. Wayman, A.K. Jain, “FVC2000: Fingerprint Verification Competition,” IEEE Trans. Pattern Analysis and Machine Intelligence, to be published, 2001. http://bias.csr.unibo.it/fvc2000/Downloads/fvc2000_report.pdf

  31. T. Mansfield, G. Kelly, D. Chandler, J. Kane, “Biometric product testing final report,” CESG report, March, 2001, www.cesg.gov.uk/technology/biometrics

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Avaya Labs Research, Basking Ridge, NJ, USA

    Lawrence O’Gorman

Authors
  1. Lawrence O’Gorman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Stevens Institute of Technology, Hoboken, New Jersey

    Sumit Ghosh , Manu Malek  & Edward A. Stohr ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Kluwer Academic Publishers

About this chapter

Cite this chapter

O’Gorman, L. (2004). Securing Business’s Front Door. In: Ghosh, S., Malek, M., Stohr, E.A. (eds) Guarding Your Business. Springer, Boston, MA. https://doi.org/10.1007/0-306-48638-5_8

Download citation

  • DOI: https://doi.org/10.1007/0-306-48638-5_8

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-306-48494-0

  • Online ISBN: 978-0-306-48638-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation