Abstract
Human authentication is the security task whose job is to limit access to computer networks and physical locations only to those with authorization. This is done by equipping authorized users with passwords or tokens, or using their biometrics. However, due to human limitations, these are often used poorly, thus weakening security, or they are secure but so inconvenient as to be circumvented. This chapter describes common means for authentication as well as their strengths and weaknesses. Some of the major issues are detailed to emphasize the tradeoffs required when considering different authentication schemes. Examples of common systems applications are given with appropriate authentication choices. Finally, future trends are described to help to understand how soon and to what degree the security-convenience tradeoff will be improved.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
SecurityStats.com, “Password Security”, http://www.securitystats.com/tools/password.asp
Computer Security Institute, “Cyber crime bleeds U.S.,” 7-Apr-Ol, http://www.gocsi.com/press/20020407.html
D. S. Onley, “DISA official: users should be accountable for security,” Government Computer News, 25-Apr-01, http://www.gcn.com/voll no1/daily-updates/4028-1.html
U.S. Office of the Comptroller of the Currency, Comptroller of the Currency Administrator of National Banks, NR 2001-41, 30-Apr-2001.
Federal Trade Commission, Identity Theft Resource Center, http://www.consumer.gov/idtheft/
R. Morris, K. Thompson, “Password security: A case history,” Comm. ACM, Vol. 22, no. 11, Nov. 1979, pp. 594–597.
B. L. Riddle, M. S. Miron, J. A. Semo, “Passwords in use in a university timesharing environment,” Computers and Security, Vol. 8, no. 7, 1989, pp. 569–579.
D. L. Jobusch, A. E. Oldehoeft, “A survey of password mechanisms: Weaknesses and potential improvements,” Computers and Security, Vol. 8, no. 8, 1989, pp. 675–689.
D.C. Feldmeier and P.R. Kara, “UNIX password security-ten years later,” Advances in Cryptology-CRYPTO’ 89 Proceedings, Springer-Verlag, 1990, pp. 44–63.
J. Bunnell, J. Podd, R. Henderson, R. Napier, J. Kennedy-Moffat, “Cognitive, associative, and conventional passwords: Recall and guessing rates,” Computers and Security, Vol. 16, no. 7, 1997, pp. 645–657.
S. M. Furnell, P. S. Dowland, H. M. Illingworth, P. L. Reynolds, “Authentication and supervision: A survey of user attitudes,” Computers and Security, Vol. 19, no. 6, 2000, pp. 529–539.
National Institute of Standards and Technology, U.S. Department of Commerce, “Security requirements for cryptographic modules,” FIPS 140-2, May 2002.
A. Jain, R. Bolle, S. Pankanti (ed.s), Biometrics: Personal Identification in Networked Society, Kluwer Press, The Netherlands, Nov. 1998.
S. Pankanti, R. M. Bolle, A. Jain, “Biometrics: The future of identification,” special issue of Computer, Vol. 33, no. 2, Feb. 2000.
X. Xia, L. O’Gorman, “Innovations in fingerprint capture devices,” special issues of Pattern Recognition, Vol. 36, No. 2, 2003.
L. O’Gorman, “Practical Systems for Personal Fingerprint Authentication,” IEEE Computer, Feb. 2000, pp. 58–60.
L. O’Gorman, “Seven issues with human authentication technologies,” IEEE Workshop on Automatic Identification Advanced Technologies, Tarrytown, NY, Mar. 2002, pp. 185–186.
B. Schneier, “Biometrics: truths and fictions,” Crypto-gram, 15-Aug-98 http://www.counterpane.com/crvpto-grani-9808.html
S. M. Matyas Jr., J. Stapleton, “A biometric standard for information management and security,” Computers and Security, Vol. 19, no. 5, 2000, pp. 428–441.
S. M. Bellovin, M. Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks,” Proc. 1992 IEEE Computer Society Conference on Research in Security and Privacy, 1992, pp. 72–84.
Thomas Wu. “The secure remote password protocol,” Proc. of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111, San Diego, CA, March 1998. http://citeseer.nj.nec.com/article/wu98secure.html
R. Dhamija and A. Perrig, Déjà Vu: A User Study Using Images for Authentication, 9th Usenix Security Symposium, August 2000.
Nicholas J. Hopper and Manuel Blum, “Secure Human Identification Protocols”, In: Advances in Crypotology, Proceedings of Asiacrypt 2001.
Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin. The Design and Analysis of Graphical Passwords. In Proceedings of the 8th USENIX Security Symposium, August, Washington DC, 1999.
Biometrics Consortium, www.biometrics.org
N. Frykholm and A. Juels. Error-Tolerant Password Recovery. In P. Salfrati, ed., Eighth ACM Conference on Computer and Communications Security, pages 1–8. ACM Press. 2001.
C. Ellison, C. Hall, R. Milbert, B. Schneier, “Protecting secret keys with personal entropy, ” J. of Future Generation Computer Systems, 16(4), Feb. 2000, pp. 311–318
A. Martin, M. Przybocki, “The NIST 1999 Speaker Recognition Evaluation-An Overview,” Digital Signal Processing, Volume 10, Numbers 1–3, 2000, pp. 1–18, http://www.idealibray.com/links/toc/dspr/10/1/0
D.M. Blackburn, J.M. Bone, and P.J. Phillips, “FRVT 2000 Evaluation Report,” Feb. 2001, www.dodcounterdrug.com/facialrecognition/DLs/FRVT_2000.pdf
D. Maio, D. Maltoni, R. Cappelli, J.L. Wayman, A.K. Jain, “FVC2000: Fingerprint Verification Competition,” IEEE Trans. Pattern Analysis and Machine Intelligence, to be published, 2001. http://bias.csr.unibo.it/fvc2000/Downloads/fvc2000_report.pdf
T. Mansfield, G. Kelly, D. Chandler, J. Kane, “Biometric product testing final report,” CESG report, March, 2001, www.cesg.gov.uk/technology/biometrics
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Kluwer Academic Publishers
About this chapter
Cite this chapter
O’Gorman, L. (2004). Securing Business’s Front Door. In: Ghosh, S., Malek, M., Stohr, E.A. (eds) Guarding Your Business. Springer, Boston, MA. https://doi.org/10.1007/0-306-48638-5_8
Download citation
DOI: https://doi.org/10.1007/0-306-48638-5_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-306-48494-0
Online ISBN: 978-0-306-48638-8
eBook Packages: Springer Book Archive