Skip to main content
SpringerLink
Log in

The Evolution of Authentication

  • Chapter
ISSE 2013 Securing Electronic Business Processes

Abstract

An analysis of 6 million accounts showed that 10,000 common passwords would have access to 99.8% of the accounts. When looking at passwords for banking accounts, it can be found that 73% of users shared their online banking password with at least one non-financial site, which means that when the non-banking site gets hacked, the banking account is threatened. And it’s not only about security. According to a recent study conducted by the Ponemon Institute, more than 45% of the online transactions fail “Very Frequently” or “Frequently” due to authentication problems. Passwords do not work, yet no other technologies have been broadly deployed, why is that?

Current alternative technologies require their respective proprietary server technology. The current authentication architecture therefore consists of ’silos’ comprising the authentication method, the related client implementation and the related server technology. Instead of having a competition for better user authentication methods, authentication companies are faced with a battle for the best server technology.

Other current challenges with Authentication include the need for flexibility. Today it is used for electronically initiating high value money transactions and for accessing the personal purchase history in an online bookshop. The security needs are different. The ongoing adoption of mobile devices and the BYOD trend lead to an increasingly heterogeneous authentication landscape. There is no one approach that can meet these diverse requirements.

The FIDO Alliance, a new industry working group, has been founded to define an open, interoperable set of mechanisms that reduce the reliance on passwords.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Dinei Florencio and Cormac Herley, Microsoft Research, „A Large-Scale Study of Web Password Habits," Redmond, 2007.

    Google Scholar 

  2. M. Burnett,..More Top Worst Passwords," 20 June 2011. [Online]. Available: http://xato.net/passwords/more-top-worst-passwords/. [Accessed 3 April 2013].

  3. Trusteer, Inc.,..Reused Login Credentials," New York, 2010.

    Google Scholar 

  4. Cloud Security Alliance,..Top Threats to Cloud Computing, v1.0," 2010.

    Google Scholar 

  5. Ponemon Institute LLC,..Moving Beyond Passwords: Consumer Attitudes on Online Authent- cation - A Study of US, UK and German Consumers," 2013.

    Google Scholar 

  6. C. H. P. C. v. O. F. S. Joseph Bonneau, “The Quest to Replace Passwords - A Framework for Comparative Evaluation of Web Authentication Schemes,” in Proceedings of IEEE Symposium on Security and Privacy, Oakland, 2012.

    Google Scholar 

  7. David A. Willis, Gartner,..Bring Your Own Device: The Facts and the Future," Gartner, 2013.

    Google Scholar 

  8. J. C. a. J. Jacob, „A Survey of Authentication Protocol Literature: Version 1.0," 1997.

    Google Scholar 

  9. Benjie Chen and Robert Morris; MIT Laboratory for Computer Science, “Certifying Program Execution with Secure Processors,” in USENIX HotOS Workshop, 2003.

    Google Scholar 

  10. B. Aboba, Microsoft; L. Blunk, Merit Network, Inc.; J. Vollbrecht, Vollbrecht Consulting LLC; J. Carlson, Sun; H. Levkowetz, ipUnplugged, „Extensible Authentication Protocol (EAP), RFC3748," Network Working Group, The Internet Society, 2004.

    Google Scholar 

  11. Initiative for Open Authentication (OATH),..OATH Reference Architecture, Release 2.0," 2007.

    Google Scholar 

  12. William E. Burr, Donna F. Dodson, Elaine M. Newton, Ray A. Perlner, W. Timothy Polk; Computer Security Division, Information Technology Laboratory and Sabari Gupta, Emad A. Nab- bus; Electrosoft Services, Inc.,..Electronic Authentication Guideline," National Institute of Standards and Technology (NIST), 2013.

    Google Scholar 

  13. European Central Bank,.Recommendations for the Security of Internet Payments," Frankfurt am Main, 2012.

    Google Scholar 

  14. FFIEC,.Supplement to Authentication in an Internet Banking Environment," Arlington, 2005.

    Google Scholar 

  15. B. S. M. S. Obaidat, “Keystroke Dynamics Based Authentication,” in Biometrics. Personal Identification in Networked Society, Kluwer Academic Publishers, pp. 213-229.

    Google Scholar 

  16. BehavioSec,.Measuring FAR/FRR/EER in Continuous Authentication," Stockholm, Sweden, 2009.

    Google Scholar 

  17. Florian Schaub, Ruben Deyhle, Michael Weber; Institute of Media Informatics, Ulm University, 89069 Ulm, Germany,.Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms," Ulm, Germany, 2012.

    Google Scholar 

  18. Confident Technologies,.Mobile (In)Security - A Survey of Security Habits on Smartphones and Tablets," 2011.

    Google Scholar 

  19. Koichiro Niinuma, Fujitsi Laboratories, Kawasaki, Japan; Anil K. Jain, Department of Computer Science & Engineering, Michigan State University, East Lansing, MI, USA,.Continuous User Authentication Using Temporal Information," 2009.

    Google Scholar 

  20. Martha E. Crosby and Custis S. Ikehara; University of Hawaii/Manoa (USA),.Continuous identity authentication using multimodal physiological sensors," 2004.

    Google Scholar 

  21. M. Jones, Microsoft; D. Hardt, Independent,.The OAuth 2.0 AuthorizationFramework: Bearer Token Usage (RFC6750)," Internet Engineering Task Force (IETF), 2012.

    Google Scholar 

  22. Gregory D. Williamson, GE Money - America’s, “Enhanced Authentication In Online Banking,” Journal of Economic Crime Management, pp. Fall 2006, Volume 4, Issue 2, 2006.

    Google Scholar 

  23. Vivek Haldar, Deepak Chandra, and Michael Franz; Department of Computer Science, University of California,..Semantic Remote Attestation - A Virtual Machine directed approach to Trusted Computing," Irvine, CA, USA, 2004.

    Google Scholar 

  24. Federal Public Key Infrastructure Policy Authority,..United States Federal PKI - X.509 Certification Practice Statement (CPS) for the Federal Public Key Infrastructure (FPKI)," 2011.

    Google Scholar 

  25. Trusted Computing Group,..Trusted Platform Module (TPM) Summary," 2008.

    Google Scholar 

  26. C. Bare,..Attestation and Trusted Computing," 2006.

    Google Scholar 

  27. ISO/IEC,..ISO/IEC 7816-8 Commands for security operations," 2004.

    Google Scholar 

  28. Trusted Computing Group,..Trusted Platform Module Library - Part 1 Archutecture," 2013.

    Google Scholar 

  29. GlobalPlatform,..Secure Element Access Control," 2012.

    Google Scholar 

  30. ARM Limited,..ARM Security Technology - Building a Secure System using TrustZone Technology," 2009.

    Google Scholar 

  31. RSA Laboratories,..PKCS#11 Base Functionality v2.30: Cryptoki - Draft 4," 2009.

    Google Scholar 

  32. Microsoft,..Cryptography API: Next Generation," [Online]. Available: http://msdn.microsoft.com/en-us/library/windows/desktop/aa376210 %28v = vs.85 %29.aspx. [Accessed 3 May 2013].

  33. Sally Hudson, IDC, „Worldwide Identity and Access Management Market 2011-2015 Forecast," Framingham, 2011.

    Google Scholar 

  34. Sharon A. Mertz, Chad Eschinger, Tom Eid, Yanna Dharmasthira, Chris Pang, Laurie F. Wurst- er, Tsuyoshi Ebina, Hai Hong Swinehart; Gartner,..Forecast: Software as a Service, All Regions, 2010-2015," 2011.

    Google Scholar 

  35. Stefan Ried, Ph.D.; Holger Kisker with Pascal Matzke, Andrew Bartels, Miroslaw Lisserman; Forrester Research,..Sizing The Cloud - A BT Futures Report," 2011.

    Google Scholar 

  36. John C. McCarthy with Christopher Mines, Pascal Matzke, Yahor Darashkevich; Forrester Research,..Mobile App Internet Recasts The Software And Services Landscape - A BT Futures Report," 2011.

    Google Scholar 

  37. KPMG,..2011 KPMG Mobile Payments Outlook," 2011.

    Google Scholar 

  38. Cloud Security Alliance,..Security Guidance for Critical Areas of Focus in Cloud Computing v2.1," 2009.

    Google Scholar 

  39. Oracle,..Java Card Technology," [Online]. Available: http://www.oracle.com/technetwork/java/ javacard/overview/index-jsp-140503.html. [Accessed 3 May 2013].

  40. Sascha Rehbock and Ray Hunt, Computer Science and Software Engineering University of Canterbury,.Trustworthy Clients: Architectural Approaches for Extending TNC to Web-Based Environments," Christchurch, New Zealand, 2008.

    Google Scholar 

  41. Leicher, A., Schmidt, A.U., Shah, Y. and Cha, I., “Trusted computing enhanced user authentication with OpenID and trustworthy user interface,” Int. J. Internet Technology and Secured Transactions, vol. Vol.3, no. No.4, pp. 331 - 353, 2011.

    Google Scholar 

  42. Stuart E. Schechter, MIT Lincoln Laboratoy; Rachna Dhamija, Hardvard University & Commerce Net; Andy Ozment, MIT Loncoln Laboratory & Univeristy of Cambridge; Ian Fischer, Harvard University,..The Emperor’s New Security Indicators," 2007.

    Google Scholar 

  43. K. N. Elbert,.Understanding Consumers’ Visual Attention Patterns Online: An Eye Tracking Analysis of Web Trust Seal Effects On Visual Attention and Choice," 2013.

    Google Scholar 

  44. Vaclav Matyas and Zdnenek Riha, Faculty of Informatics, Masaryk University Brno, Czech Republic,..Biometric Authentication - Security and Usability," 2002.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nok Nok Labs, Inc., 4151 Middlefield Road, 94303, Palo Alto, CA, USA

    Rolf Lindemann

Authors
  1. Rolf Lindemann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TeleTrusT – Bundesverband IT-Sicherheit e.V., Erfurt, Germany

    Helmut Reimer

  2. Gelsenkirchen, Germany

    Norbert Pohlmann

  3. Darmstadt, Germany

    Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Fachmedien Wiesbaden

About this chapter

Cite this chapter

Lindemann, R. (2013). The Evolution of Authentication. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-658-03371-2_2

  • Publisher Name: Springer Vieweg, Wiesbaden

  • Print ISBN: 978-3-658-03370-5

  • Online ISBN: 978-3-658-03371-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation