Quantitative authentication and vouching

Yesberg, John; Anderson, Mark

doi:10.1016/s0167-4048(96)00014-4

Cited by 4 publications

(2 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A user is considered authenticated only when a predefined number of nodes confirm the user's responses. Such an approach also aligns with the research in [14], which proposes a user authentication method based on vouching. Although that research is based on the premise that one user validates another's claim to a digital identity, the same principle may be applied in an environment where a claim is verified by one or more independent systems.…”

Section: Research To Define a Distributed Authentication Architecturesupporting

confidence: 56%

See 1 more Smart Citation

A distributed authentication architecture and protocol

2017

View full text Add to dashboard Cite

Original scientific paper Most user authentication methods rely on a single verifier being stored at a central location within the information system. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users' digital identities if the verifier can be extracted from the system. This paper proposes a distributed authentication environment in which there is no such single point of compromise. We propose an architecture that does not rely on a single verifier to authenticate users, but rather a distributed authentication architecture where several authentication servers are used to authenticate a user. We consider an authentication environment in which the user authentication process is distributed among independent servers. Each server independently performs its own authentication of the user, for example by asking the user to complete a challenge in order to prove his claim to a digital identity. The proposed architecture allows each server to use any authentication factor. We provide a security analysis of the proposed architecture and protocol, which shows they are secure against the attacks chosen in the analysis. Keywords: authentication factors; digital identity; distributed authentication architecture; distributed authentication protocol; distributed user authentication Arhitektura i protokol za raspodijeljenu autentifikaciju korisnikaIzvorni znanstveni članak Većina metoda autentifikacije korisnika oslanjaju se na jedan verifikator koji se pohranjuje na središnjem mjestu unutar informacijskog sustava. Takva pohrana osjetljivih informacija predstavlja jedinstvenu točku ispada iz sigurnosne perspektive. Kompromitacija verifikatora jednog sustava predstavlja izravnu prijetnju korisnikovom digitalnom identitetu. U radu se predlaže raspodijeljeno okruženje za autentifikaciju u kojem ne postoji takva točka ispada. Rad opisuje arhitekturu koja omogućuje raspodijeljenu autentifikaciju korisnika u kojoj više autentifikacijskih poslužitelja sudjeluju u provjeri autentičnosti korisnika. Razmatra se autentifikacijsko okruženje u kojem se proces autentifikacije korisnika raspodjeljuje na više nezavisnih poslužitelja. Svaki poslužitelj samostalno obavlja autentifikaciju korisnika, na primjer tražeći od korisnika da odgovori na izazov kako bi dokazao da je vlasnik digitalnog identiteta. Predložena arhitektura omogućuje svakom poslužitelju da koristi drugi autentifikacijski faktor. Provedena je sigurnosna analiza predložene arhitekture i protokola, čime se dokazuje otpornost sustava od napada odabranih u analizi.Ključne riječi: autentifikacijski faktori; digitalni identitet; raspodijeljena autentifikacija korisnika; raspodijeljeni autentifikacijski protokol; raspodijeljena arhitektura za autentifikaciju

show abstract

Section: Research To Define a Distributed Authentication Architecturesupporting

confidence: 56%

“…The final DAS votes are summed up and evaluated by the FAS. If all the votes (or a specific number of votes as suggested in [14]) are positive, the user is authenticated. In order for a DAS to know how to access its drawer, a separate element is introduced to the Manifest, the Address book.…”

Section: Manifest Structure and Initializationmentioning

confidence: 99%

A distributed authentication architecture and protocol

2017

View full text Add to dashboard Cite

show abstract

Assessing and improving authentication confidence management

Pearce

Zeadally

Hunt

2010

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

2010),"Vulnerability analysis and the practical implications of a server-challenge-based one-time password system", Information Management & Computer Security, Vol. 18 Iss 2 pp. 86-100 http:// dx.If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information. About Emerald www.emeraldinsight.comEmerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services.Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. AbstractPurpose -The purpose of this paper is to address some weaknesses in the handling of current multi-factor authentication, suggests some criteria for overcoming these weaknesses and presents a simple proof of concept authentication system. Design/methodology/approach -First, this paper evaluates some of the underlying practices and assumptions in multi-factor authentication systems. Next, the paper assesses the implications of these when compared to a quantitative authentication risk management approach. Based upon these implications this paper next note the requirements for an improved system and detail some related research areas that meet these requirements. Finally, this paper discussed how a system that meets these requirements through the application of that research could provide benefits and outlined a simple points-based authentication system. Findings -The paper proposes that many of the weaknesses in authentication confidence management could be effectively mitigated through the deployment of a factor independent multi-modal fusion quantitative authentication-based system. This paper details a simple point-based approach that does this and discuss how addressing the problems in handling authentication confidence could further optimise risk management in multi-factor authentication systems. Practical implications -This paper's suggestions for optimising multi-factor authentication have many implications within medium to high-security commercial and government applications. Correct authentication risk handling enables decisions regarding risk and authentication to be made more accurately. Originality/value -This implications of the issues discussed in this paper have relevance to anyone who deploys or uses any medium to high-security authentication system. As the bottom end of the medium to high-security range includes online banking, there are implications for a wide range of stakeholders.

show abstract