A Method of Risk Assessment for Multi-Factor Authentication

被引:26
|
作者
Kim, Jae-Jung [1 ]
Hong, Seng-Phil [1 ]
机构
[1] Sungshin W Univ, Dept Comp Sci, Informat Secur Lab, Seoul, South Korea
来源
JOURNAL OF INFORMATION PROCESSING SYSTEMS | 2011年 / 7卷 / 01期
关键词
Multi-factor Authentication; PKI; User Authentication; Biometric Authentication;
D O I
10.3745/JIPS.2011.7.1.187
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
User authentication refers to user identification based on something a user knows, something a user has, something a user is or something the user does; it can also take place based on a combination of two or more of such factors. With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified. This research analyzes user authentication methods being used in various online environments, such as web portals, electronic transactions, financial services and e-government, to identify the characteristics and issues of such authentication methods in order to present a user authentication level system model suitable for different online services. The results of our method are confirmed through a risk assessment and we verify its safety using the testing method presented in OWASP and NIST SP800-63.
引用
收藏
页码:187 / 198
页数:12
相关论文
共 50 条
  • [41] On the Security of Multi-Factor Authentication: Several Instructive Examples
    Huang, Yun
    Xue, Weijia
    Huang, Geshi
    Lai, Xuejia
    [J]. PROCEEDINGS OF THE 2013 INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER SCIENCE AND ELECTRONICS INFORMATION (ICACSEI 2013), 2013, 41 : 685 - 687
  • [42] A Modular Framework for Multi-Factor Authentication and Key Exchange
    Fleischhacker, Nils
    Manulis, Mark
    Azodi, Amir
    [J]. SECURITY STANDARDISATION RESEARCH, SSR 2014, 2014, 8893 : 190 - 214
  • [43] Multi-factor EEG-based User Authentication
    Tien Pham
    Ma, Wanli
    Dat Tran
    Phuoc Nguyen
    Dinh Phung
    [J]. PROCEEDINGS OF THE 2014 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2014, : 4029 - 4034
  • [44] CLOUD STORAGE SECURITY USING MULTI-FACTOR AUTHENTICATION
    Nikam, Rushikesh
    Potey, Manish
    [J]. 2016 INTERNATIONAL CONFERENCE ON RECENT ADVANCES AND INNOVATIONS IN ENGINEERING (ICRAIE), 2016,
  • [45] Runtime adaptive multi-factor authentication for mobile devices
    Castro, P. C.
    Ligman, J. W.
    Pistoia, M.
    Ponzo, J.
    Thomas, G. S.
    Topkara, U.
    [J]. IBM JOURNAL OF RESEARCH AND DEVELOPMENT, 2013, 57 (06)
  • [46] Analysis and improvement of a multi-factor biometric authentication scheme
    Cao, Liling
    Ge, Wancheng
    [J]. SECURITY AND COMMUNICATION NETWORKS, 2015, 8 (04) : 617 - 625
  • [47] An Extensive Formal Analysis of Multi-factor Authentication Protocols
    Jacomme, Charlie
    Kremer, Steve
    [J]. ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2021, 24 (02)
  • [48] Signing Documents by Hand: Model for Multi-Factor Authentication
    Bezzateev, Sergey
    Voloshina, Natalia
    Davydov, Vadim
    Minaeva, Tamara
    Rudavin, Nikolay
    [J]. INTERNET OF THINGS, SMART SPACES, AND NEXT GENERATION NETWORKS AND SYSTEMS, NEW2AN 2018, 2018, 11118 : 299 - 311
  • [49] Lightweight and Secure Multi-Factor Authentication Scheme in VANETs
    Tahir, Haseeb
    Mahmood, Khalid
    Ayub, Muhammad Faizan
    Saleem, Muhammad Asad
    Ferzund, Javed
    Kumar, Neeraj
    [J]. IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, 2023, 72 (11) : 14978 - 14986
  • [50] Universal Multi-Factor Authentication Using Graphical Passwords
    Sabzevar, Alireza Pirayesh
    Stavrou, Angelos
    [J]. SITIS 2008: 4TH INTERNATIONAL CONFERENCE ON SIGNAL IMAGE TECHNOLOGY AND INTERNET BASED SYSTEMS, PROCEEDINGS, 2008, : 625 - 632
12345