buletin Åtiin ific - Facultatea de Stiinte Economice - Universitatea din ...

More documents

Recommendations

Info

Problems of biometric methods in Authentication and Authorization InfrastructuresFor this, known forms of AAIs have to be checked whether their architectures permit the use ofbiometrics. Based on this research, changes in their architectures can be made for achieving areference model of a biometric AAI.5. ConclusionsIn order to become a large-scale solution to the increased number of passwords, AAIs have toprovide both security and comfort in use. While comfort is achieved through flexibility in theauthentication process and the user centric approach of identification provided by AAIs,biometrics (such as typing behavior) can provide the extra security necessary for theauthentication process.While researching the architecture and specific problem of biometric AAIs, new knowledge andinformation will be gathered. It is therefore relevant for this knowledge to be implemented in theform of a prototype of biometric AAI, based on the elaborated reference model. An easy to usebiometric method in this case is typing behavior as it does not require special sensors andtherefore it can be easily implemented as an enhanced security mechanism for passwordprotected AAIs.This prototype of a biometric AAI is currently under developed at the University of Regensburg.It uses the patented method of typing recognition Psylock [1] in combination with the popularopen source AAI OpenID [9]. The research topics mentioned are considered during theimplementation process. First tests have confirmed the aforementioned issues and brought upother research topics, like the use of three factor authentication (password, biometrics andtoken), fall-back mechanisms (loss of one authentication factor), trust management (can theparties involved be trusted) and policy based biometric authorization (e.g. access granted todifferent areas, depending of the reached match score).References[1] Bartmann, D., Bartmann, D. jr., “Method of user identity verification by means of akeyboard”, German patent, Nr. 196 31 484, 1997.[2] Bartmann, D.; Breu, C.: “Suitability of the biometric feature of typing behavior for userauthentication” (German), Aachen 2004, 321-341.[3] Bartmann, D., Bakdi, I., Achatz, M., “On the Design of an Authentication System Based onKeystroke Dynamics Using a Predefined Input Text”, International Journal of InformationSecurity and Privacy 1 (2007), Nr. 2, 1–12.[4] Hess, A.; Humm, B., Voß, M.: “Rules for high quality service oriented architectures”(German edition), Springer-Verlag, 2006.[5] Korman, D.; Rubin A., “Risks of the Passport Single Signon Protocol”, Computer Networks,Elsevier Science Press, volume 33, 51-58, 2000.[6] Krafzig, D.; Banke, K.; Slama, D.: “Enterprise SOA”, Prentice Hall Professional TechnicalReference, 2005.[7] Lopez, J.; Oppliger, R., Pernul, G.: “Authentication and authorisation infrastructures (AAIs):a comparative survey”, Computers&Security 23, 578-590, 2004.[8] Monrose, F.; Reiter, M.; Wetzel, S.: “Password hardening based on keystroke dynamics”,International Journal of Information Security, 69-83, 2002.[9] OpenID, http://openid.net/, retrieved 01.03.2008.20
Problems of biometric methods in Authentication and Authorization Infrastructures[10] Peacock, A.; Ke, X.; Wilkerson, M.: “Typing Patterns: A Key to User Identification”, IEEESecurity and Privacy, No. 5, Vol. 2, (2004) 40-47.[11] Ratha, N. K.; Connell, J. H.; Bolle, R. M.: “Enhancing security and privacy in biometricsbasedauthentication systems”, IBM Systems Journal, Volume 40, Number 3, 2001.[12] Schläger, C.; Sojer, M.; Muschall, B.; Pernul, G.: „Attribute-Based Authentication andAuthorisation Infrastructures for E-Commerce Providers“, pp 132-141 Springer-Verlag, 2006.[13] Spillane, R. J.: “Keyboard apparatus for personal identification”, IBM Technical DisclosureBulletin, Bd. 17, Nr. 11, (1975) 3346.[14] Stein, L.; Stewart John, “WWW Security FAQ”, 2003, http://www.w3.org/Security/Faq/wwwsf1.html, retrieved 01.03.2008.[15] Syverson, P.: “A Taxonomy of Replay Attacks”, Proceedings of the Computer SecurityFoundations Workshop VII, Franconia NH, 1994, IEEE CS Press (Los Alamitos, 1994).21
Page 3 and 4: Scientific Bulletin - Economic Scie
Page 7 and 8: Students: The Overlooked Products i
Page 11 and 12: EU and Western Balkan: ambivalent r
Page 19: Problems of biometric methods in Au
Page 23 and 24: The competitiveness of the European
Page 33 and 34: The economic equilibriumThe answer
Page 35 and 36: The economic equilibriumTo scarcer
Page 37 and 38: The economic equilibriumConsider th
Page 39 and 40: The economic equilibriumcost and pr
Page 43 and 44: Free movement of goods on the Singl
Page 53 and 54: Innovation - Five opportunities for
Page 57 and 58: Some Potential Econophysics’ Mode
Page 63 and 64: The importance of actuarial account
Page 71 and 72:
The effects of the atmospheric poll
Page 73 and 74:
The effects of the atmospheric poll
Page 75 and 76:
Scientific Bulletin - Economic Scie
Page 77 and 78:
Psychosocial specific in the intera
Page 79 and 80:
Multimedia system for interactive v
Page 81 and 82:
Multimedia system for interactive v
Page 83 and 84:
Employment of labor in models of ec
Page 85 and 86:
Employment of labor in models of ec
Page 87 and 88:
Psychosocial orientation in plannin
Page 89 and 90:
Scientific Bulletin - Economic Scie
Page 91 and 92:
Possibilities of stocks diminution
Page 93 and 94:
Possibilities of stocks diminution
Page 95 and 96:
Comparative analysis of the Departm
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
The role of training, coaching and
Page 103 and 104:
Page 105:
show all

buletin Åtiin ific - Facultatea de Stiinte Economice - Universitatea din ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

buletin Åtiin ific - Facultatea de Stiinte Economice - Universitatea din ...