Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Draft of a Dynamic Malware Detection System on Trustworthy Endpoints Kapitel lesen Erstes Kapitel lesen

2013 | OriginalPaper | Buchkapitel

The Evolution of Authentication

verfasst von : Rolf Lindemann

Erschienen in: ISSE 2013 Securing Electronic Business Processes

Verlag: Springer Fachmedien Wiesbaden

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

An analysis of 6 million accounts showed that 10,000 common passwords would have access to 99.8% of the accounts. When looking at passwords for banking accounts, it can be found that 73% of users shared their online banking password with at least one non-financial site, which means that when the non-banking site gets hacked, the banking account is threatened. And it’s not only about security. According to a recent study conducted by the Ponemon Institute, more than 45% of the online transactions fail “Very Frequently” or “Frequently” due to authentication problems. Passwords do not work, yet no other technologies have been broadly deployed, why is that?
Current alternative technologies require their respective proprietary server technology. The current authentication architecture therefore consists of ’silos’ comprising the authentication method, the related client implementation and the related server technology. Instead of having a competition for better user authentication methods, authentication companies are faced with a battle for the best server technology.
Other current challenges with Authentication include the need for flexibility. Today it is used for electronically initiating high value money transactions and for accessing the personal purchase history in an online bookshop. The security needs are different. The ongoing adoption of mobile devices and the BYOD trend lead to an increasingly heterogeneous authentication landscape. There is no one approach that can meet these diverse requirements.
The FIDO Alliance, a new industry working group, has been founded to define an open, interoperable set of mechanisms that reduce the reliance on passwords.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Draft of a Dynamic Malware Detection System on Trustworthy Endpoints
Nächstes Kapitel Security Challenges of Current Federated eID Architectures
Literatur
[1]
Dinei Florencio and Cormac Herley, Microsoft Research, „A Large-Scale Study of Web Password Habits," Redmond, 2007.
[2]
[3]
Trusteer, Inc.,..Reused Login Credentials," New York, 2010.
[4]
Cloud Security Alliance,..Top Threats to Cloud Computing, v1.0," 2010.
[5]
Ponemon Institute LLC,..Moving Beyond Passwords: Consumer Attitudes on Online Authent- cation - A Study of US, UK and German Consumers," 2013.
[6]
C. H. P. C. v. O. F. S. Joseph Bonneau, “The Quest to Replace Passwords - A Framework for Comparative Evaluation of Web Authentication Schemes,” in Proceedings of IEEE Symposium on Security and Privacy, Oakland, 2012.
[7]
David A. Willis, Gartner,..Bring Your Own Device: The Facts and the Future," Gartner, 2013.
[8]
J. C. a. J. Jacob, „A Survey of Authentication Protocol Literature: Version 1.0," 1997.
[9]
Benjie Chen and Robert Morris; MIT Laboratory for Computer Science, “Certifying Program Execution with Secure Processors,” in USENIX HotOS Workshop, 2003.
[10]
B. Aboba, Microsoft; L. Blunk, Merit Network, Inc.; J. Vollbrecht, Vollbrecht Consulting LLC; J. Carlson, Sun; H. Levkowetz, ipUnplugged, „Extensible Authentication Protocol (EAP), RFC3748," Network Working Group, The Internet Society, 2004.
[11]
Initiative for Open Authentication (OATH),..OATH Reference Architecture, Release 2.0," 2007.
[12]
William E. Burr, Donna F. Dodson, Elaine M. Newton, Ray A. Perlner, W. Timothy Polk; Computer Security Division, Information Technology Laboratory and Sabari Gupta, Emad A. Nab- bus; Electrosoft Services, Inc.,..Electronic Authentication Guideline," National Institute of Standards and Technology (NIST), 2013.
[13]
European Central Bank,.Recommendations for the Security of Internet Payments," Frankfurt am Main, 2012.
[14]
FFIEC,.Supplement to Authentication in an Internet Banking Environment," Arlington, 2005.
[15]
B. S. M. S. Obaidat, “Keystroke Dynamics Based Authentication,” in Biometrics. Personal Identification in Networked Society, Kluwer Academic Publishers, pp. 213-229.
[16]
BehavioSec,.Measuring FAR/FRR/EER in Continuous Authentication," Stockholm, Sweden, 2009.
[17]
Florian Schaub, Ruben Deyhle, Michael Weber; Institute of Media Informatics, Ulm University, 89069 Ulm, Germany,.Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms," Ulm, Germany, 2012.
[18]
Confident Technologies,.Mobile (In)Security - A Survey of Security Habits on Smartphones and Tablets," 2011.
[19]
Koichiro Niinuma, Fujitsi Laboratories, Kawasaki, Japan; Anil K. Jain, Department of Computer Science & Engineering, Michigan State University, East Lansing, MI, USA,.Continuous User Authentication Using Temporal Information," 2009.
[20]
Martha E. Crosby and Custis S. Ikehara; University of Hawaii/Manoa (USA),.Continuous identity authentication using multimodal physiological sensors," 2004.
[21]
M. Jones, Microsoft; D. Hardt, Independent,.The OAuth 2.0 AuthorizationFramework: Bearer Token Usage (RFC6750)," Internet Engineering Task Force (IETF), 2012.
[22]
Gregory D. Williamson, GE Money - America’s, “Enhanced Authentication In Online Banking,” Journal of Economic Crime Management, pp. Fall 2006, Volume 4, Issue 2, 2006.
[23]
Vivek Haldar, Deepak Chandra, and Michael Franz; Department of Computer Science, University of California,..Semantic Remote Attestation - A Virtual Machine directed approach to Trusted Computing," Irvine, CA, USA, 2004.
[24]
Federal Public Key Infrastructure Policy Authority,..United States Federal PKI - X.509 Certification Practice Statement (CPS) for the Federal Public Key Infrastructure (FPKI)," 2011.
[25]
Trusted Computing Group,..Trusted Platform Module (TPM) Summary," 2008.
[26]
C. Bare,..Attestation and Trusted Computing," 2006.
[27]
ISO/IEC,..ISO/IEC 7816-8 Commands for security operations," 2004.
[28]
Trusted Computing Group,..Trusted Platform Module Library - Part 1 Archutecture," 2013.
[29]
GlobalPlatform,..Secure Element Access Control," 2012.
[30]
ARM Limited,..ARM Security Technology - Building a Secure System using TrustZone Technology," 2009.
[31]
RSA Laboratories,..PKCS#11 Base Functionality v2.30: Cryptoki - Draft 4," 2009.
[32]
[33]
Sally Hudson, IDC, „Worldwide Identity and Access Management Market 2011-2015 Forecast," Framingham, 2011.
[34]
Sharon A. Mertz, Chad Eschinger, Tom Eid, Yanna Dharmasthira, Chris Pang, Laurie F. Wurst- er, Tsuyoshi Ebina, Hai Hong Swinehart; Gartner,..Forecast: Software as a Service, All Regions, 2010-2015," 2011.
[35]
Stefan Ried, Ph.D.; Holger Kisker with Pascal Matzke, Andrew Bartels, Miroslaw Lisserman; Forrester Research,..Sizing The Cloud - A BT Futures Report," 2011.
[36]
John C. McCarthy with Christopher Mines, Pascal Matzke, Yahor Darashkevich; Forrester Research,..Mobile App Internet Recasts The Software And Services Landscape - A BT Futures Report," 2011.
[37]
KPMG,..2011 KPMG Mobile Payments Outlook," 2011.
[38]
Cloud Security Alliance,..Security Guidance for Critical Areas of Focus in Cloud Computing v2.1," 2009.
[39]
[40]
Sascha Rehbock and Ray Hunt, Computer Science and Software Engineering University of Canterbury,.Trustworthy Clients: Architectural Approaches for Extending TNC to Web-Based Environments," Christchurch, New Zealand, 2008.
[41]
Leicher, A., Schmidt, A.U., Shah, Y. and Cha, I., “Trusted computing enhanced user authentication with OpenID and trustworthy user interface,” Int. J. Internet Technology and Secured Transactions, vol. Vol.3, no. No.4, pp. 331 - 353, 2011.
[42]
Stuart E. Schechter, MIT Lincoln Laboratoy; Rachna Dhamija, Hardvard University & Commerce Net; Andy Ozment, MIT Loncoln Laboratory & Univeristy of Cambridge; Ian Fischer, Harvard University,..The Emperor’s New Security Indicators," 2007.
[43]
K. N. Elbert,.Understanding Consumers’ Visual Attention Patterns Online: An Eye Tracking Analysis of Web Trust Seal Effects On Visual Attention and Choice," 2013.
[44]
Vaclav Matyas and Zdnenek Riha, Faculty of Informatics, Masaryk University Brno, Czech Republic,..Biometric Authentication - Security and Usability," 2002.
Metadaten
Titel
The Evolution of Authentication
verfasst von
Rolf Lindemann
Copyright-Jahr
2013
Verlag
Springer Fachmedien Wiesbaden
Buch
ISSE 2013 Securing Electronic Business Processes

Print ISBN: 978-3-658-03370-5

Electronic ISBN: 978-3-658-03371-2

Copyright-Jahr: 2013

DOI
https://doi.org/10.1007/978-3-658-03371-2_2