Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Authentication Mechanisms and Classification: A Literature Survey

  • Conference paper
  • First Online:
Intelligent Computing

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 285))

Abstract

The Security must be considered from the need of two nodes to communicate with each other, through the moment of confirmed authentication to the secured establishment. It is an essential component of each authentication. In general, nodes communicate over different communication channels, which can be in private or in public networks. The methods and complexity of authentication vary depending on the parties involved in communication. In this paper, we are surveying the various methods for authentication, based on particular criteria, like the possibility to remember passwords; different graphical ways; body specifics (fingerprints, face); combining various techniques (certificates, PINs, digital signatures, one-time passwords, hash-chains, blockchains); QR codes (also with the involvement of augmented reality) for transmitting long passwords, etc. We aim to do as detailed as possible a survey over the literature, and to classify the ways for authentication, and different authenticators.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Carter, N.: Graphical passwords for older computer users. In: UIST 2015 Adjunct, Charlotte, NC, USA, 08–11 November 2015. ACM. https://doi.org/10.1145/2815585.2815593. 978-1-4503-3780-9/15/11

  2. Ratakonda, D.K.: Children’s authentication: understanding and usage. In: IDC 2019, Boise, ID, USA, 12–15 June 2019. ACM. https://doi.org/10.1145/3311927.3325354. ISBN 978-1-4503-6690-8/19/06

  3. Atwady, Y., Hammoudeh, M.: A survey on authentication techniques for the Internet of Things. In: ICFNDS 2017, Cambridge, United Kingdom, 19–20 July 2017 (2017). https://doi.org/10.1145/3102304.3102312

  4. Shah, S.W., Kanhere, S.S.: Recent trends in user authentication – a survey. IEEE Access (2019). https://doi.org/10.1109/ACCESS.2019.2932400

    Article  Google Scholar 

  5. Chenchev, I., Nakov, O., Lazarova, M.: Security and performance considerations of improved password authentication algorithm, based on OTP and hash-chains. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) FTC 2020. AISC, vol. 1290, pp. 921–934. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63092-8_63

    Chapter  Google Scholar 

  6. Salman, T., Zolanvari, M., Erbad, A., Jain, R., Samaka, M.: Security services using blockchains: a state of the art survey. IEEE Commun. Surv. Tutor. 21(1) (2019). https://doi.org/10.1109/COMST.2018.2863956

  7. Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, USA, May 1995. ISBN 978-0-262-74017-3

    Google Scholar 

  8. (RFC4880), [RFC4880] https://tools.ietf.org/html/rfc4880

  9. Rui, Z., Yan, Z.: A survey on biometric authentication: toward secure and privacy-preserving identification. IEEE Access (2018). https://doi.org/10.1109/ACCESS.2018.2889996

    Article  Google Scholar 

  10. Xu, Y., Li, Z., Yang, J., Zhang, D.: A survey of dictionary learning algorithms for face recognition. IEEE Access (2017). https://doi.org/10.1109/ACCESS.2017.2695239

  11. Zhou, H., Mian, A., Wei, L., Creighton, D., Hossny, M., Nahavandi, S.: Recent advances on singlemodal and multimodal face recognition: a survey. IEEE Trans. Hum.-Mach. Syst. 44(6) (2014). https://doi.org/10.1109/THMS.2014.2340578

  12. Galbally, J., Marcel, S., Fierrez, J.: Biometric antispoofing methods: a survey in face recognition. IEEE Access (2014). https://doi.org/10.1109/ACCESS.2014.2381273

  13. Hoffman, L.J.: Computers and privacy: a survey. Comput. Surv. 1(2), 85–103 (1969). Article found in ACM Digital Library

    Google Scholar 

  14. Peters, B.: Security considerations in a multi-programmed computer system. In: Proceedings of the AFIPS 1967 Spring Joint Computer Conference, vol. 30, pp. 283–286. Thompson Book Co., Washington, D.C. (1967)

    Google Scholar 

  15. Petersen, H.E., Turn, R.: System implications of information privacy. In: Spring Joint Computer Conference, 17–19 April 1967, vol. 30, pp. 291–300. Thompson Book Co., Washington, D.C. (1967). (Also available as Doc. P-3504, Rand Corp., Santa Monica, California, Apr. 1967)

    Google Scholar 

  16. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  17. Park, C.-S.: One-time password based on hash chain without shared secret and re-registration. Compt. Secur. 75, 138–146 (2018)

    Article  Google Scholar 

  18. O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91(12), 2019–2040 (2003)

    Article  Google Scholar 

  19. Arias-Cabarcos, P., Krupitzer, C., Becker, C.: A survey on adaptive authentication. ACM Comput. Surv. 52(4) (2019). https://doi.org/10.1145/3336117. Article no. 80, 30 pages

  20. Clarke, N.L., Furnell, S.M.: Authentication of users on mobile telephones – a survey of attitudes and practices. Comput. Secur. 24, 519–527 (2005). https://doi.org/10.1016/j.cose.2005.08.003

    Article  Google Scholar 

  21. Furnell, S.: Authenticating ourselves: will we ever escape the password? Netw. Secur. 2005, 8–13 (2005)

    Article  Google Scholar 

  22. Liao, I.-E., Lee, C.-C., Hwang, M.-S.: A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72, 727–740 (2006). https://doi.org/10.1016/j.jcss.2005.10.001

    Article  MathSciNet  MATH  Google Scholar 

  23. Yen, S.-M., Liao, K.-H.: Shared authentication token secure against replay and weak key attacks. Inf. Process. Lett. 62, 77–80 (1997)

    Article  MathSciNet  Google Scholar 

  24. Chan, C.-S., Chang, C.-C.: An efficient image authentication method based on Hamming code. Pattern Recogn. 40, 681–690 (2007). https://doi.org/10.1016/j.patcog.2006.05.018

    Article  MATH  Google Scholar 

  25. Gold, S.: Password alternatives. Network Security. Elsevier, September 2010

    Google Scholar 

  26. Guerar, M., Merlo, A., Migliardi, M., Palmieri, F.: Invisible CAPTCHA: a usable mechanism to distinguish between malware and humans on the mobile IoT. Comput. Secur. 78, 255–266 (2018). https://doi.org/10.1016/j.cose.2018.06.007

    Article  Google Scholar 

  27. Halunen, K., Haikio, J., Vallivaara, V.: Evaluation of user authentication methods in the gadget-free world. Pervasive Mob. Comput. 40, 220–241 (2017). https://doi.org/10.1016/j.pmcj.2017.06.017

    Article  Google Scholar 

  28. Dossogne, J., Lafitte, F.: On authentication factors: “what you can” and “how you do it”. In: SIN 2013, Aksaray, Turkey, 26–28 November 2013. ACM (2013). https://doi.org/10.1145/2523514.2523528

  29. Peiset, S., Talbot, E., Kroeger, T.: Principles of authentication. In: NSPW 2013, Banff, Canada, 9–12 September 2013. ACM (2013). https://doi.org/10.1145/2535813.2535819

  30. Singh, K.: On improvements to password security. ACM (1985)

    Google Scholar 

  31. Morris, R., Thompson, K.: Password security: a case history. Commun. ACM 22(11), 594–597 (1979)

    Article  Google Scholar 

  32. Monrose, F., Reiter, M.K., Wetzel, S.: Password hardening based on keystroke dynamics. In: CCS 1999, 11/99, Singapore. ACM (1999)

    Google Scholar 

  33. Shay, R., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: Symposium on Usable Privacy and Security (SOUPS) 2010, Redmond, WA USA, 14–16 July 2010. ACM (2010)

    Google Scholar 

  34. Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: International World Wide Web Conference Committee (IW3C2) 2005, Chiba, Japan, 10–14 May 2005. ACM (2005)

    Google Scholar 

  35. Garrison, C.P.: Encouraging good passwords. In: InfoSecCD Conference 2006, Kennesaw, GA, USA, 22–23 September 2006. ACM (2006)

    Google Scholar 

  36. Fordyce, T., Green, S., Gros, Th.: Investigation of the effect of fear and stress on password choice. In: 7th ACM Workshop on Socio-Technical Aspects in Security and Trust, Orlando, Florida, USA, (STAST 2017), December 2017 (2017). https://doi.org/10.475/123_4

  37. Read, J.C., Cassidy, B.: Designing textual password systems for children. In: IDC 2012, Bremen, Germany, 12–15 June 2012 (2012)

    Google Scholar 

  38. Wright, N., Patrick, A.S., Biddle, R.: Do you see your password? Applying recognition to textual passwords. In: Symposium on Usable Privacy and Security (SOUPS) 2012, Washington, DC, USA, 11–13 July 2012 (2012)

    Google Scholar 

  39. Florencio, D., Herley, C.: A large-scale study of web password habits. In: International World Wide Web Conference Committee (IW3C2) 2007, Banff, Alberta, Canada, 8–12 May 2007. ACM (2007)

    Google Scholar 

  40. Lee, C., Lee, H.: A password stretching method using user specific salts. In: WWW 2007, Banff, Alberta, Canada, 8–12 May 2007. ACM (2007)

    Google Scholar 

  41. Korkmaz, I., Dalkilic, M.E.: The weak and the strong password preferences: a case study on Turkish users. In: SIN 2010, Taganrog, Rostov-on-Don, Russian Federation, 7–11 September 2010. ACM (2010)

    Google Scholar 

  42. Brown, M., Doswell, F.R.: Using passtones instead of passwords. In: ACMSE 2010, Oxford, MS, USA, 15–17 April 2010. ACM (2010)

    Google Scholar 

  43. Hadjidemetriou, G., et al.: Picture passwords in mixed reality: implementation and evaluation. In: CHI 2019 Extended Abstracts, Glasgow, Scotland UK, 4–9 May 2019. ACM (2019). https://doi.org/10.1145/3290607.3313076

  44. Houshmand, S., Aggarwal, S.: Building better passwords using probabilistic techniques. In: ACSAC 2012, Orlando, Florida, USA, 3–7 December 2012. ACM (2012)

    Google Scholar 

  45. Manjula Shenoy, K., Supriya, A.: Authentication using alignment of the graphical password. In: ICAICR 2019, Shimla, H.P., India, 15–16 June 2019. ACM (2019). https://doi.org/10.1145/3339311.3339332

  46. Chang, Y.-F., Chang, C.-C.: A secure and efficient strong-password authentication protocol. ACM SIGOPS Oper. Syst. Rev. (2004). https://doi.org/10.1145/1035834.1035844

  47. Schneier, B.: Sensible authentication. ACM Queue 10, 74–78 (2004)

    Article  Google Scholar 

  48. Alhothaily, A., et al.: A secure and practical authentication scheme using personal devices. IEEE Access 5 (2017). https://doi.org/10.1109/ACCESS.2017.2717862

  49. Derhab, A., et al.: Two-factor mutual authentication offloading for mobile cloud computing. IEEE Access 8, 28956–28969 (2020)

    Article  Google Scholar 

  50. Siddiqui, Z., Tayan, O., Khan, M.K.: Security analysis of smartphone and cloud computing authentication frameworks and protocols. IEEE Access 6, 34527–34542 (2018)

    Article  Google Scholar 

  51. Mohsin, J.K., Han, L., Hammoudeh, M.: Two factor vs multi-factor, an authentication battle in mobile cloud computing environments. In: ACM ICFNDS 2017, Cambridge, United Kingdom, 19–20 July 2017 (2017). https://doi.org/10.1145/3102304.3102343

  52. Ku, Y., Park, L.H., Shin, S., Kwon, T.: POSTER: a guided approach to behavioral authentication. In: CCS 2018, Toronto, ON, Canada, 15–19 October 2018. ACM (2018). https://doi.org/10.1145/3243734.3278488

  53. Gong, C., Behar, B.: Understanding password security through password cracking. JCSC 33(5), 81–87 (2018)

    Google Scholar 

  54. Nguyen, M., Tran, H., Le, H., Yan, W.Q.: A tile based color picture with hidden QR code for augmented reality and beyond. In: VRST 2017, Gothenburg, Sweden, 8–10 November 2017. ACM (2017). https://doi.org/10.1145/3139131.3139164

  55. Shay, R., et al.: Can long passwords be secure and usable? In: CHI 2014, Toronto, ON, Canada, 26 April–01 May 2014. ACM (2014). https://doi.org/10.1145/2556288.2557377

  56. Abuarqoub, A.: A lightweight two-factor authentication scheme for mobile cloud computing. In: ICFNDS 2019, Paris, France, 1–2 July 2019. ACM (2019). https://doi.org/10.1145/3341325.3342020

  57. Kogan, D., Manohar, N., Boneh, D.: T/Key: second-factor authentication from secure hash chains. In: CCS 2017, Dallas, TX, USA, 30 October–3 November 2017. ACM (2017). https://doi.org/10.1145/3133956.3133989

  58. Buccafurri, F., Romolo, C.: A blockchain-based OTP-authentication scheme for constrained IoT devices using MQTT. In: ISCSIC 2019, Amsterdam, Netherlands, 25–27 September 2019. ACM (2019). https://doi.org/10.1145/3386164.3389095

  59. Xiong, L., Li, F., Zeng, S., Peng, T., Liu, Z.: A blockchain-based privacy-awareness authentication scheme with efficient revocation for multi-server architectures. IEEE Access 7 (2019). https://doi.org/10.1109/ACCESS.2019.2939368

  60. Tang, F., Ma, S., Xiang, Y., Lin, C.: An efficient authentication scheme for blockchain-based electronic health records. IEEE Access 7 (2019). https://doi.org/10.1109/ACCESS.2019.2904300

  61. Wang, X., et al.: An improved authentication scheme for internet of vehicles based on blockchain technology. IEEE Access 7 (2019). https://doi.org/10.1109/ACCESS.2019.2909004

  62. Tan, H., Chung, I.: Secure authentication and key management with blockchain in VANETs. IEEE Access 8 (2020). https://doi.org/10.1109/ACCESS.2019.2962387

  63. Alaca, F., van Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: ACSAC 2016, Los Angelis, CA, USA, 05–09 December 2016. ACM (2016). https://doi.org/10.1145/2991079.2991091

  64. Lin, F., et al.: Brain password: a secure and truly cancelable brain biometrics for smart headwear. In: MobiSys 2018, Munich, Germany, 10–15 June 2018. ACM (2018). https://doi.org/10.1145/3210240.3210344

  65. Chuda, D., Durfina, M.: Multifactor authentication based on keystroke dynamics. In: International Conference on Computer Systems and Technologies – CompSysTech 2009. ACM (2009)

    Google Scholar 

  66. Hayashi, E., Christin, N.: Use your illusion: secure authentication usable anywhere. In: Symposium on Usable Privacy and Security (SOUPS) 2008, Pittsburgh, PA, USA, 23–25 July 2008. ACM (2008)

    Google Scholar 

  67. Mustafa, T., et al.: Unsure how to authenticate on your VR headset? Come on, use your head! In: Authentication, Software, Vulnerabilities, Security Analytics, IQSPA 2018, Tempe, AZ, USA, 21 March 2018. ACM (2018). https://doi.org/10.1145/3180445.3180450

  68. Forget, A., Chiasson, S., Biddle, R.: Choose your own authentication. In: NSPW 2015, Twente, Netherlands, 08–11 September 2015. ACM (2015). https://doi.org/10.1145/2841113.2841114

  69. Renuka, K., Kumari, S., Zhao, D., Li, L.: Authentication scheme for M2M networks in IoT enabled cyber-physical systems. IEEE Access 7 (2019). https://doi.org/10.1109/ACCESS.2019.2908499

  70. Batool, S., Hassan, A., Saqib, N., Khattak, M.: Authentication of remote IoT users based on deeper gait analysis of sensor data. IEEE Access 8 (2020). https://doi.org/10.1109/ACCESS.2020.2998412

  71. Katz, J., Ostrovsky, R., Yung, M.: Efficient and secure authentication key exchange using weak passwords. J. ACM 57(1) (2009). https://doi.acm.org/10.1145/1613676.1613679. Article no. 3

  72. Jablon, D.: Strong password-only authenticated key exchange. ACM SIGCOMM Comput. Commun. Rev. (1996)

    Google Scholar 

  73. Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2(3), 230–268 (1999)

    Article  Google Scholar 

  74. Stebila, D., Udupi, P., Chang, S.: Multi-factor password-authenticated key exchange. In: Proceedings of the 8th Australasian Information Security Conference (AISC 2010), Brisbane, Australia. CRPIT Volume 105 – Information Security 2010. ACM (2010)

    Google Scholar 

  75. Kim, S.-H., Choi, D., Jin, S.-H., Lee, S.-H.: Geo-location based QR-code authentication scheme to defeat active real-time phishing attack. In: DIM 2013, Berlin, Germany, 08 November 2013. ACM Workshop on Digital Identity Management (2013). https://doi.org/10.1145/2517881.2517889

  76. Hayashi, E., et al.: Web ticket: account management using printable tokens. In: CHI 2012, SIGCHI Conference on Human Factors in Computing Systems, May 2012, pp. 997–1006. ACM (2012). https://doi.org/10.1145/2207676.2208545

Download references

Acknowledgment

The research reported here was funded by the project “An innovative software platform for big data learning and gaming analytics for a user-centric adaptation of technology-enhanced learning (APTITUDE)” - research projects on the societal challenges – 2018 by Bulgarian National Science Fund with contract №: KP-06OPR03/1 from 13.12.2018.

Author information

Authors and Affiliations

  1. Technical University of Sofia, Sofia, Bulgaria

    Ivaylo Chenchev & Adelina Aleksieva-Petrova

  2. Sofia University, Sofia, Bulgaria

    Milen Petrov

Authors
  1. Ivaylo Chenchev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adelina Aleksieva-Petrova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Milen Petrov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chenchev, I., Aleksieva-Petrova, A., Petrov, M. (2021). Authentication Mechanisms and Classification: A Literature Survey. In: Arai, K. (eds) Intelligent Computing. Lecture Notes in Networks and Systems, vol 285. Springer, Cham. https://doi.org/10.1007/978-3-030-80129-8_69

Download citation

Publish with us

Policies and ethics

Search

Navigation