Skip to main content
SpringerLink
Log in

Fighting entity authentication frauds by combining different technologies

  • Published:
BT Technology Journal

Abstract

Securing entity authentication is less trivial than it seems. In this paper we survey the security issues involved, and analyse whether the technologies available can protect us against fraud. The frauds and abuses could originate from individuals, criminal conspiracies and even governments. We conclude that no single technology is foolproof; a combination of technologies is required.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. History of passports (2004) — http://www.pptc.gc.ca/passport_office/history_e.asp

  2. Purdy G B: ‘A high security log-in procedure’, Commun ACM, 17, No8, pp 442–445 (August 1974).

    Article  MathSciNet  Google Scholar 

  3. Fiat A and Shamir A: ‘How to prove yourself: Practical solutions to identification and signature problems’, in Odlyzko A (Ed): ‘Advances in Cryptology’, Proc of Crypto '86 (Lecture Notes in Computer Science 263), pp 186–194, Santa Barbara, California, USA, Springer-Verlag (August 1987).

    Google Scholar 

  4. Bengio S, Brassard G, Desmedt Y G, Goutier C and Quisquater J-J: ‘Secure implementations of identication systems’, Journal of Cryptology, 4, No3, pp. 175–183 (1991).

    Article  Google Scholar 

  5. Desmedt Y, Goutier C and Bengio S: ‘Special uses and abuses of the Fiat-Shamir passport protocol’, in Pomerance C (Ed): ‘Advances in Cryptology’, Proc of Crypto '87 (Lecture Notes in Computer Science 293), pp 21–39, Santa Barbara, California, USA, Springer-Verlag (August 1988).

    Google Scholar 

  6. Chaum D: ‘Untraceable electronic mail, return addresses, and digital pseudonyms’, Commun ACM, 24, No2, pp 84–88 (February 1981).

    Article  Google Scholar 

  7. Boneh D and Franklin M: ‘Anonymous authentication with subset queries’, Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore, pp 113–119 (November 1999).

  8. Simmons G J: ‘A system for verifying user identity and authorisation at the point-of sale or access’, Cryptologia, 8, No1, pp 1–21 (January 1984).

    Google Scholar 

  9. Cryptographic Hardware and Embedded Systems (CHES) International Workshop (Lecture Notes in Computer Science), (1999–2005).

  10. Simmons G J: ‘Identification of data, devices, documents and individuals’, in Proc 25th Annual International Carnahan Conference on Security Technology, pp 197–218, Taipei, Taiwan, ROC, IEEE (October 1991).

    Google Scholar 

  11. Conway J H: ‘On numbers and games’, Academic Press Inc, London, UK (1976).

    Google Scholar 

  12. Beth T and Desmedt Y: ‘Identication tokens — or: Solving the chess grandmaster problem’, in Menezes A J and Vanstone S A (Eds): ‘Advances in Cryptology’, Proceedings Crypto '90 (Lecture Notes in Computer Science 537), Santa Barbara, California, USA, pp 169–176, Springer-Verlag (August 1991).

    Google Scholar 

  13. Ramsey N F: ‘Precise measurement of time’, American Scientist, 76, pp 42–49 (January–February 1988).

    Google Scholar 

  14. RFID Privacy Workshop, MIT, Boston (November 2003) — http://rfidprivacy.ex.com

  15. Doubt cast on fingerprint security (May 2002) — http://www.pptc.gc.ca/passport_office/history_e.asp

  16. Matsumoto T: ‘Gummy and conductive silicone rubber fingers: importance of vulnerability analysis’, in Zheng Y (Ed): ‘Advances in Cryptology — Asiacrypt 2002’, Proceedings (Lecture Notes in Computer Science 2501), pp 574–575. Springer-Verlag, Queenstown, New Zealand (December 2002).

    Google Scholar 

  17. von Solms B and Naccache D: ‘On blind signatures and perfect crimes’, Computers and Security, 11, No6, pp. 581–583 (October 1992).

    Google Scholar 

  18. Dodis Y, Kiayias A, Nicolosi A and Shoup V: ‘Anonymous identification in ad hoc groups’, in Cachin C and Camenisch J (Eds): ‘Advances in Cryptology — Eurocrypt 2004’, Proceedings (Lecture Notes in Computer Science 3027), pp 609–626, Springer, Interlaken, Switzerland (May 2004).

    Google Scholar 

  19. Bishop M: ‘Computer Security’, Addison-Wesley, Reading, MA (2003).

    Google Scholar 

  20. Menezes A, van Oorschot P and Vanstone S: ‘Applied Cryptography’, CRC, Boca Raton (1996).

    Google Scholar 

  21. Burmester M and Desmedt Y G: ‘Is hierarchical public-key certification the next target for hackers?’, Communications of the ACM, 47, No8, pp 68–74 (August 2004).

    Article  Google Scholar 

  22. Redman J: ‘Man wrongly linked to Madrid bombings sues’, (October 2004). — http: //www.cnn.com/2004/LAW/10/04/mayfield.lawsuit/index.html

  23. Pieprzyk J: ‘Question during ACISP 2005’, 10th Australasian Conference on Information Security and Privacy, Brisbane, Australia (July 2005).

Download references

Authors
  1. Y G Desmedt
    View author publications

    You can also search for this author in PubMed Google Scholar

About this article

Cite this article

Desmedt, Y.G. Fighting entity authentication frauds by combining different technologies. BT Technol J 23, 65–70 (2005). https://doi.org/10.1007/s10550-006-0008-y

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10550-006-0008-y

Keywords

Search

Navigation