Abstract
Securing entity authentication is less trivial than it seems. In this paper we survey the security issues involved, and analyse whether the technologies available can protect us against fraud. The frauds and abuses could originate from individuals, criminal conspiracies and even governments. We conclude that no single technology is foolproof; a combination of technologies is required.
Similar content being viewed by others
References
History of passports (2004) — http://www.pptc.gc.ca/passport_office/history_e.asp
Purdy G B: ‘A high security log-in procedure’, Commun ACM, 17, No8, pp 442–445 (August 1974).
Fiat A and Shamir A: ‘How to prove yourself: Practical solutions to identification and signature problems’, in Odlyzko A (Ed): ‘Advances in Cryptology’, Proc of Crypto '86 (Lecture Notes in Computer Science 263), pp 186–194, Santa Barbara, California, USA, Springer-Verlag (August 1987).
Bengio S, Brassard G, Desmedt Y G, Goutier C and Quisquater J-J: ‘Secure implementations of identication systems’, Journal of Cryptology, 4, No3, pp. 175–183 (1991).
Desmedt Y, Goutier C and Bengio S: ‘Special uses and abuses of the Fiat-Shamir passport protocol’, in Pomerance C (Ed): ‘Advances in Cryptology’, Proc of Crypto '87 (Lecture Notes in Computer Science 293), pp 21–39, Santa Barbara, California, USA, Springer-Verlag (August 1988).
Chaum D: ‘Untraceable electronic mail, return addresses, and digital pseudonyms’, Commun ACM, 24, No2, pp 84–88 (February 1981).
Boneh D and Franklin M: ‘Anonymous authentication with subset queries’, Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore, pp 113–119 (November 1999).
Simmons G J: ‘A system for verifying user identity and authorisation at the point-of sale or access’, Cryptologia, 8, No1, pp 1–21 (January 1984).
Cryptographic Hardware and Embedded Systems (CHES) International Workshop (Lecture Notes in Computer Science), (1999–2005).
Simmons G J: ‘Identification of data, devices, documents and individuals’, in Proc 25th Annual International Carnahan Conference on Security Technology, pp 197–218, Taipei, Taiwan, ROC, IEEE (October 1991).
Conway J H: ‘On numbers and games’, Academic Press Inc, London, UK (1976).
Beth T and Desmedt Y: ‘Identication tokens — or: Solving the chess grandmaster problem’, in Menezes A J and Vanstone S A (Eds): ‘Advances in Cryptology’, Proceedings Crypto '90 (Lecture Notes in Computer Science 537), Santa Barbara, California, USA, pp 169–176, Springer-Verlag (August 1991).
Ramsey N F: ‘Precise measurement of time’, American Scientist, 76, pp 42–49 (January–February 1988).
RFID Privacy Workshop, MIT, Boston (November 2003) — http://rfidprivacy.ex.com
Doubt cast on fingerprint security (May 2002) — http://www.pptc.gc.ca/passport_office/history_e.asp
Matsumoto T: ‘Gummy and conductive silicone rubber fingers: importance of vulnerability analysis’, in Zheng Y (Ed): ‘Advances in Cryptology — Asiacrypt 2002’, Proceedings (Lecture Notes in Computer Science 2501), pp 574–575. Springer-Verlag, Queenstown, New Zealand (December 2002).
von Solms B and Naccache D: ‘On blind signatures and perfect crimes’, Computers and Security, 11, No6, pp. 581–583 (October 1992).
Dodis Y, Kiayias A, Nicolosi A and Shoup V: ‘Anonymous identification in ad hoc groups’, in Cachin C and Camenisch J (Eds): ‘Advances in Cryptology — Eurocrypt 2004’, Proceedings (Lecture Notes in Computer Science 3027), pp 609–626, Springer, Interlaken, Switzerland (May 2004).
Bishop M: ‘Computer Security’, Addison-Wesley, Reading, MA (2003).
Menezes A, van Oorschot P and Vanstone S: ‘Applied Cryptography’, CRC, Boca Raton (1996).
Burmester M and Desmedt Y G: ‘Is hierarchical public-key certification the next target for hackers?’, Communications of the ACM, 47, No8, pp 68–74 (August 2004).
Redman J: ‘Man wrongly linked to Madrid bombings sues’, (October 2004). — http: //www.cnn.com/2004/LAW/10/04/mayfield.lawsuit/index.html
Pieprzyk J: ‘Question during ACISP 2005’, 10th Australasian Conference on Information Security and Privacy, Brisbane, Australia (July 2005).
About this article
Cite this article
Desmedt, Y.G. Fighting entity authentication frauds by combining different technologies. BT Technol J 23, 65–70 (2005). https://doi.org/10.1007/s10550-006-0008-y
Issue Date:
DOI: https://doi.org/10.1007/s10550-006-0008-y