Abstract
Authentication has been at the cornerstone of information security since the inception of information technology (IT). Whilst the foundations upon which they rely have changed little, technology has evolved and adapted these approaches to fit a variety of solutions. Prior to describing the nature of transparent authentication, the current technological barriers to implementation and the advantages such an approach could have, it is important to establish a baseline understanding of the current nature of authentication, the current technological requirements, limitations and deployments. From such a basis it is possible to better appreciate the unique environment within which transparent authentication operates and the benefits it could bring.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Whilst other attack vectors exist, the emphasis at this point is not on attacking systems or protocols to recover the password. This will be examined in Sect. 4.2.3.
- 2.
Literature also classifies identification in two further modes: open-set and closed-set identification. Open-set identification refers to identifying if someone is in the database and if so finding the record. In closed-set identification, it is assumed that the person is in the database, and the system needs to find the correct record. Whilst they appear similar in operation, the slight difference in assumptions of whether the individual is in the database or not results in a significant difference in system complexity, with the open-set identification being a far more challenging system to develop.
References
Ashbourn, J.: Biometrics: Advanced Identity Verification: The Complete Guide. Springer, London (2000). ISBN 978-1852332433
Balaban, D.: Transport for London to Discard Mifare Classic. NFC Times. Available at: http://www.nfctimes.com/news/transport-london-discard-mifare-classic-seeks-desfire-sims (2010). Accessed 10 Apr 2011
Bank of America: SiteKey at Bank of America. Bank of America. Available at: http://www.bankofamerica.com/privacy/index.cfm?template=sitekey (2011). Accessed 10 Apr 2011
BBC: Personal data privacy at risk. BBC News. Available at: cbra http://news.bbc.co.uk/1/hi/business/7256440.stm (2008). Accessed 10 Apr 2011
Blonder, G.E.: Graphical passwords. U.S. Patent 5559961, Lucent Technologies Inc, Murray Hill, 1995
Brostoff, S., Sasse, M.A.: Are Passfaces more usable than passwords? A field trial investigation. In: Proceedings of Human Computer Interaction, Sunderland, pp. 405–424 (2000)
Chip and PIN: Why did we change. Chip and PIN. Available at: http://www.chipandpin.co.uk/consumer/means/whychanging.html (2006). Accessed 10 Apr 2011
Crown Copyright: Using the Iris recognition immigration system (IRIS). Crown Copyright. Available at: http://www.ukba.homeoffice.gov.uk/travellingtotheuk/Enteringtheuk/usingiris/ (2010). Accessed 10 Apr 2011
Das, R.: Retina recognition: biometric technology in practice. Keesing Journal of Documents and Identity, issue 22. Available at: http://www.biometricnews.net/Publications/Biometrics_Article_Retinal_Recognition.pdf (2007). Accessed 10 Apr 2011
Daugman, J.: Biometric personal identification system based on Iris Recognition. US Patent 5,291,560 (1994)
de Winter, B.: New hack trashes London’s Oyster card. Tech World. Available at http://news.techworld.com/security/105337/new-hack-trashes-londons-oyster-card/ (2008). Accessed 10 Apr 2011
Dimitriadis, C., Polemi, D.: Biometric authentication. In: Proceedings of the First International Conference on Biometric Authentication (ICBA). Springer LNCS-3072, Berlin/Heidelberg (2004)
FVC2006: Open category: average results over all databases. Biometric System Laboratory. Available at: http://bias.csr.unibo.it/fvc2006/results/Open_resultsAvg.asp (2006). Accessed 10 Apr 2011
Gosset, P. (eds.): ASPeCT: Fraud detection concepts: final report. Doc Ref. AC095/VOD/W22/DS/P/18/1 (1998 Jan)
Hurley, D., Nixon, M., Carter, J.: Force field feature extraction for ear biometrics. Comput. Vis. Image Understand. 98, 491–512 (2005)
IBG.: How is biometrics defined? International Biometrics Group. Available at: http://www.biometricgroup.com/reports/public/reports/biometric_definition.html (2010a). Accessed 10 Apr 2011
Ingersoll-Rand.: HandKey. IR Security Technologies. Available at: http://w3.securitytechnologies.com/Products/biometrics/access_control/handkey/Pages/default.aspx (2011). Accessed 10 Apr 2011
IrsisGuard.: Iridian Announces UAE border control system exceeds one million transactions IrisGuard. Available at: http://www.irisguard.com/pages.php?menu_id=&local_type=5&local_id=1&local_details=1&local_details1=&localsite_branchname=IrisGuard (2004). Accessed 10 Apr 2011
ISO.: ISO/IEC 7813:2006 Information Technology – Identification Cards – Financial Transaction Cards. International Standards Organisation. Available at http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=43317 (2006). Accessed 10 Apr 2011
ISO: ISO JTC 1/SC37 – Biometrics. International Standards Organisation. Available at: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_tc_browse.htm?commid=313770&published=on&development=on (2010). Accessed 10 Apr 2011
Jain, A., Patrick, F., Arun, R.: Handbook of Biometrics. Springer, New York (2008). ISBN 978-0-387-71040-2
Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Commun. ACM 39, 168–176 (1990)
Kent, J.: Malaysia car thieves steal finger. BBC News. Available at: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm (2005). Accessed 10 Apr 2011
Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: Handbook of Fingerprint Recognition. Springer, New York (2005). ISBN 978-0387954318
Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial ‘gummy’ fingers on fingerprint systems. Proc. SPiE 4677, 275–289 (2002)
Miura, N., Nagasaka, A., Miyatake, T.: Feature extraction of finger-vein patterns based repeated line tracking and its applications to personal identification. Mach. Vis. Appl. 15, 194–203 (2004)
Moreno, B., Sanchez, A.: On the use of outer ear images for personal identification in security applications. In: Proceedings of IEEE 33rd Annual International Conference on Security Technologies, Madrid, pp. 469–476 (1999)
Nanavati, S., Thieme, M., Nanavati, R.: Biometrics Identity Verification in a Networked World. Wiley, New York (2002). ISBN 0471099457
NSTC: Biometrics glossary. National Science and Technology Council. Available at: http://www.biometrics.gov/Documents/Glossary.pdf (2006). Accessed 10 Apr 2011
Oechslin, P.: Making a faster cryptoanalytic time-memory trade-off. In: Advances in cryptology – CRYPTO 2003, 23 rd Annual International Cryptology Conference, Santa Barbara August 17–21, 2003, Proceedings. Lecture Notes in Computer Science 2729. Springer 2003, Berlin/Heidelberg, ISBN 3-540-40674-3 (2003)
Oxford University Press: How many words are there in the English language. Oxford University Press. Available at http://www.oxforddictionaries.com/page/93 (2010). Accessed 10 Apr 2011
Paivio, A., Rogers, T.B., Smythe, P.C.: Why are pictures easier to recall than words? Psychon. Sci. 11, 137–138 (1968)
Passfaces: Passfaces: two factor authentication for the enterprise. Passfaces Corporation. Available at http://www.realuser.com/index.htm (2011). Accessed 10 Apr 2011
Phillips, J., Scruggs, T., O’Toole, A., Flynn, P., Bowyer, W., Schott, C., Sharpe, M.: FRVT 2006 and ICE 2006 large-scale results. NIST IR 2007. Available at: http://face.nist.gov/frvt/frvt2006/FRVT2006andICE2006LargeScaleReport.pdf 2007. Accessed 10 Apr 2011
Przybocki, M., Martin, A., Le, A.: NIST speaker recognition evaluations utilising the mixer corpora – 2004, 2005, 2006. IEEE Trans. Audio Speech Lang. Process 15(7), 1951–1959 (2007)
RSA: Securing your future with two-factor authentication. EMC Corporation. Available at: http://www.rsa.com/node.aspx?id=1156 (2011). Accessed 10 Apr 2011
Sarkar, S., Phillips, P., Liu,., Robledo-Vega, I., Grother P, Bowyer, K.: The Human ID gait challenge problem: data sets, performance and analysis. IEEE Trans. Pattern. Anal. Mach. Intell. II, 162–177 (2005)
Scout Analytics: Sentry: zero footprint, strong authentication. Scout Analytics. Available at: http://www.biopassword.com/zero_footprint_strong_authentication.asp (2011). Accessed 10 Apr 2011
Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn Verbal Behav 6, 156–163 (1967)
Smith, R.: Authentication: From Passwords to Public Keys. Addison and Wesley, Boston (2002). ISBN 0201615991
Socolinsky, D., Selinger, A.: Face detection with visible and thermal infrared imagery. Comput. Vis Image Understand, pp. 72–114, July–August (2003)
Socolinsky, D., Selinger, A.: Thermal face recognition in an operational scenario. In: CVP04, Washington, DC, pp. 1012–1019 (2004)
Spillane, R.: Keyboard apparatus for personal identification. IBM Tech. Disclosure Bull. 17, 3346 (1975)
Stolfo, S.J., Wei F., Wenke L., Prodromidis, A., Chan, P.K.: Cost-based modeling for fraud and intrusion detection: results from the JAM project. In: DARPA Information Survivability Conference and Exposition, 2000. DISCEX ‘00. Proceedings, vol. 2, Hilton Head, pp. 130–144 (2000)
Stormann, C.:. Fraud management tool: evaluation report. Advanced Security for Personal Communications (ASePECT), Deliverable. 13, Doc Ref. AC095/SAG/W22/DS/P/13/2 (1997)
Symantec: SennaSpy generator. Symantec Corporation. Available at http://www.symantec.com/security_response/writeup.jsp?docid=2001-062211-2540-99 (2007). Accessed 10 Apr 2011
Thorpe, J., van Oorschot, P.C.: Human-seeded attacks and exploiting hot-spots in graphical passwords. In: 16th USENIX Security Symposium, Boston, pp. 103–118 (2007)
Vuagnoux, M., Pasini, S.: Compromising electromagnetic emanations of wired and wireless keyboards. In: 18th USENIX Security Symposium, Montreal, pp. 1–16 (2009)
Wikimedia Commons: Welcome to Wikimedia, Wikimedia Commons. Available at: http://commons.wikimedia.org/wiki/Main_Page (2011). Accessed 10 Apr 2011
Wireshark: Wireshark. Wireshark Foundation. Available at http://www.wireshark.org/ (2011). Accessed 10 Apr 2011
Woodward, J., Orlans, N., Higgins, P.: Biometrics and Strong Authentication. McGraw-Hill, Berkeley (2003). ISBN 978–0072222272
Yeung, D., Chang, H., Xiong, Y., George, S., Kashi, R., Matsumoto, T., Rigoll, G.: SVC2004: first international signature verification competition. In: Proceedings of ICBA. Springer LNCS-3072, Berlin/Heidelberg, pp. 16–22 (2004)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2011 Springer-Verlag London Limited
About this chapter
Cite this chapter
Clarke, N. (2011). Intrusive Authentication Approaches. In: Transparent User Authentication. Springer, London. https://doi.org/10.1007/978-0-85729-805-8_4
Download citation
DOI: https://doi.org/10.1007/978-0-85729-805-8_4
Published:
Publisher Name: Springer, London
Print ISBN: 978-0-85729-804-1
Online ISBN: 978-0-85729-805-8
eBook Packages: Computer ScienceComputer Science (R0)