BT Technology Journal

, Volume 23, Issue 4, pp 65–70 | Cite as

Fighting entity authentication frauds by combining different technologies

  • Y G Desmedt
Article
  • 15 Downloads

Abstract

Securing entity authentication is less trivial than it seems. In this paper we survey the security issues involved, and analyse whether the technologies available can protect us against fraud. The frauds and abuses could originate from individuals, criminal conspiracies and even governments. We conclude that no single technology is foolproof; a combination of technologies is required.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    History of passports (2004) — http://www.pptc.gc.ca/passport_office/history_e.aspGoogle Scholar
  2. 2.
    Purdy G B: ‘A high security log-in procedure’, Commun ACM, 17, No8, pp 442–445 (August 1974).CrossRefMathSciNetGoogle Scholar
  3. 3.
    Fiat A and Shamir A: ‘How to prove yourself: Practical solutions to identification and signature problems’, in Odlyzko A (Ed): ‘Advances in Cryptology’, Proc of Crypto '86 (Lecture Notes in Computer Science 263), pp 186–194, Santa Barbara, California, USA, Springer-Verlag (August 1987).Google Scholar
  4. 4.
    Bengio S, Brassard G, Desmedt Y G, Goutier C and Quisquater J-J: ‘Secure implementations of identication systems’, Journal of Cryptology, 4, No3, pp. 175–183 (1991).CrossRefGoogle Scholar
  5. 5.
    Desmedt Y, Goutier C and Bengio S: ‘Special uses and abuses of the Fiat-Shamir passport protocol’, in Pomerance C (Ed): ‘Advances in Cryptology’, Proc of Crypto '87 (Lecture Notes in Computer Science 293), pp 21–39, Santa Barbara, California, USA, Springer-Verlag (August 1988).Google Scholar
  6. 6.
    Chaum D: ‘Untraceable electronic mail, return addresses, and digital pseudonyms’, Commun ACM, 24, No2, pp 84–88 (February 1981).CrossRefGoogle Scholar
  7. 7.
    Boneh D and Franklin M: ‘Anonymous authentication with subset queries’, Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore, pp 113–119 (November 1999).Google Scholar
  8. 8.
    Simmons G J: ‘A system for verifying user identity and authorisation at the point-of sale or access’, Cryptologia, 8, No1, pp 1–21 (January 1984).Google Scholar
  9. 9.
    Cryptographic Hardware and Embedded Systems (CHES) International Workshop (Lecture Notes in Computer Science), (1999–2005).Google Scholar
  10. 10.
    Simmons G J: ‘Identification of data, devices, documents and individuals’, in Proc 25th Annual International Carnahan Conference on Security Technology, pp 197–218, Taipei, Taiwan, ROC, IEEE (October 1991).Google Scholar
  11. 11.
    Conway J H: ‘On numbers and games’, Academic Press Inc, London, UK (1976).Google Scholar
  12. 12.
    Beth T and Desmedt Y: ‘Identication tokens — or: Solving the chess grandmaster problem’, in Menezes A J and Vanstone S A (Eds): ‘Advances in Cryptology’, Proceedings Crypto '90 (Lecture Notes in Computer Science 537), Santa Barbara, California, USA, pp 169–176, Springer-Verlag (August 1991).Google Scholar
  13. 13.
    Ramsey N F: ‘Precise measurement of time’, American Scientist, 76, pp 42–49 (January–February 1988).Google Scholar
  14. 14.
    RFID Privacy Workshop, MIT, Boston (November 2003) — http://rfidprivacy.ex.comGoogle Scholar
  15. 15.
    Doubt cast on fingerprint security (May 2002) — http://www.pptc.gc.ca/passport_office/history_e.aspGoogle Scholar
  16. 16.
    Matsumoto T: ‘Gummy and conductive silicone rubber fingers: importance of vulnerability analysis’, in Zheng Y (Ed): ‘Advances in Cryptology — Asiacrypt 2002’, Proceedings (Lecture Notes in Computer Science 2501), pp 574–575. Springer-Verlag, Queenstown, New Zealand (December 2002).Google Scholar
  17. 17.
    von Solms B and Naccache D: ‘On blind signatures and perfect crimes’, Computers and Security, 11, No6, pp. 581–583 (October 1992).Google Scholar
  18. 18.
    Dodis Y, Kiayias A, Nicolosi A and Shoup V: ‘Anonymous identification in ad hoc groups’, in Cachin C and Camenisch J (Eds): ‘Advances in Cryptology — Eurocrypt 2004’, Proceedings (Lecture Notes in Computer Science 3027), pp 609–626, Springer, Interlaken, Switzerland (May 2004).Google Scholar
  19. 19.
    Bishop M: ‘Computer Security’, Addison-Wesley, Reading, MA (2003).Google Scholar
  20. 20.
    Menezes A, van Oorschot P and Vanstone S: ‘Applied Cryptography’, CRC, Boca Raton (1996).Google Scholar
  21. 21.
    Burmester M and Desmedt Y G: ‘Is hierarchical public-key certification the next target for hackers?’, Communications of the ACM, 47, No8, pp 68–74 (August 2004).CrossRefGoogle Scholar
  22. 22.
    Redman J: ‘Man wrongly linked to Madrid bombings sues’, (October 2004). — http: //www.cnn.com/2004/LAW/10/04/mayfield.lawsuit/index.htmlGoogle Scholar
  23. 23.
    Pieprzyk J: ‘Question during ACISP 2005’, 10th Australasian Conference on Information Security and Privacy, Brisbane, Australia (July 2005).Google Scholar

Copyright information

© Springer Science+Business Media, Inc. 2005

Authors and Affiliations

  • Y G Desmedt

There are no affiliations available

Personalised recommendations