Advertisement

Comparison of Authentication Methods on Web Resources

  • Antonina Komarova
  • Alexander Menshchikov
  • Alexander Negols
  • Anatoly Korobeynikov
  • Yurij Gatchin
  • Nina Tishukova
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 679)

Abstract

These days web resources keep and process a lot of valuable information. Confidential data and private pages have to be protected due to business processes. To implement this requirement and limit the number of people having access to the restricted resources, you need to configure a proper authentication on website. Unfortunately authentication is often implemented incorrectly which leads to information leaks. Frequently websites have only password protection and use other simple methods. The article deals with different comparison of authentication methods, using both simple and advanced approaches including cryptography and biometrics. Moreover, the authors give the comparative analysis of different approach parameters. Usability, performance, security and other features of the methods are analyzed. The most convenient to use, the easiest to implement and the most secure methods are found. A conclusion about the most suitable application areas of each method on World Wide Web resource is made. Possible combinations of approaches and their further implementation tendency are also discussed. An analysis of domestic and foreign literary sources, scientific articles and publications on our topic is made for the finding verification. We perform Russian and international literature search on the scientific databases as well as on the electronic library systems. Furthermore, patent research is made for finding practical implementations. It includes patents of the business organizations related to web authentication methods. The results of this research show the topic relevance, the increasing number of patented authentication methods on web resources, as well as a fairly high potential of the new method development. This way should base on improvement and unification of existing approaches and on developing of new original algorithms. As a result, it is concluded that further improvements in the trends are in the field of hybrid systems.

Keywords

Web resources Cryptography Authentication Patents Biometrics Dynamic passwords Passwords Tokens 

References

  1. 1.
    Bonneau, J., et al.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and Privacy. IEEE (2012)Google Scholar
  2. 2.
    Menshchikov, A.A., Gatchin, Y.A.: Detection methods for automated data collection on web resources. Cybernet. Program. 5, 136–157 (2015)Google Scholar
  3. 3.
    Grid Authentication. - Mode of access: https://safenet.gemalto.com/multi-factor-authentication/authenticators/grid-authentication, free. Accessed 08 Dec 2016 (in Russian)
  4. 4.
    Open ID foundation. - Mode of access: http://openid.net, free. Accessed 08 Dec 2016 (in Russian)
  5. 5.
    OAuth 2.0. - Mode of access: https://oauth.net/2, free. Accessed 08 Dec 2016 (in Russian)
  6. 6.
    Nam, J., Raymond Choo, K.-K., Paik, J., Won, D.: An offline dictionary attack against a three-party key exchange protocol. IEEE Commun. Lett. 13, 205–207 (2009)CrossRefGoogle Scholar
  7. 7.
    Lee, H., Lee, S., Kim, T., Bahn, H.: Secure user identification for consumer electronics devices. IEEE Trans. Consum. Electron. 54(4), 1798–1802 (2008)CrossRefGoogle Scholar
  8. 8.
    Wu, T., Chou, S.: Two ID-based Multisignature Protocols for Sequential and Broadcasting Architecture. Comput. Commun. 19(10), 851–856 (1996)CrossRefGoogle Scholar
  9. 9.
    Schechter, S., Brush, A.J.B., Egelman, S.: It’s no secret: measuring the security and reliability of authentication via “secret” questions. In: IEEE Symposium Security and Privacy, pp. 375–390 (2009)Google Scholar
  10. 10.
    Raza, M., Iqbal, M., Sharif, M., Haider, W.: A survey of password attacks and comparative analysis on methods for secure authentication. World Appl. Sci. J. 19, 439–444 (2012)Google Scholar
  11. 11.
    Liu, X., Cheung, Y.-M.: Learning multi-boosted HMMs for lip password based speaker verification. IEEE Trans. Inf. Forensic Secur. 9(2) (2014)Google Scholar
  12. 12.
    Mulyono, D., Jinn, H.S.: A study of finger vein biometric for personal identification. In: Proceedings of the IEEE International Symposium on Biometrics and Security Technologies (ISBAST 2008), pp. 1–8 (2008)Google Scholar
  13. 13.
    Perkins, J.: FT-IT: New services will keep eye on security: biometrics. Financial Times (London), Wednesday 21 February 2001, Surveys ITC1 (2001)Google Scholar
  14. 14.
    Pieprzyk, J., Hardjono, T., Seberry, J.: Fundamentals of Computer Security, 677 p. Springer, Berlin (2003)Google Scholar
  15. 15.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. AMS 28(10), 1030–1044 (1985)Google Scholar
  16. 16.
    Feng, Z.: Variation and Minkowski dimension of fractal interpolation surface. J. Math. Anal. Appl. 345(1), 322–334 (2008)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Piskova, A.V.: Development of the combined authentication information scheme based on the factorization task and discrete logarithm on the elliptic curves. In: Nikiforov, V.O. (ed.) The Annotated Collection of Graduates’ Final Qualification Research Papers of ITMO University, pp. 39–42. ITMO University, St. Petersburg (2015) (in Russian)Google Scholar
  18. 18.
    Huang, C.-Y., Ma, S.-P., Chen, K.-T.: Using one-time passwords to prevent password phishing attacks. J. Comput. Netw. Appl. 34(4), 1292–1301 (2011)CrossRefGoogle Scholar
  19. 19.
    Scopus. - Mode of access: https://www.scopus.com/. Accessed 08 Feb 2017
  20. 20.
    Web Of Science. - Mode of access: http://wokinfo.com. Accessed 08 Feb 2017
  21. 21.
    IEEE Xplore. - Mode of access: http://ieeexplore.ieee.org/Xplore/home.jsp. Accessed 08 Feb 2017
  22. 22.
    Cyberleninka. - Mode of access: cyberleninka.ru. Accessed 08 Feb 2017 (in Russian)Google Scholar
  23. 23.
    eLIBRARY . - Mode of access: http://www.elibrary.ru. Accessed 08 Feb 2017 (in Russian)
  24. 24.
    Lanbook. - Mode of access: http://www.e.lanbook.com. Accessed 08 Feb 2017 (in Russian)
  25. 25.
    Mao, Z., Li, N., Molloy, I.: Defeating cross-site request forgery attacks with browser-enforced authenticity protection. In: FC 2009: 13th International Conference on Financial Cryptography and Data Security, pp. 238–255 (2009)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Antonina Komarova
    • 1
  • Alexander Menshchikov
    • 1
  • Alexander Negols
    • 1
  • Anatoly Korobeynikov
    • 1
  • Yurij Gatchin
    • 1
  • Nina Tishukova
    • 1
  1. 1.St. Petersburg National Research University of Information Technologies, Mechanics and OpticsSt. PetersburgRussia

Personalised recommendations