ACCESS: Describing and Contrasting

Authentication Mechanisms
  • Karen Renaud
  • Melanie Volkamer
  • Joseph Maguire
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)

Abstract

The password the almost universal authentication solution yet is buckling under the strain. It demonstrates insufficiency and weakness due to poor choice, reuse and ease of transfer. Graphical passwords, biometrics, and hardware tokens have been suggested as alternatives. Industry has, unfortunately, not embraced these alternatives. One possible explanation is the complexity of the choice process. To support authentication decision-markers we suggest a framework called ACCESS (Authentication ChoiCE Support System) which captures requirements, consults a knowledge base of existing authentication mechanisms and their properties, and suggests those mechanisms that match the specified requirements.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adams, A., Sasse, M.A.: Users are not the enemy. Communications of the ACM 42(12), 40–46 (1999)CrossRefGoogle Scholar
  2. 2.
    Chiasson, S., Biddle, R., van Oorschot, P.C.: A Second Look at the Usability of Click-Based Graphical Passwords. In: Proc. 3rd Symposium on Usable Privacy and Security, pp. 1–12 (2007)Google Scholar
  3. 3.
    Moncur, W., Leplatre, G.: Pictures at the ATM: Exploring the Usability of Multiple Graphical Passwords. In: Proc. SIGCHI Conference on Human Factors in Computing Systems (CHI 2007), pp. 887–894 (2007)Google Scholar
  4. 4.
    Stobert, E., Forget, A., Chiasson, S., van Oorschot, P., Biddle, R.: Exploring Usability Effects of Increasing Security in Click-Based Graphical Passwords. In: Proc. 26th Annual Computer Security Applications Conference (ACSAC 2010), pp. 79–88 (2010)Google Scholar
  5. 5.
    Frischholz, R.W., Dieckmann, U.: BioID: A Multimodal Biometric Identification System. IEEE Computer 33(2), 64–68 (2000)CrossRefGoogle Scholar
  6. 6.
    Jain, A.K., Ross, A., Prabhakar, S.: An Introduction to Biometric Recognition. IEEE Transactions on Circuits and Systems for Video Technology 14(1), 4–20 (2004)CrossRefGoogle Scholar
  7. 7.
    Conti, M., Zachia-Zlatea, I., Crispo, B.: Mind How You Answer Me! Trans parently Authenticating the User of a Smartphone when Answering or Placing a Call. In: Proc. 6th ACM Symposium on Information, Computer, and Communications Security, pp. 249–259 (2011)Google Scholar
  8. 8.
    Frankel, A.D., Maheswaran, M.: Feasibility of a Socially Aware Authentication Scheme. In: Proc. 6th IEEE Consumer Communications and Networking Conference, pp. 1–6 (2009)Google Scholar
  9. 9.
    Corner, M.D., Noble, B.D.: Zero-interaction Authentication. In: Proc. 8th Annual International Conference on Mobile Computing and Networks, pp. 1–11 (2002)Google Scholar
  10. 10.
    Catuogno, L., Galdi, C.: On the security of a two-factor authentication scheme. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 245–252. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, pp. 11–16. ACM (2006)Google Scholar
  12. 12.
    Renaud, K., Mayer, P., Volkamer, M., Maguire, J.: Are graphical authentication mechanisms as strong as passwords? In: Frontiers in Network Applications, Network Systems and Web Services (SoFAST-WS 2013), Krakow, Poland, September 8-11 (2013)Google Scholar
  13. 13.
    Schaub, F., Walch, M., Könings, B., Weber, M.: Exploring the design space of graphical passwords on smartphones. In: Symposium on Usable Privacy and Security (SOUPS), Newcastle, UK, July 24-26 (2013)Google Scholar
  14. 14.
    Heath, C., Heath, D.: Made to Stick: Why some ideas take hold and others come unstuck. Arrow Books (2008)Google Scholar
  15. 15.
    Gladwell, M.: The Tipping Point: How Little Things Can Make a Big Difference. Abacus (2001)Google Scholar
  16. 16.
    O’Connor, A.M., Tugwell, P., Wells, G.A., Elmslie, T., Jolly, E., Hollingworth, G., McPherson, R., Bunn, H., Graham, I., Drake, E., et al.: A decision aid for women considering hormone therapy after menopause: Decision support framework and evaluation. Patient Education and Counseling 33(3), 267–280 (1998)CrossRefGoogle Scholar
  17. 17.
    Park, J., Simpson, T.W.: Development of a production cost estimation frame- work to support product family design. International Journal of Production Research 43(4), 731–772 (2005)CrossRefGoogle Scholar
  18. 18.
    Dong, J., Du, H.S., Wang, S., Chen, K., Deng, X.: A framework of web-based decision support systems for portfolio selection with OLAP and PVM. Decision Support Systems 37(3), 367–376 (2004)CrossRefGoogle Scholar
  19. 19.
    Garg, A.X., Adhikari, N.K., McDonald, H., Rosas-Arellano, M.P., Devereaux, P., Beyene, J., Sam, J., Haynes, R.B.: Effects of computerized clinical decision support systems on practitioner performance and patient outcomes. JAMA: The Journal of the American Medical Association 293(10), 1223–1238 (2005)CrossRefGoogle Scholar
  20. 20.
    Korhonen, P., Moskowitz, H., Wallenius, J.: Multiple criteria decision support. A review. European Journal of Operational Research 63(3), 361–375 (1992)CrossRefMATHGoogle Scholar
  21. 21.
    De Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63(1), 128–152 (2005)CrossRefGoogle Scholar
  22. 22.
    Beal, G.M., Rogers, E.M., Bohlen, J.M.: Validity of the concept of stages in the adoption process. Rural Sociology 22(2), 166–168 (1957)Google Scholar
  23. 23.
    Herley, C., van Oorschot, P.C., Patrick, A.S.: Passwords: If we’re so smart, why are we still using them? In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 230–237. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Mack, Z., Sharples, S.: The importance of usability in product choice: A mobile phone case study. Ergonomics 52(12), 1514–1528 (2009)CrossRefGoogle Scholar
  25. 25.
    Kelley, E.J.: The importance of convenience in consumer purchasing. The Journal of Marketing, 32–38 (1958)Google Scholar
  26. 26.
    Weir, C.S., Douglas, G., Carruthers, M., Jack, M.: User perceptions of security, convenience and usability for ebanking authentication tokens. Computers & Security 28(1-2), 47–62 (2009)CrossRefGoogle Scholar
  27. 27.
    Tam, L., Glassman, M., Vanderwauver, M.: The psychology of password management a tradeoff between security and convenience. Behaviour & Information Technology 29(3), 233–244 (2010)CrossRefGoogle Scholar
  28. 28.
    O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12), 2021–2040 (2003)CrossRefGoogle Scholar
  29. 29.
    Monk, A.: User-centred design. In: Home Informatics and Telematics, pp. 181–190. Springer (2000)Google Scholar
  30. 30.
    Maguire, J.: An ecologically valid evaluation of an observation-resilient graphical authentication mechanism. Ph.D. dissertation, Computing Science (2013)Google Scholar
  31. 31.
    Yang, Y., Bhuta, J., Boehm, B., Port, D.N.: Value-based processes for COTS- based applications. IEEE Software 22(4), 54–62 (2005)CrossRefGoogle Scholar
  32. 32.
    Sim, I., Gorman, P., Greenes, R.A., Haynes, R.B., Kaplan, B., Lehmann, H., Tang, P.C.: Clinical decision support systems for the practice of evidence-based medicine. Journal of the American Medical Informatics Association 8(6), 527–534 (2001)CrossRefGoogle Scholar
  33. 33.
    Ferguson, J., Bell, M., Chalmers, M.: Mutually reinforcing systems. In: Proceedings of the ACM SIGKDD Workshop on Human Computation. HCOMP 2010, pp. 34–37. ACM, New York (2010)CrossRefGoogle Scholar
  34. 34.
    Gibson, M., Renaud, K., Conrad, M., Maple, C.: Musipass: Authenticating me softly with my song. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, pp. 85–100. ACM (2009)Google Scholar
  35. 35.
    Renaud, K., Ramsay, J.: Now what was that password again? A more flexible way of identifying and authenticating our seniors. Behaviour & Information Technology 26(4), 309–322 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Karen Renaud
    • 1
  • Melanie Volkamer
    • 2
  • Joseph Maguire
    • 1
  1. 1.University of GlasgowUK
  2. 2.TU DarmstadtGermany

Personalised recommendations