Identity management is a rather general concept that covers technologies, policies and procedures for recognising and authenticating entities in ICT environments. Current identity management solutions often have inadequate usability and scalability, or they provide inadequate authentication assurance. This article describes local user-centric identity management as an approach to providing scalable, secure and user friendly identity management. This approach is based on placing technology for identity management on the user side, instead of on the server side or in the cloud. This approach strengthens authentication assurance, improves usability, minimizes trust requirements, and has the advantage that trusted online interaction can be upheld even in the presence of malware infection in client platforms. More specifically, our approach is based on using an OffPAD (Offline Personal Authentication Device) as a trusted device to support the different forms of authentication that are necessary for trusted interactions. A prototype OffPAD has been implemented and tested in user experiments.
Abstract-The concept of authentication assurance traditionally refers to the robustness of methods and mechanisms for user authentication, including the robustness of initial registration and provisioning of user credentials, as well as the robustness of mechanisms that enforce user authentication during operation. However, the user is not the only party that needs to be authenticated to ensure security of online transactions. In fact, online service provision always involves two parties, typically the user on the client side and the service provider on the server side, so that mutual authentication between the two sides is required. In contrast to the unilateral focus on user authentication by industry and academia, it is in fact equally important for the user to correctly authenticate the service provider. Unfortunately, little attention is paid to the problem of correctly authentication the service provider. This paper proposes a framework for server and service provider authentication assurance, similarly to frameworks for user authentication assurance that have already been specified, or are currently under development by many national governments.
Abstract. User authentication to a server is typically done by presenting a username and a password in some protected form to the server, and having the server verify that those credentials correspond to an identity previously registered and authorized for access. It is crucial that attackers never get access to operational passwords, which typically is achieved by encryption in transit, or through a challenge-response protocol between the client and server computer platforms. However, these mechanisms do not protect passwords at the moment when they are entered into the client computer, which leaves the password exposed to attacks by malware on the client. We present a method for protecting passwords from being exposed on client platforms. The method is an extension of the well-known HTTP Digest Access Authentication which is a challenge-response protocol specified as part of HTTP. The method relies on an external mostly offline personal authentication device called OffPAD which communicates with the client platform. We show how the presented authentication scheme increases security as well as enhances usability with regard to identity management. In addition to describing the OffPAD device, we argue that the HTTP Digest Access Authentication standard does not conform to today's best practices, and suggest improvements.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.