[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3745/JIPS.2011.7.1.187

A Method of Risk Assessment for Multi-Factor Authentication

Kim, Jae-Jung (Dept. of Computer Science, Sungshin W. University)
Hong, Seng-Phil (Dept. of Computer Science, Sungshin W. University)

Publication Information

Journal of Information Processing Systems / v.7, no.1, 2011 , pp. 187-198 More about this Journal

Abstract

User authentication refers to user identification based on something a user knows, something a user has, something a user is or something the user does; it can also take place based on a combination of two or more of such factors. With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified. This research analyzes user authentication methods being used in various online environments, such as web portals, electronic transactions, financial services and e-government, to identify the characteristics and issues of such authentication methods in order to present a user authentication level system model suitable for different online services. The results of our method are confirmed through a risk assessment and we verify its safety using the testing method presented in OWASP and NIST SP800-63.

Keywords

Multi-factor Authentication; PKI; User Authentication; Bi ometric Authentication;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	Ministry of Citizens’ Services, Electronic Credential and Authentication Standard, 2010, April.
2	Bret Hartman, “From Identity Management to Authentication: Technology Evolution to Meet Cyber Threats”, ITAA IdentEvent 2008.
3	Fidelity National Information Services, Multi -Factor Authentication Risk Assessment, 2006.
4	OWASP foundation, OWASP Testing Guide, 2008 v3.0, pp.140-143.
5	IETF RFC 4683, Internet X.509 Public Key Infrastructure Subject Identification Method (SIM), 2006.10.
6	Tim Hastings, Multi-factor Authentication and the Cloud, 2010.
7	Korea Internet Security Agency, Introduction of i-PIN (http://i-pin.kisa.or.kr), 2010.
8	Accredited Certificate: http://www.rootca.or.kr
9	Public Procurement Service: http://www.g2b.go.kr
10	Public Procurement Service(PPS), Bidder Identification and Fingerprint Registration Process, 2010, April.
11	OMB M-04-04, E-Authentication Guidance for Federal agencies, 2003, December, 16.
12	NIST, Special Publication 800-63, Electronic Authentication Guideline, 2006, April.
13	Smart Card Alliance (Randy Vanderhoof), “Smart Card Technology Roadmap for secure ID applications”, 2003.
14	Dale Vile, Freeform Dynamic, “User convenience versus system security”, 2006.
15	Roger Elrod, “Two-factor Authentication”, East Carolina University, 2005, July.
16	[Definition] Wikipedia, Definition of Two Factor Authentication.

5	Mohammad Ali Nematollahi. (2017) Multimedia Tools and Applications Multi-factor authentication model based on multipurpose speech watermarking and online speaker recognition / 76 (5) , 7251
5	Sukin Kang. (2013) Personal and Ubiquitous Computing Go anywhere: user-verifiable authentication over distance-free channel for mobile devices / 17 (5) , 933
	Yi-Jun He. (2012) Security and Communication Networks UFLE: a user-friendly location-free encryption system for mobile users / , 1
14	Tzu-I Yang. (2015) Multimedia Tools and Applications Game-based image semantic CAPTCHA on handset devices / 74 (14) , 5141
	XiaoHong Li. (2014) Security and Communication Networks Unified threat model for analyzing and evaluating software threats / , n/a