Criteria for Evaluating Authentication Systems

User authentication is an important component of information security. It is critical in addressing many concerns that consumers and business have over the risk of identity theft. However, there is no systematic method to measure how good an authentication mechanism is in a given business context. This paper outlines nine criteria businesses can use to assess authentication systems. With these criteria, businesses are better equipped to select authentication systems that meet the needs of both their organization and their customers, and provide better protection against identity theft and other computer crimes.

[1]  Daniel A. Menascé Security Performance , 2003, IEEE Internet Comput..

[2]  Carsten Rudolph,et al.  On the security of fair non-repudiation protocols , 2003, International Journal of Information Security.

[3]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[4]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[5]  Thomas L. Saaty,et al.  DECISION MAKING WITH THE ANALYTIC HIERARCHY PROCESS , 2008 .

[6]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[7]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[8]  Wenjie Wang,et al.  A contextual framework for combating identity theft , 2006, IEEE Security & Privacy.

[9]  SandhuRavi Good-Enough Security , 2003 .

[10]  Tuomas Aura DOS-Resistant Authentication with Client Puzzles (Transcript of Discussion) , 2000, Security Protocols Workshop.

[11]  Arun Ross,et al.  Multibiometric systems , 2004, CACM.

[12]  Matteo Golfarelli,et al.  On the Error-Reject Trade-Off in Biometric Verification Systems , 1997, IEEE Trans. Pattern Anal. Mach. Intell..

[13]  Nalini K. Ratha,et al.  Biometric perils and patches , 2002, Pattern Recognit..

[14]  H. Dieter Rombach,et al.  A Controlled Expeniment on the Impact of Software Structure on Maintainability , 1987, IEEE Transactions on Software Engineering.

[15]  Ravi S. Sandhu Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..

[16]  Li Gong,et al.  Increasing Availability and Security of an Authentication Service , 1993, IEEE J. Sel. Areas Commun..

[17]  Scott Hamilton,et al.  Evaluating Information Systems Effectiveness - Part I: Comparing Evaluation Approaches , 1981, MIS Q..

[18]  Chung-Huang Yang,et al.  On the design of campus-wide multi-purpose smart card systems , 1999, Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology (Cat. No.99CH36303).