Fighting entity authentication frauds by combining different technologies

Securing entity authentication is less trivial than it seems. In this paper we survey the security issues involved, and analyse whether the technologies available can protect us against fraud. The frauds and abuses could originate from individuals, criminal conspiracies and even governments. We conclude that no single technology is foolproof; a combination of technologies is required.

[1]  Yvo Desmedt,et al.  Is hierarchical public-key certification the next target for hackers? , 2004, CACM.

[2]  Tsutomu Matsumoto Gummy and Conductive Silicone Rubber Fingers , 2002, ASIACRYPT.

[3]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[4]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[5]  Samy Bengio,et al.  Secure implementation of identification systems , 2004, Journal of Cryptology.

[6]  George B. Purdy,et al.  A high security log-in procedure , 1974, Commun. ACM.

[7]  Norman F. Ramsey,et al.  Precise measurement of time , 1987 .

[8]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[9]  J. Conway On Numbers and Games , 1976 .

[10]  David Naccache,et al.  On blind signatures and perfect crimes , 1992, Comput. Secur..

[11]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[12]  Yvo Desmedt,et al.  Identification Tokens - or: Solving the Chess Grandmaster Problem , 1990, CRYPTO.

[13]  G. J. Simmons,et al.  Identification of data, devices, documents and individuals , 1991, Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on Security Technology.

[14]  J. Levine,et al.  The Hill cryptographic system with unknown cipher alphabet but known plaintext , 1984 .

[15]  Matthew K. Franklin,et al.  Anonymous authentication with subset queries (extended abstract) , 1999, CCS '99.