How to Find Academic Sources on Remote Identity Verification and Authentication?

  • Thread starter Fubini
  • Start date
  • Tags
    Computer
In summary, the conversation discusses the difficulty of finding reliable academic sources on the topic of remote identity verification and authentication. The individual is specifically looking for information on authentication factors, two-factor authentication, and the difference between strong and weak authentication. They also mention the use of timestamps and pseudo-random numbers in implementing sessions for protection against interception and replay attacks. Some suggestions for sources and further research are given, including books on cryptography, the TLS (SSL) system, and OpenSSH. The conversation also touches on the broad scope of the topic of authentication and the challenges of finding information on it.
  • #1
Fubini
13
0
Forgive me if this is not the proper place to pose this question. The question isn't that I'm having trouble solving a problem as that I'm having trouble finding reliable sources for research.

Homework Statement



I'm doing a research paper over verifying identity remotely, a topic that falls under the general heading of authentication. My problem is that I can find lots of good material from various non-academic sources (such as for-profit companies, various websites, wikipedia), but have so far been unable to find an academic discussion of many of the same ideas.

The specific topics I'm trying to find discussed are authentication factors, two-factor authentication, and the difference between strong and weak authentication. In addition, I'm trying to find a sample implementation or two that demonstrates how sessions can be implemented to protect against interception and replay attacks. For simplicity I think sessions using a timestamps are conceptually simpler than using pseudo-random numbers, but either would be appreciated.

The Attempt at a Solution



I have read on websites that part of the problem is there are different organizations with their own sets of definitions. What one organization calls multi-factor authentication is what another organization calls strong authentication.

At any rate, all of the good sources I can find wouldn't meet academic scrutiny, and searching these topics at the local library comes up with stuff from the 70's and 80's at most recent.

I was hoping that there would be someone who could point me to a good, recent printed reference I can start my search at.
 
Physics news on Phys.org
  • #2
Look for books on cryptography, like Bruce Schneier's classic, Applied Cryptography.

Look into the TLS (SSL) system, used for authentication and secure communication on the web. The RFC is usually your best bet.

Another important implementation is OpenSSH, used to tunnel all kinds of data across the internet. Take a look at the RFC for all the information you could ever want.

- Warren
 
  • #3
It's a lot easier to derive a timestamp from a couple of sniffed/cracked packets than figuring out the key to a one way hash / pseudo random number.

chroot gave some nice places to start, I'd like to add this to the list:

The 1976 paper on public key cryptography by Whitfield Diffie and Martin Hellman (the name of the paper eludes me)

You might also be interested in reading the papers that have been published on trusted remote computing, since there is a lot of cross-over in all these alice-and-bob scenarios.

k
 
  • #4
I think that part of the issue you're running into is that "authentication" may simply be too general a topic; it's a sort of pattern that might occur at any level of an OSI-type model. There's the authentication that occurs at between different physical network devices, different computers communicating via a low-level protocol like TCP/IP, a higher-level protocol like TLS/SSH, a stateful but low-level application function like HTTP digest authentication in a webserver, and a high-level application authentication like, say, vBulletin (which runs Physics Forums) or Wikipedia generating security tokens and storing them within a database on the server and on a client web browser via cookies, (and those last two application examples are purely a web context - there's all sorts of other fun stuff that happens on networks), there's user identity for processes within an operating system which becomes something like LDAP or Active Directory authentication when it's done remotely, then you've got stuff like digitally signing emails and documents, digital rights management for things like ITunes or Rhapsody or Windows Media Player content, etc.

And I don't have any idea what military systems do. They probably incorporate alien technology from the flying saucers of little gray men from Area 51.

Those things are all basically the same pattern but the problem domains have been too different for there to be any benefit in making some perfect, cerebral comp-sci-type abstraction across all of them. It seems to me it would be like looking for mechanical engineering papers on a topic like "wheels".

So it seems to me that you may want to try to narrow the parameters of your search (and research paper). Pick a context for "identity" - physical devices? Network nodes? An application operating within a network node? Humans? Application accounts representing humans? And then a context for authentication of those sorts of identities like the sorts of things I listed above.

Furthermore, do you want to study "ideal" authentication - the kind that would occur if a paranoid IT security guy got to redesign everything, or do you want to study the sorts of things that get implemented in practicality by software engineers trying to make things work who have a technical project manager laying the whip on their backs to meet a deadline?

But even having narrowed the search in these ways I think you'll have it tough. You may find yourself relegated to tangential mention of authentication issues in papers with a different topic. One other idea that occurs to me is to try white papers, which are going to be from non-academic sources but try to put on a more academic face (though often failing horribly to do so.)

So, uh, good luck. Sorry I didn't provide any actual answers to your questions.
 

1. What is computer authentication?

Computer authentication is the process of verifying the identity of a user or entity attempting to access a computer system or network. It is a security measure used to protect against unauthorized access and ensure that only approved users have access to the system.

2. How does computer authentication work?

Computer authentication typically involves the use of a username and password, which are unique credentials assigned to each user. When a user attempts to access a system, they must provide their credentials, which are then verified by the system against a database of approved users. Other forms of authentication may include biometric factors, such as fingerprint or face recognition, and hardware tokens.

3. What are the different types of computer authentication?

There are several types of computer authentication, including single-factor, two-factor, and multi-factor authentication. Single-factor authentication relies on just one form of verification, such as a password. Two-factor authentication requires two forms of verification, such as a password and a one-time code sent to a mobile device. Multi-factor authentication involves three or more forms of verification, typically a combination of something the user knows, has, or is.

4. Why is computer authentication important?

Computer authentication is important because it helps prevent unauthorized access to sensitive information and systems. It ensures that only approved users have access, which helps protect against data breaches, cyber attacks, and other security threats. It also helps with accountability, as all actions on a system can be traced back to the authenticated user.

5. What are some potential vulnerabilities of computer authentication?

Some potential vulnerabilities of computer authentication include weak passwords, stolen or compromised credentials, and social engineering attacks. Biometric authentication can also be vulnerable to spoofing or hacking. It is important for users to regularly update their passwords and use strong, unique passwords to minimize these vulnerabilities. Organizations can also implement security measures such as multi-factor authentication to add an extra layer of protection.

Similar threads

Schools Becoming A Successful Online Learner
    • STEM Academic Advising
Replies
1
Views
848
Computer languages tend to be transient
    • Computing and Technology
2
Replies
44
Views
3K
A Chat with ChatGPT: Peerless Intelligence
    • Computing and Technology
Replies
3
Views
2K
Admissions Honest opinions and advice on Statement of Purpose requested
    • STEM Academic Advising
Replies
1
Views
918
Other How did you find your reasearch area in theoretical physics?
    • STEM Academic Advising
Replies
2
Views
1K
Quantum Workforce Elements, Toolbox for QIS Programs at Universities
    • STEM Academic Advising
Replies
1
Views
793
Admissions Can someone critique my statement of purpose? (Master's Degree in Quantum Engineering)
    • STEM Academic Advising
Replies
8
Views
2K
Programs How to continue after a major academic failure
    • STEM Academic Advising
Replies
6
Views
1K
How to Salvage my Academic Career?
    • STEM Career Guidance
2
Replies
58
Views
7K
Other Seeking Physics Undergrad Thesis Problem
    • STEM Academic Advising
Replies
6
Views
1K

Hot Threads

Recent Insights

Back
Top