- #1
Fubini
- 13
- 0
Forgive me if this is not the proper place to pose this question. The question isn't that I'm having trouble solving a problem as that I'm having trouble finding reliable sources for research.
I'm doing a research paper over verifying identity remotely, a topic that falls under the general heading of authentication. My problem is that I can find lots of good material from various non-academic sources (such as for-profit companies, various websites, wikipedia), but have so far been unable to find an academic discussion of many of the same ideas.
The specific topics I'm trying to find discussed are authentication factors, two-factor authentication, and the difference between strong and weak authentication. In addition, I'm trying to find a sample implementation or two that demonstrates how sessions can be implemented to protect against interception and replay attacks. For simplicity I think sessions using a timestamps are conceptually simpler than using pseudo-random numbers, but either would be appreciated.
I have read on websites that part of the problem is there are different organizations with their own sets of definitions. What one organization calls multi-factor authentication is what another organization calls strong authentication.
At any rate, all of the good sources I can find wouldn't meet academic scrutiny, and searching these topics at the local library comes up with stuff from the 70's and 80's at most recent.
I was hoping that there would be someone who could point me to a good, recent printed reference I can start my search at.
Homework Statement
I'm doing a research paper over verifying identity remotely, a topic that falls under the general heading of authentication. My problem is that I can find lots of good material from various non-academic sources (such as for-profit companies, various websites, wikipedia), but have so far been unable to find an academic discussion of many of the same ideas.
The specific topics I'm trying to find discussed are authentication factors, two-factor authentication, and the difference between strong and weak authentication. In addition, I'm trying to find a sample implementation or two that demonstrates how sessions can be implemented to protect against interception and replay attacks. For simplicity I think sessions using a timestamps are conceptually simpler than using pseudo-random numbers, but either would be appreciated.
The Attempt at a Solution
I have read on websites that part of the problem is there are different organizations with their own sets of definitions. What one organization calls multi-factor authentication is what another organization calls strong authentication.
At any rate, all of the good sources I can find wouldn't meet academic scrutiny, and searching these topics at the local library comes up with stuff from the 70's and 80's at most recent.
I was hoping that there would be someone who could point me to a good, recent printed reference I can start my search at.