A novel approach to users' authentication and authorization

Sekulski, R.; Woda, M.

Artykuł - szczegóły

Tytuł artykułu

A novel approach to users' authentication and authorization

Autorzy

Sekulski R. , Woda M.

Identyfikatory

Warianty tytułu

Nowatorskie podejście do uwierzytelniania i autoryzacji użytkowników

Języki publikacji

Abstrakty

In this paper, an adaptive method of users’ authentication and authorization is proposed. With Bring Your Own Device postulate, working conditions and users’ habits have changed and the users connect to company resources with their own devices. This situation poses a severe threat to security, but tightening security rules is not always an option. This brought a need of an adaptive system, which would choose methods adequate to the current threat level. Proposed solution not only minimizes the risk of unauthorized access to company’s data, but also simplifies users’ authentication process.

W niniejszym artykule została zaproponowana nowatorska – adaptacyjna metoda uwierzytelniania i autoryzacji użytkowników. Zbudowany w myśl tego podejścia adaptacyjny system testowy dobiera metody autoryzacji i uwierzytelniania adekwatne do obecnego poziomu zagrożenia. Proponowane rozwiązanie nie tylko minimalizuje ryzyko nieuprawnionego dostępu do danych firmy, ale tak upraszcza proces uwierzytelniania użytkowników.

Słowa kluczowe

adaptive method authorization authentication

metoda adaptacyjna autoryzacja uwierzytelnianie

Wydawca

Wydawnictwo Politechniki Śląskiej

Czasopismo

Studia Informatica

Rocznik

2015

Tom

Vol. 36, nr 2

Strony

5--22

Opis fizyczny

Bibliogr. 19 poz.

Twórcy

autor

Sekulski R.

Wroclaw University of Technology, Department of Computer Engineering

autor

Woda M.

Marek.Woda@pwr.edu.pl

Wroclaw University of Technology, Department of Computer Engineering

Bibliografia

1. An essential and strategic solution for service provider Wi-Fi deployments (2014) [Online]: http://www.wi-fi.org/file/wi-fi-certified-passpoint-an-essential-and-strategicsolution-for-service-provider-wi-fi
2. Cisco annual security report. (2015) [Online]: http://www.cisco.com/web/offers/lp/2015-annual-security-report/index.html
3. Deja vu Security Overview (2014) [Online]: http://peachfuzzer.com/pdf/Deja_Overview-DejaVuSecurity-Datasheet-2014.f.pdf
4. Computer Virus facts and stats (2014) [Online]: http://cloudtweaks.com/2014/04/cloudinfographic-computer-virus-facts-stats/
5. Is OpenAM or OAM the better fit for replacing OpenSSO? (2013) [Online]:http://www.ssocircle.com/en/1284/openam-oam-the-better-fit-for-replacing-opensso/
6. Mobile Malware report - A New Look at Old Threats (2014) BLUE COAT SYSTEMS [Online]: https://www2.bluecoat.com/ja
7. Overall Statistics for 2013. Kaspersky Security Bulletin. (2013) [Online]: http://securelist.com/analysis/kaspersky-security-bulletin/58265/kaspersky-securitybulletin-2013-overall-statistics-for-2013/
8. Passfaces Technology – Graphical Password Technology (2014) [Online]: http://www.realuser.com/enterprise/resources/what_is_two_factor_authentication.htm
9. Bailey C., D. Chadwick W., Lemos R.D.: Self-adaptive authorization framework for policy based RBAC/ABAC models, Proceedings of the IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, ser. DASC ‘11. Washington, DC, USA: IEEE Computer Society, p. 37-44. (2011) [Online]: http://dx.doi.org/10.1109/DASC.2011.31
10. ForgeRock. Open identity stack: Forging a new future for identity and access management (2014). [Online]: http://www.forgerock.com/media/filer_public/e5/16/e516c8d9-ba86-46fd-bef8-386ebe6da11b/whitepaper_openidentitystack.pdf
11. Gao J., Zhang B., Ren Z.: A dynamic authorization model based on security label and Role, IEEE International Conference on Information Theory and Information Security (ICITIS), p. 650-653 (2010).
12. Gkarafli S., Economides A.: Comparing the proof by knowledge authentication techniques, International Journal of Computer Science and Security (IJCSS), Volume 4, Issue 2, p. 237-255 (2011).
13. Hollestelle G., Schuurmans T.: Online authentication methods. Evaluate the strength of online authentication methods (2008) [Online]: http://staff.science.uva.nl/~delaat/rp/2007-2008/p30/report.pdf
14. Irakleous I., Furnell S. M., Dowland P. S., Papadaki M.: An experimental comparison of secret-based user authentication technologies. Information Management and Computer Security, 10(3): p. 100-108, (July 2002).
15. Mendyk-Krajewska T., Mazur Z.: Problem of network security threats, 3rd Conference on Human System Interactions, p. 436-443 (May 2010).
16. Miller K., Voas J., Hurlburt G., BYOD: Security and privacy considerations, IT Professional, vol. 14, no. 5, p. 53-5, Sept.-Oct. (2012) [Online]: http://dx.doi.org/10.1109/MITP.2012.93
17. Smith R.: Authentication - from passwords to public keys. Addison-Wesley, (2002).
18. Todorov D.: Mechanics of User Identification and Authentication: Fundamentals of Identity Management, 1st ed. AUERBACH, (June 2007).
19. Venkatesan R., Bhattacharya S.: Threat-adaptive security policy, Performance, Computing, and Communications Conference. IPCCC 1997. IEEE International, p. 525-531, (Feb 1997), http://dx.doi.org/10.1109/PCCC.1997.581559

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-6cfcaf96-a68e-438a-b55f-b4924e2f1f2b