Attacks and defenses in user authentication systems: A survey

Abstract

User authentication systems (in short authentication systems) have wide utilization in our daily life. Unfortunately, existing authentication systems are prone to various attacks while both system security and usability are expected to be satisfied. But the current research still lacks a thorough survey on various types of attacks and corresponding countermeasures regarding user authentication, including traditional password-based and emerging biometric-based systems. In this paper, we make a comprehensive review on attacks and defenses of the authentication systems. We firstly introduce a number of common attacks by classifying them into different categories based on attacker knowledge, attack target, attack form and attack strength. Then, we propose a set of evaluation criteria for evaluating different kinds of attack defense mechanisms. Furthermore, we review and evaluate the existing methods of detecting and resisting attacks in the authentication systems by employing the proposed evaluation criteria as a common measure. Specifically, we focus on comparing and analyzing the performance of different defense mechanisms in different types of authentication systems. Through serious review and analysis, we put forward a number of open issues and propose some promising future research directions, hoping to inspire further research in this field.