Abstract
Authentication is the process of verifying a user’s identity for them to access a system’s resources. An authentication factor is a piece of information used for this authentication. Three well-known groups of authentication factors exist: knowledge-based (what you know), possession-based (what you have) and inherence-based (what you are). Authentication schemes belonging to distinct authentication factors can be combined in a multi-factor manner to increase security. Although multiple multi-factor proposals are seen in literature, the absence of a method that allows a proper comparison and selection of these authentication methods, based on an application’s security requirements, can be observed. Existing frameworks for the analysis of authentication methods have been identified through the realization of a systematic literature review, but most of these focus on specific contexts and do not provide a generic enough solution. Due to the above, this research focuses on the creation of a recommendation framework that guides in the comparison and selection of single and multi-factor authentication schemes, considering both the application’s requirements and its context. This has been attained not only through the knowledge found in literature, but the experience from industry experts has been compiled as well through the collaboration with a multinational software development company. Consequently, the knowledge found in literature has been obtained from a systematic literature review, whereas the experience from industry experts was obtained through a survey and interviews. The framework proposal has been generated based on the above and has been validated through an expert panel and a case study methodology in collaboration with the partnered software development company. A tool prototype has been constructed as well. The result is a recommendation framework for the comparison and selection of authentication methods that can support this decision process in multiple contexts.
Highlights
Authentication is the process of positively verifying the identity of a user, devices, or any other entity in a computational system, generally as a prerequisite for gaining access to the system’s resources [1]
These factors can be categorized in three groups: those based on knowledge, those based on possession and those based on inherence [3, 4]
There are multiple proposals on the use of multi-factor authentication in literature [4,5,6], it is possible to observe the absence of a method that helps in the decision of when to use one or another authentication scheme and how to more adequately combine them in a multi-factor modality, especially considering requirements given by software application clients
Summary
Authentication is the process of positively verifying the identity of a user, devices, or any other entity in a computational system, generally as a prerequisite for gaining access to the system’s resources [1]. An authentication factor is a piece of information used for authenticating or for verifying a user’s identity [2]. These factors can be categorized in three groups: those based on knowledge (something that the client knows, such as text passwords or PIN codes), those based on possession (something that the client possesses, dependent of the possession of a physical object) and those based on inherence (something that the client is, known as biometrics) [3, 4]. There are multiple proposals on the use of multi-factor authentication in literature [4,5,6], it is possible to observe the absence of a method that helps in the decision of when to use one or another authentication scheme and how to more adequately combine them in a multi-factor modality, especially considering requirements given by software application clients. There are some frameworks in literature that provide an analysis of multiple features of authentication schemes [7, 8], these are centered on authentication schemes by themselves and not in their use as part of multi-factor authentication methods, without emphasizing on clients’ requirements and not giving a concrete answer for every situation
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
