Cryptography-Based Authentication for Protecting Cyber Systems

Cryptography-Based Authentication for Protecting Cyber Systems

Xunhua Wang (James Madison University, USA) and Hua Lin (University of Virginia, USA)
Copyright: © 2012 |Pages: 19
DOI: 10.4018/978-1-61350-323-2.ch808
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Entity authentication is a fundamental building block for system security and has been widely used to protect cyber systems. Nonetheless, the role of cryptography in entity authentication is not very clear, although cryptography is known for providing confidentiality, integrity, and non-repudiation. This chapter studies the roles of cryptography in three entity authentication categories: knowledge-based authentication, token-based authentication, and biometric authentication. For these three authentication categories, we discuss (1) the roles of cryptography in the generation of password verification data, in password-based challenge/response authentication protocol, and in password-authenticated key exchange protocols; (2) the roles of cryptography in both symmetric key-based and private key-based token authentications; (3) cryptographic fuzzy extractors, which can be used to enhance the security and privacy of biometric authentication. This systematic study of the roles of cryptography in entity authentication will deepen our understanding of both cryptography and entity authentication and can help us better protect cyber systems.
Chapter Preview
Top

Introduction

Explosive growth in the use of the Internet around the globe has been noted by several surveys. The web statistics compiled by Internet World Stats (http://news.bbc.co.uk/2/hi/technology/3708260.stm).

Sparse yet some information security literature has focused on behavioral components of information security in an attempt to understand the security related behaviors of individuals (for example, (Hazari, 2005; Hu & Dinev, 2005; Sasse & Brostoff, 2001; Stanton et al., 2004; Stanton et al., 2005). While many of these studies have been conducted in organizational settings others have focused on behaviors pertaining only to the software use behaviors. Although, as discussed in detail later, we can draw valuable insights from these studies, many other online risks faced by individual internet users in home setting such as social engineering tactics or awareness issues were outside the scope of these studies. Drawing from disciplines such as criminology, sociology, consumer fraud, and information security, this paper lays a theoretical foundation to evaluate the role of computing skills and computer training, social influence, culture, individual values, age and gender on person’s vulnerability to online risks. We take the approach of understanding on-line risks and vulnerabilities and factors that relate to them. Such understanding will allow us to effectively design defense mechanisms to overcome these issues. Although, consumer fraud literature in marketing has used such approach, this approach is new to online risks and information security area.

This article is organized as follows. We first discuss various types of crimes committed on-line that affect individual citizens. Then we define vulnerability related to on-line activities based on distinct characteristics of each. Drawing from the disciplines of criminology, sociology and marketing (specifically consumer fraud literature in marketing), we present a theoretical model along with propositions to understand the role of computing skills and computer training, age and gender on person’s vulnerability to internet crimes.

Complete Chapter List

Search this Book:
Reset