Co-Authentication - A Probabilistic Approach to Authentication

Einar Jonsson

AbstractAll authentication mechanisms have a failure probability that is usually left implicit. Consider a password system that is presented with a valid password. The system cannot know whether the password was entered by its rightful owner or an impostor who has guessed the password, and despite that it is commonly known that some passwords are easily guessed, the password authentication system does not differentiate between weak passwords that are easily guessed and stronger passwords. Ignoring the failure probability, we risk silent authentication failures, e.g., an impostor is authenticated based on an easily guessed password. We believe that ignoring these failures leads to false security assumptions. Therefore, we propose to make the failure probabilities in the authentication method explicit, similar to what is now done in some biometric verification systems.

In this thesis we propose a probabilistic model of authentication, called Co-Authentication, which combines the results of one or more authentication systems in a probabilistic way. This model may, in some ways, be seen as a generalization of information fusion in biometrics, which has been shown to reduce the failure rates of biometric verification. We show that Co-Authentication increases flexibility in system design and that it reduces authentication failures by combining multiple authentication probabilities. The proposed model has been implemented in a prototype Co-Authentication framework, called Jury.
TypeMaster's thesis [Academic thesis]
Year2007
PublisherInformatics and Mathematical Modelling, Technical University of Denmark, DTU
AddressRichard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby
SeriesIMM-Thesis-2007-83
NoteSupervised by Assoc. Prof. Christian D. Jensen, IMM, DTU.
Electronic version(s)[pdf]
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering