ACCESS - Authentication ChoiCE Support System

Authentication can be performed in a variety of ways, such as entering knowledge-based information (e.g., PIN or password), using a token (e.g., smart card or usb-dongle), or based on biometric features (e.g., fingerprint). Knowledge-based schemes are most commonly used (text password). Token-based systems are e.g. used in access control for buildings (e.g. key cards in hotels or transponders). Biometric systems are nowadays  successfully used in the mobile sector (e.g. fingerprint readers in smartphones).

The authentication methods differ in aspects such as usability, security or deployability and offer different advantages and disadvantages. Passwords can be forgotten, duplicated, or shared. Chip cards suffer from the need to carry them around and for scanning a fingerprint specialized reader is needed. Therefore, the challenge is to choose a suitable authentication scheme for the particular application scenario of the service or website based on its requirements.

What is ACCESS?

ACCESS is a platform that helps developers and decision makers to select appropriate authentication schemes. It allows specifying the requirements needed for an authentication scheme to be suitable. Then, the platform compares the requirements with the entries of its knowledge base and lists the five most suitable authentication schemes and their suitability scores ​​for the corresponding scenario. The platform comprises three modules: the information module, the discussion module, and the decision support module. All modules have been evaluated in user studies.

Information Module

Using the information module, users of the platform can access the information about the different authentication systems, features and sub-features held in the platforms knowledge base. Clicking on an authentication scheme gives the user more information about the corresponding authentication scheme and the sub-features that it fulfills.

Interface showing the information for the authentication scheme Passfaces (excerpt)

Discussion Module

The discussion module allows users to participate in enhancing the knowledge base. Due to the constant development of many authentication schemes, a user can submit proposed changes such as whether an authentication scheme fulfills a sub-feature or even add completely new authentication schemes. After a reviewing and discussion process with the users, the proposed change is either accepted and stored in the knowledge base or rejected.

Interface showing the first step of proposing a new authentication scheme for the knowledge base

Decision Support Module

The decision support module combines the knowledge base with the requirements to provide the user with the selection of the most suitable authentication schemes for the user's application scenario. In the first step, the user selects the features which are important to the particular application scenario and sorts them according to their importance. Features from three groups can be selected:

  • Deployability
  • Usability
  • Security
Example for the selection of requirements from the three groups usability, deployability, and security

The second step allows the user to set hard constraints. The number of considered authentication schemes from the knowledge base is updated corresponding to the selected hard constraints. Once the user has made all the settings, he can advance to the results screen which displays the five most suitable results, sorted according to their performance values. In addition, for each of the five proposed authentication systems, the performance results for each selected feature are displayed.

List of the five most suitable authentication schemes
Performance values of the authentication schemes for each of the requirements

Usage & Contact

We provide ACCESS as a service for the public and in particular the research community. The decision support module and the information module can be used without registration. To use the discussion module (editing the data and participating in discussions) a user account is needed. An "invite code" for the registration can be requested from Peter Mayer (peter.mayer(a-t)secuso.org). Should you use ACCESS, please reference our corresponding publications.

Publications

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang