Security of approaches to personnel authentication

Project title Security of approaches to personnel authentication
Project type Academia (HIG10037; NFR158605/V30(431)
Duration January 2004 - 2007
Effort 1 PhD student
Primary contact Professor Einar Snekkenes
Staff Davrondzhon Gafurov
Project web page http://www.nislab.no/research/projects/hig10037/live
Project summary There are many classes of applications where it is critical to know what individual has trigged an ICT system or a human to carry out a task or disclose some information. Authentication is of particular importance in digital signature applications, when accessing sensitive information. In practice, when it comes to authentication of humans, it is difficult to give a 100% guarantee that the individual being authenticated is in fact the 'right' person. This goal of the project is to produce security performance indicators for many classes of personnel authentication mechanisms. The results of the project will be relevant for users, system specifiers, designers, developers and security managers which need to know the security strength and effectiveness of particular approaches to authentication. The project will focus on authentication in a wearable computing setting both of the wearer and persons he can observe will be relevant.
Principal objectives and subgoals

sensorThis goal of the project is to produce security performance indicators for many classes of personnel authentication mechanisms. The results of the project will be relevant for users, system specifiers, designers, developers and security managers which need to know the security strength and effectiveness of particular approaches to authentication. The project will focus on authentication in a wearable computing setting both of the wearer and persons he can observe will be relevant

The objective of the project is to simplify the decision process for those implementing or using authentication technology, addressing the issue of `How secure is ...?'. Primary subgoals include:

  • The construction of a framework and models for simplifying the security comparison of very different mechanisms for personnel authentication.
  • Obtain security performance data on different approaches to personnel authentication.
  • Establish a theory for determining the security when combining multiple approaches to authentication.