Knowledge-Based Authentication: Evaluating and Improving

基于知识的认证：评估和改进

• 批准号: EP/G020760/1
• 负责人: David Aspinall
• 金额: $ 8.31万
• 依托单位: University of Edinburgh
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2008
• 资助国家: 英国
• 起止时间: 2008 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FG020760%2F1
• 关键词: Knowledge; Based; Authentication; Evaluating; Improving

Authentication is central to computer security and almost every use of computerised systems. With the explosion of online e-commerce, banking, social web sites and governmental services, the problem of finding secure, usable and efficient authentication systems is more acute than ever. The risks of security failure are obvious, and unusable or inefficient systems additionally risk loss of customers or overly expensive support services managing password recovery.Despite the obvious importance of everyday authentication and the widespread adoption of improved mechanisms such as challenge questions, there is a surprising lack of underpinning published research for these methods. Comparative studies, measures of usability and recoverability costs, scientifically justified guidelines for efficient implementation, are all lacking.This research proposes to understand and assess existing practice with authentication systems using 'known information' such as with challenge questions, and make recommendations for improvement. We expect that the results will have a widespread impact across many sectors, both inside and outside of the UK. The research will be undertaken by Principal Investigator Dr. David Aspinall of the University of Edinburgh, and Visiting Fellow Dr. Michael Just who is the world leader in Knowledge-Based Authentication (KBA), and responsible for the KBA mechanism used in the Government of Canada's online e-government solution, serving 3 million accounts. We anticipate that the results of our research will contribute positively to the security and usability of many applications, both inside and outside of the UK.

身份验证是计算机安全和几乎所有计算机化系统使用的核心。随着在线电子商务、银行、社交网站和政府服务的爆炸式增长，寻找安全、可用和高效的身份验证系统的问题比以往任何时候都更加尖锐。安全失败的风险是显而易见的，无法使用或效率低下的系统还可能导致客户流失或管理密码恢复的支持服务过于昂贵。尽管日常身份验证的重要性显而易见，并且广泛采用了挑战性问题等改进机制，但令人惊讶的是，这些方法缺乏基础性的已发表研究。比较研究，可用性和可恢复性成本的措施，科学合理的指导方针，有效的实施，都lack.This研究提出了理解和评估现有的做法与认证系统使用“已知信息”，如挑战问题，并提出改进建议。我们预计，调查结果将对英国国内外的许多部门产生广泛影响。这项研究将由爱丁堡大学的首席研究员大卫阿斯皮纳尔博士和访问学者迈克尔·贾斯特博士进行，迈克尔·贾斯特博士是基于知识的身份验证（KBA）的世界领导者，负责加拿大政府在线电子政务解决方案中使用的KBA机制，为300万个账户提供服务。我们预计，我们的研究结果将有助于积极的安全性和可用性的许多应用程序，无论是内部和外部的英国。

项目成果

Challenging Challenge Questions: An Experimental Analysis of Authentication Technologies and User Behaviour

• DOI: 10.2202/1944-2866.1013
• 发表时间: 2010-04-01
• 期刊: POLICY AND INTERNET
• 影响因子: 4.9
• 作者: Just, Mike;Aspinall, David
• 通讯作者: Aspinall, David

Account Recovery Challenges: Secure and Usable Authentication

帐户恢复挑战：安全且可用的身份验证

• 发表时间: 2009
• 作者: M Just

Personal choice and challenge questions

个人选择和挑战问题

• DOI: 10.1145/1572532.1572543
• 发表时间: 2009
• 作者: Just M