The Community for Technology Leaders
RSS Icon
Issue No.04 - July/August (2008 vol.6)
pp: 36-43
Thomas Weigold , IBM's Zurich Research Laboratory
Thorsten Kramp , IBM's Zurich Research Laboratory
Michael Baentsch , IBM's Zurich Research Laboratory
The effectiveness of remote client-authentication schemes varies significantly in relation to today's security challenges, which include phishing, man-in-the-middle attacks, and malicious software. A survey of remote authentication methods shows how each measures up and includes recommendations for solution developers and consumers.
remote authentication, computer security, phishing, man-in-the-middle attacks
Thomas Weigold, Thorsten Kramp, Michael Baentsch, "Remote Client Authentication", IEEE Security & Privacy, vol.6, no. 4, pp. 36-43, July/August 2008, doi:10.1109/MSP.2008.93
1. B. Schneier, "Two-Factor Authentication: Too Little, Too Late," Comm. ACM, vol. 48, no. 4, 2005, p. 136.
2. L. Lamport, "Password Authentication with Insecure Communication," Comm. ACM, vol. 24, no. 11, 1981, pp. 770–772.
3. R.E. Smith, Authentication: From Passwords to Public Keys, Addison-Wesley, 2002.
4. U. Waldmann et al., "Protected Transmission of Biometric User Authentication Data for Oncard-Matching," Proc. ACM Symp. Applied Computing, ACM Press, 2004, pp. 425–430.
5. X. Leroy, "Java Bytecode Verification: Algorithms and Formalizations," J. Automated Reasoning, vol. 30, nos. 3–4, 2003, pp. 235–269.
6. The Keys to Truly Interoperable Communications, Near Field Communication Forum, 2007; nfc_forum_marketing_white_paper.pdf.
7. Proximity Integrated Circuit Cards (PICCs), ISO/IEC 14443, parts 1–4, http://wg8.desd1.html#14443.
8. Specification of the SIM Application Toolkit (SAT), 3GPP Standard TS 11.14 v. 8.5.0,
9. Report on Phishing, Binational Working Group on Cross-Border Mass Marketing Fraud, US Department of Justice &Ministry on Public Safety, Oct. 2006,
10. M. Steiner et al, "Secure Password-Based Cipher Suite for TLS," ACM Trans., vol. 4, no. 2, 2001, pp. 134–157.
11. K. Fu et al., "Dos and Don'ts of Client Authentication on the Web," Proc. Usenix Security Forum, Usenix Assoc., 2001, pp. 251–268.
12. Semi-Annual Report, Federal Office of Police, Swiss Reporting and Analysis Centre for Information Assurance (MELANI), 2007; 00124/01029index.html?lang=en.
13. T. Weigold et al., "The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks," P. Lipp, A.R. Sadeghi, and K.M. Koch, eds., Proc. Trust Conf. (Trust 2008), LNCS 4968, Springer-Verlag, 2008, pp. 75–91.
14. The WPKI Non-Profit Association, WPKI Main Specification, v. 2.0, March 2006; .
15. R. Thompson, "Why Spyware Poses Multiple Threats to Security," Comm. ACM, vol. 48, no. 8, 2005, pp. 41–43.
16. US-Cert: Quarterly Trends and Analysis Report, vol. 2, no. 2, U.S. Computer Emergency Readiness Team, June 2007;
17. Korea Phishing Activity Trends Report, Korea Internet Security Center, Mar. 2007; 8_1_publication_list.jsp?boardType=PUB.
18. R. Dhamija et al., "Why Phishing Works," Proc. Conf. Human Factors in Computing Systems (CHI), ACM Press, 2006, pp. 581–590.
19. A. Hiltgen et al., "Secure Internet Banking Authentication," IEEE Security &Privacy, vol. 4, no. 2, 2006, pp. 21–29.
20. F. Puente et al., "Improving Online Banking Security with Hardware Devices," Proc. 39th Int'l Carnahan Conf. on Security Technology (CCST), IEEE Press, p. 174–177.
53 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool