A large number of services need access control. On the net, access control is frequently imposed utilizing a mixture of username and password. Users are inspired to select secure passwords. These secure passwords are extremely difficult to remember, which in turn causes individuals to write passwords down, re-use exactly the same password or go with an easy password. The aim is to design an access control system which is simpler to use, while still giving equivalent security. The key thought behind this study is that not every service requires the same level of security. It may not be essential to ask the secure password for each and every service; for services which need less security, an access control method which is less secure, but simpler to use, may be sufficient. We’ve developed a system which is effective at dynamically figuring out the access control method or methods that it needs to use to ensure sufficient security. When the user demands a service, the system looks up the level of security which is required and adjusts the used access control techniques to this….
Contents
1 Introduction
1.1 Users and security
1.2 The digital government
1.3 Communication channels
1.4 Dynamic authentication
1.5 Example
1.6 Research questions
1.7 Approach
1.8 Evaluation
1.9 About this research
2 State of the art
2.1 Authentication
2.2 Authorisation
2.3 Risk-adaptive access control
2.4 Conclusion
3 Problem formalisation
3.1 Definitions
3.2 Behaviour
3.3 Open questions
4 Quantifying trust and security
4.1 Credentials
4.2 Trust in authentication methods
4.3 Probability of discovery
4.4 Discoverability
4.5 Security of credentials
4.6 Combinations of credentials
4.7 Conclusion
5 Instance identification
ixContents
5.1 Duplicate detection
5.2 Identifying records
5.3 String matching
5.4 Conclusion
6 Making decisions
6.1 Deciding on allowing access
6.2 Asking for additional credentials
6.3 Assessing the needed security level and identity confidence
6.4 Conclusion
7 Evaluation
7.1 General set-up
7.2 Prototype
7.3 Questionnaire
7.4 Results
7.5 Evaluation with security experts
7.6 Conclusion
8 Discussion
8.1 Security level for nonexistent answers
8.2 Nonexistent users
8.3 Typing errors
8.4 High security products
8.5 Lack of familiarity with DACS
9 Related work
9.1 Credential-based access control
9.2 Trust-based access control
9.3 Human factors in access control
10 Conclusions….
Source: University of Twente
Download URL 2: Visit Now