Principles of Authentication
E. Talbot, S. Peisert, and M. Bishop, “Principles of Authentication,” Who are you?! Adventures in Authentication: WAY Workshop (Symposium on Usable Privacy and Security) (July 2014).
- Published version web page, free at SOUPS 2014 Workshops web site: [URL]
- Authors’ final version:
In the real world we authenticate hundreds of times a day with little effort and strong confidence. We believe that we should do so in the digital world as well. We consider authentication for critical systems, and the results developed are broadly applicable. Specifically, we suggest principles that enable a system to measure the assurance that someone is who they say they are. We present a “gold standard” for authentication that builds from what we naturally do every day in face-to-face meetings. We propose a “Authentication Processing Unit” that provides continuous authentication for critical systems. This work differs from other work in authentication by positing principles as a basis for integrating multiple authentication factors without adding burdensome overhead to the users.