6.5. Choosing a MechanismTo evaluate an authentication mechanism, it is useful to divide the selection criteria into four categories:
Clearly, different applications will put different criteria into different categories. 6.5.1. An Online Banking ExampleConsider the case of a bank that wants to authenticate its customers for an online banking portal. Three approaches have been proposed:
The bank can use the evaluation strategy presented in this chapter to decide between these three authentication strategies. 6.4.1.5 The critical criterion: accessibilityFirst, it is useful to see if any of the alternatives have such deficits that they must be disqualified. Because the bank does business with the public, it has both moral and potential legal requirements for inclusivity. Because the bank wants to make its online portal accessible to all of its customers, it needs to consider any special requirements. Of the three proposed approaches, only the token approach has a significant inclusivity deficit: tokens with LCD screens cannot be used by people who are blind. This problem can be overcome through the use of USB tokens. The bank may want to substitute USB tokens for LCD tokens, or it may want to give customers the choice of using either token. Both the TAN approach and the token approach have special requirements: the TAN approach requires that the user have a copy of his bank statement in order to engage in online banking, and the token approach requires that the user have his token. Although either might represent a significant deficit for an entertainment service that was designed to be used throughout the day, this deficit might be acceptable for an online banking portal that users might want to use only in the evening when they are at home. 6.4.1.6 The vital criterion: securityVital to the bank's selection of an authentication mechanism will be the security that the mechanism provides. Of the three alternatives, the password approach offers the lowest amount of security. Because passwords must be disclosed in order to be used, they can be inadvertently shared with an attackerfor example, the password can be entered at the wrong web site. Passwords that are chosen by the user may be further compromised by being used at multiple web sites. Passwords are also susceptible to being broken through brute force or password-guessing attack. Thus, the bank will need to have software that detects such an attack and behaves accordingly. The TAN approach has a different security deficit: because the TANs are printed on the customer's statement, any individual who is able to intercept the customer's paper mail will be given complete access to the customer's bank account. For this reason, the bank may wish to supplement the TANs with a password chosen by the user. This would be an example of two-factor authentication. 6.4.1.7 The significant criteria: memorability and costMemorability is a significant criterion to the bank because a high deficit will increase customer support costs. The password approach has a low memorability deficit because consumers have the ability to pick their own passwords. A scheme that requires users to change their passwords on a regular basis will increase this deficit. Such a scheme might be warranted, however, if there is a chance that a percentage of users will have their passwords compromised on a regular basis. Neither the TAN approach nor the token approach has low memorability deficits: the user must both remember how to use the scheme and carry the TAN booklet or the token. Otherwise, however, there is no information that must be remembered. The token approach does place an additional cost on customers, who must purchase the token. 6.4.1.8 The incidental criterion: nothingBecause of the bank's scale of operation, in this example there are no incidental criteria. On the other hand, if the bank were a small private bank that offered service only to high-net-worth individuals, the cost of the authentication strategy might not be a factor. |