Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Authentication in insecure environments : using visual cryptography and non-transferable credentials in practise
Pape S., Springer Vieweg, Wiesbaden, Germany, 2014. 362 pp. Type: Book (978-3-658071-15-8)
Date Reviewed: Oct 7 2015

In the modern world, validating the authenticity of someone or something is an important security measure. Authentication in insecure environments is indeed a challenge. This book is based on the doctoral dissertation of Sebastian Pape, defended in September 2013 at the University of Kassel, Germany, on the challenge of authentication in insecure environments.

The book considers two different authentication scenarios.

In the first scenario, users do not believe their devices as they may not be able to find out whether their device is trustworthy, that is, if it is free of malevolent programs. Nonetheless, they would like to perform authentication in a secure manner. For this scenario, Pape employs visual cryptography for authentication. He generalizes this concept to human decipherable encryption schemes and proves their association to CAPTCHAs. A CAPTCHA (an acronym for completely automated public Turing test to tell computers and humans apart) poses challenge questions that can only easily be answered by a human. CAPTCHAs are used to prevent access to a system by an automated program. A CAPTCHA is typically a distorted image of letters and numbers that the user has to identify. Pape suggests a new security model and demonstrates perhaps the first visual encryption scheme that applies noise to make the adversary’s task complex.

In the second scenario, users may want to stay anonymous while their service provider “wants to be sure that the credentials are not transferred and only the legitimate person is using the service.” Pape proposes that anonymous credentials may be utilized to preclude service providers from keeping their users under surveillance. However, sometimes it is preferable to prevent users from sharing their credentials. Pape compares existing solutions based on nontransferable anonymous credentials and suggests a solution that co-mingles biometrics and smartcards.

The book is divided into four parts. The first part on preliminaries focuses on the basics of cryptography. The second part is on human-decipherable encryption schemes. Here, schemes based on dice codings are also studied. The third part is on nontransferable anonymous credentials. Notions of privacy and data security are briefly discussed, while nontransferable anonymous credentials are also analyzed. The fourth and final part of the book includes a very abbreviated conclusion and an appendix. The bibliography is exhaustive and the indexes are adequate. However, the back cover of the book is barely readable.

This interesting and practically oriented book is well written for an audience comprising students, teachers, and practitioners of cryptography and information technology (IT) security. I strongly recommend the book for its intended audience.
Reviewer:  S. V. Nagaraj Review #: CR143832 (1601-0048)
Bookmark and Share
  Reviewer Selected
Featured Reviewer 		 
 
Authentication (K.6.5 ... )
 
 
Authentication (D.4.6 ... )
 
 
Security and Protection (D.4.6 )
 
 
Data Encryption (E.3 )
 
Would you recommend this review?
yes
no
Other reviews under "Authentication": Date
Cyberpunk
Hafner K., Markoff J., Simon & Schuster, Inc., New York, NY, 1991. Type: Book (9780671778798)		 Nov 1 1993
How to sign digital streams
Gennaro R., Rohatgi P. Information and Computation 165(1): 100-116, 2001. Type: Article		 Dec 1 2001
Signature schemes based on the strong RSA assumption
Cramer R., Shoup V. ACM Transactions on Information and System Security 3(3): 161-185, 2000. Type: Article		 Mar 1 2001
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy