In the modern world, validating the authenticity of someone or something is an important security measure. Authentication in insecure environments is indeed a challenge. This book is based on the doctoral dissertation of Sebastian Pape, defended in September 2013 at the University of Kassel, Germany, on the challenge of authentication in insecure environments.
The book considers two different authentication scenarios.
In the first scenario, users do not believe their devices as they may not be able to find out whether their device is trustworthy, that is, if it is free of malevolent programs. Nonetheless, they would like to perform authentication in a secure manner. For this scenario, Pape employs visual cryptography for authentication. He generalizes this concept to human decipherable encryption schemes and proves their association to CAPTCHAs. A CAPTCHA (an acronym for completely automated public Turing test to tell computers and humans apart) poses challenge questions that can only easily be answered by a human. CAPTCHAs are used to prevent access to a system by an automated program. A CAPTCHA is typically a distorted image of letters and numbers that the user has to identify. Pape suggests a new security model and demonstrates perhaps the first visual encryption scheme that applies noise to make the adversary’s task complex.
In the second scenario, users may want to stay anonymous while their service provider “wants to be sure that the credentials are not transferred and only the legitimate person is using the service.” Pape proposes that anonymous credentials may be utilized to preclude service providers from keeping their users under surveillance. However, sometimes it is preferable to prevent users from sharing their credentials. Pape compares existing solutions based on nontransferable anonymous credentials and suggests a solution that co-mingles biometrics and smartcards.
The book is divided into four parts. The first part on preliminaries focuses on the basics of cryptography. The second part is on human-decipherable encryption schemes. Here, schemes based on dice codings are also studied. The third part is on nontransferable anonymous credentials. Notions of privacy and data security are briefly discussed, while nontransferable anonymous credentials are also analyzed. The fourth and final part of the book includes a very abbreviated conclusion and an appendix. The bibliography is exhaustive and the indexes are adequate. However, the back cover of the book is barely readable.
This interesting and practically oriented book is well written for an audience comprising students, teachers, and practitioners of cryptography and information technology (IT) security. I strongly recommend the book for its intended audience.