Information Technology Reference
In-Depth Information
Tabl e 1.
Ranking of Authentication Methods regarding AaaS Application
Authentication Method
Type
Rank
Business
∅
∅
Rank
Private
Hardware-based security token with dedicated reading device
Token
2.52
4.78
Hardware-based security token for OTP
Token
3.30
5.50
Password-protected private keys and certificates
Token
4.28
6.65
Software token (e.g. OTP via smartphone appl.)
Token
5.09
2.72
Text-based password or PIN
Knowledge
8.74
7.04
Fingerprint recognition
Biometrics
9.96
9.72
Keystroke dynamics (text-dependent)
Biometrics
10.07
10.72
Face recognition
Biometrics
10.43
10.02
Voice recognition (text-independent)
Biometrics
10.57
10.11
Keystroke dynamics (text-independent)
Biometrics
10.63
9.70
Hand vein structure recognition
Biometrics
10.65
16.00
Dynamic signature recognition
Biometrics
10.76
10.35
Social knowlegde-based procedures
Knowledge
10.89
10.20
Graphical passwords
Knowledge
10.63
9.50
at the relative value of strong authentication. In this regard, the panel was asked
to estimate the average value of strong user authentication proportionally to the
value of the respective transaction or business application to be protected. The
result was 14.54%. Furthermore, the data indicates that AaaS is most relevant
for web-enabled applications involving high protection needs. Regarding even
higher security needs (
critical
), applications AaaS is not feasible due to inherent
cloud challenges.
The user-centric adoption of AaaS shows promise for the protection of (semi-)
critical processes both for private and public applications. Table 3 lists all rated
items and the corresponding test results.
Tabl e 2.
Organizational Application Fields
Application
Mean SD Median Min Max
H
Authentication of partners or corporate customers
4.08 0.78
4
3
5
H10+
Authentication of private end users in the public sector
4.08 0.97
4
1
5
H12+
Protection of outsourced (cloud-) applications
4.00 0.83
4
2
5
H9+
Functional extension of IAM systems
3.75 0.74
4
2
5
H6+
Protection of network access points
3.75 0.99
4
1
5
H8-
Composition to more significant business service
3.67 1.05
4
1
5
H13-
Protection of infrastructure resources
3.58 1.25
4
1
5
H5-
Authentication of private customers for commercial use cases 3.58 0.93
4
1
5
H11-
Dedicated protection of internal applications
3.08 0.83
4
1
4
H7-
Tabl e 3.
User-centric Application Fields
Application
Mean SD Median Min Max
H
(Semi-) critical public applications (e.g. e-Government)
4.21 1.02
4
1
5 H15+
(Semi-) critical private applications (e.g. e-Banking)
4.13 1.03
4
2
5
H16+
Private cloud storages and synchronisation services
3.63 1.06
4
1
5
H18-
Innovative / future applications (e.g. e-car infrastructures) 3.46 1.06
3
2
5
H19-
Global user-centric web single sign-on
3.13 1.15
3
1
5
H14-
Less critical processes or applications (e.g. social networks) 2.68 1.14
3
1
4
H17-
