The classification of e-authentication protocols for targeted applicability

Abstract

Authentication is a fundamental aspect of information security in enabling the authenticity of the source of information to be determined. Among several electronic authentication mechanisms available today, deploying the right authentication mechanism will protect information against its envisaged threat(s) in the designated operating environment. This study attempts to create a taxonomy (classification) for current operational authentication protocols, and show how the taxonomy could help to determine the appropriate protocol to meet a particular operating environment's authentication needs. The approach used in this study's taxonomy development was to perform functional decomposition of the protocol in terms of the functionality it provides, the mechanisms it utilizes, and the key elements in facilitating its operation. This enabled a breaking-down into the fundamental building blocks of what makes up the protocol. The development of the taxonomy in this way enabled different perspectives and analyses of the protocols' capabilities and their applicability. The basic idea of authentication via proof of possession of a secret, whether it is symmetric or asymmetric, applies for all categories of authentication protocols under study. Several use cases are put forth illustrating how the classification can be leveraged to facilitate analysis of the applicability of the protocol for implementation in a given targeted environment.