A Classification Approach for Authentication Methods

Abstract

Authentication plays a critical role in modern infrastructure and everyday life. Despite its importance, however, the landscape of authentication methods suffers from fragmented terminology, inconsistent classifications and limited visibility beyond the most common methods. There exists no comprehensive framework to systematically classify and compare authentication methods across domains and applications. To investigate which authentication methods exist, what properties they have and how they can be classified, we conducted a lightweight systematic literature review. We used LLM-assisted abstract screening to screen 1256 papers from IEEE Xplore and identified 457 relevant papers, of which 24 representatives were selected through semantic clustering using BERTopic and HDBSCAN for manual full-text analysis. We identified five primary classes of authenticators (knowledge-based, possessionbased, biometric, context-based and hybrid authenticators), with biometric authentication being the most prevalent among the representatives. In addition to this, we identified 12 key facets that characterize authentication methods beyond the type of authenticator. Based on these two dimensions, we propose a split classification approach that combines a hierarchical classification of authenticators with a facetted classification of authentication methods to allow for a more detailed comparison of methods. By combining these two approaches, the more rigid and abstract classification of authenticators can be complemented by a more flexible and more easily adaptable facetted classification, which allows for easy extensions and modifications through future research. By providing an extensible and general classification approach for authentication methods, we aim to aid practitioners as well as future research in this field. The proposed classification can be used to systematically compare authentication methods and their properties and serve as a foundation for research into specific areas of authentication or new authentication methods. While our lightweight approach has limitations in terms of comprehensiveness compared to a full systematic literature review, we were able to successfully identify key patterns and characteristics of authentication methods and build a novel classification approach based on them.