Development of an Authentication Pattern Framework

This is a high-priority thesis project. Responses to inquiries and the organization of introductory meetings and briefings will be carried out as quickly as possible.

Description

Authentication (AuthN) methods are, among other things, an essential means of securing software systems by clearly defining and allowing only identified entities to access certain parts of a software system. There are many ways to categorize existing AuthN solutions, but a proven and probably most commonly used approach is to categorize them based on the AuthN factor used, i.e., the factor used to authenticate an authenticating entity. Knowledge-based AuthN methods authenticate an entity based on secret information known to the entity, such as password- or PIN-based authentication. Possession-based AuthN performs authentication based on a unique item possessed by the entity being authenticated, such as a hardware token or passkeys. Biometric-based AuthN performs authentication based on a unique biometric feature that identifies the entity being authenticated, such as fingerprint-based AuthN or retinal scanning.

Numerous research efforts have been made in recent decades to develop more secure, usabley, and performant AuthN methods. This has led to increasingly sophisticated AuthN methods, such as authentication based on a user’s gait or handwriting. Unfortunately, there is still no comprehensive overview of existing AuthN methods, which makes it extremely difficult to gain an initial overview of the world of AuthN methods. Such an overview would be of great value to research, as it would provide young researchers with an easy entry point to familiarize themselves with existing AuthN methods, could serve as a basis for identifying research gaps, and as a basis for comparing new AuthN methods with other existing research.

In a recent thesis project, we made initial efforts to create such a comprehensive overview of AuthN methods. Using an LLM-based, lightweight SLR approach and semantic clustering, we identified a total of 24 different AuthN method clusters from a total of 1265 scientific papers that originally emerged from our constructed meta-query in the SLR. Although the results represent a very valuable first contribution, they are still limited for two main reasons: First, only one scientific database (IEEE Explore) was used to identify relevant articles. Second, the results show a clear focus on biometric AuthN methods; detailed information on knowledge-based and possession-based AuthN methods has not yet been sufficiently researched.

The related thesis can be found here: https://swc.rwth-aachen.de/theses/a-classification-approach-for-authentication-methods/

The list of AuthN methods we identified is published here: https://a-classification-approach-for-authentication-methods.pages.rwth-aachen.de/web-catalog/

Goal

In this thesis project, we aim to build on this work to develop a novel authentication pattern framework. To this end, we want to identify further AuthN methods, focusing on knowledge-based and possession-based AuthN methods, and categorize them using the AuthN method taxonomy we have developed. In this context, the taxonomy will be refined as necessary to better or more accurately represent additional AuthN methods.

Contributios

The contributions of this thesis project are manifold. First, it enriches the existing AuthN method overview by extracting further related approaches from scientific publications, especially from the knowledge- and possession-based AuthN method world, which are so far underrepresented in the overview. Second, it aims to refine the AuthN method taxonomy to enable a finer and more precise classification of AuthN methods. Third, it aims to understand the inherent differences between knowledge-based, possession-based, and biometrics-based AuthN, which could be one reason why many more biometric approaches could be identified in the related thesis. Finally, this project serves as a case study to evaluate the usability of the developed research methodology when using an LLM-assisted, lightweight SLR approach to extract relevant information in a field where much data cannot be easily excluded, resulting in too many potentially relevant scientific papers from the meta-query having to be manually analyzed for suitability.