Framework for the comparison and selection of schemes for Multi-factor authentication

Abstract

Authentication is the process of verifying the identity of a user. An authentication factor is a piece of information used for authenticating. Three well-known groups of authentication factors exist: knowledge-based (what you know), possession-based (what you have) and inherence-based (what you are). Authentication schemes from distinct factors can be combined in a multifactor manner to increase security. Various multi-factor authentication proposals exist in literature. However, the absence of a method for their evaluation in software development contexts is observed. Thus, this research focuses on the creation of a recommendation framework that guides the comparison and selection of authentication techniques by considering the application context and its requirements. This is achieved through a knowledge base generated from an extensive systematic literature review, coupled with surveys and interviews performed to industry experts from a partnered software development company. This company has also collaborated in validating the proposal through and expert panel and the realization of case studies. Moreover, a tool prototype for using the framework was also developed. This work extends from previously published material by updating the performed systematic literature review with publications since 2017, while also providing additional information regarding the tool prototype and the planning of the case studies.