@misc{bocetta2023, title = {{Biometrische Authentifizierung: Vor-/Nachteile sowie Risiken}}, shorttitle = {{Biometrische Authentifizierung}}, author = {Bocetta, Sam}, year = {2023}, journal = {GlobalSign}, urldate = {2025-07-23}, abstract = {Dieser Artikel erl{\"a}utert, was biometrische Authentifizierung ist und wof{\"u}r sie eingesetzt wird.}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\QVXD3NNA\biometrische-authentifizierung-gutes-schlechtes-und-problematisches.html}, note = {(Zugriff am 23.07.2025)}, howpublished = {\url{https://www.globalsign.com/de-de/blog/biometrische-authentifizierung-gutes-schlechtes-und-problematisches}} } @book{boonkrong2021, title = {Authentication and {{Access Control}}: {{Practical Cryptography Methods}} and {{Tools}}}, shorttitle = {Authentication and {{Access Control}}}, author = {Boonkrong, Sirapat}, year = {2021}, publisher = {Apress}, address = {Berkeley, CA}, doi = {10.1007/978-1-4842-6570-3}, urldate = {2025-05-29}, copyright = {http://www.springer.com/tdm}, isbn = {978-1-4842-6570-3}, langid = {english}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\GUDGV4NS\Boonkrong - 2021 - Authentication and Access Control Practical Cryptography Methods and Tools.pdf} } @misc{bsi2025, title = {{Grunds{\"a}tzliche Funktionsweise biometrischer Verfahren}}, author = {{BSI}}, year = {2025}, journal = {Bundesamt f{\"u}r Sicherheit in der Informationstechnik}, urldate = {2025-07-23}, abstract = {Einleitung: Ziel einer biometrischer Erkennung ist stets, die Identit{\"a}t einer Person zu ermitteln (Identifikation) oder die behauptete Identit{\"a}t zu best{\"a}tigen oder zu widerlegen (Verifikation).}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\3RTTS9P8\einfuehrung.html}, note = {(Zugriff am 23.07.2025)}, howpublished = {\url{https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Technologien_sicher_gestalten/Biometrie/AllgemeineEinfuehrung/einfuehrung.html?nn=452592}} } @book{bub2015, title = {{Sicherheit im Wandel von Technologien und M{\"a}rkten}}, editor = {Bub, Udo and Deleski, Viktor and Wolfenstetter, Klaus-Dieter}, year = {2015}, publisher = {Springer Fachmedien Wiesbaden}, address = {Wiesbaden}, doi = {10.1007/978-3-658-11274-5}, urldate = {2025-07-07}, copyright = {http://www.springer.com/tdm}, isbn = {978-3-658-11273-8 978-3-658-11274-5}, langid = {ngerman}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\PTHW773Q\Bub et al. - 2015 - Sicherheit im Wandel von Technologien und Märkten.pdf} } @article{catalano2025, title = {Defeating {{FIDO2}}/{{CTAP2}}/{{WebAuthn}} Using Browser in the Middle and Reflected Cross Site Scripting}, author = {Catalano, Christian and Chezzi, Andrea and Barletta, Vita Santa and Tommasi, Franco}, year = {2025}, journal = {Journal of Computer Virology and Hacking Techniques}, volume = {21}, number = {1}, publisher = {{Springer Science and Business Media LLC}}, issn = {2263-8733}, doi = {10.1007/s11416-025-00556-2}, urldate = {2025-07-14}, abstract = {In our modern digital landscape, web browsers play a crucial role as gateways to large amounts of information and services. However, recent developments have demonstrated that the very features that make browsing convenient and seamless can be exploited by malicious actors through a potent threat vector known as the ``Browser-in-the-Middle'' (BitM) attack. Most of the Multi-Factor Authen- tication (MFA) security measures are shown to be ineffective to prevent BitM attacks. However, the FIDO2 Project that includes CTAP2 protocol that works together with the Web Authentication API (WebAuthn API) has been proven to be a virtually unattackable MFA method by current state-of-the-art BitM implementations. At least until now. This work expands the range of applica- ble scenarios where BitM attack can be used by taking its technical architecture a step further: we show how the effectiveness of BitM---used along a Reflected XSS vulnerability exploitation---can be improved resulting in the novel BitM + attack that proves to be capable of defeating any available MFA method including FIDO2/WebAuthn solutions that rely on hardware dongles and represent the only method of authentication that went undefeated by virtually any phishing attack approach to date.}, copyright = {https://creativecommons.org/licenses/by/4.0}, langid = {english}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\PGFNMK29\Catalano et al. - 2025 - Defeating FIDO2CTAP2WebAuthn using browser in the middle and reflected cross site scripting.pdf} } @misc{deinhard2025, title = {{Welche modernen Authentifizierungsm{\"o}glichkeiten gibt es?}}, author = {Deinhard, Florian}, year = {2025}, journal = {IT-Schulungen.com}, urldate = {2025-07-12}, abstract = {Moderne Authentifizierungsmethoden spielen eine zentrale Rolle in der Absicherung von IT-Infrastrukturen und Benutzerzugriffen. Durch die Entwicklung fortschrittlicher Techniken wie Multi-Faktor-Authentifizierung (MFA), biometrische Verfahren und}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\AXP2BY7Y\welche-modernen-authentifizierungsmoeglichkeiten-gibt-es.html}, note = {(Zugriff am 12.07.2025)}, howpublished = {\url{https://www.it-schulungen.com/wir-ueber-uns/wissensblog/welche-modernen-authentifizierungsmoeglichkeiten-gibt-es.html}} } @book{eichstaedt2024, title = {{52 Stunden Informatik: Was jeder {\"u}ber Informatik wissen sollte}}, shorttitle = {{52 Stunden Informatik}}, author = {Eichst{\"a}dt, Timm and Spieker, Stefan}, year = {2024}, publisher = {Springer Fachmedien Wiesbaden}, address = {Wiesbaden}, doi = {10.1007/978-3-658-41838-0}, urldate = {2025-07-07}, copyright = {https://www.springernature.com/gp/researchers/text-and-data-mining}, isbn = {978-3-658-41838-0}, langid = {ngerman}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\E455ZNKU\Eichstädt und Spieker - 2024 - 52 Stunden Informatik Was jeder über Informatik wissen sollte.pdf} } @misc{fido-alliance2019, title = {Client to {{Authenticator Protocol}} ({{CTAP}})}, author = {{FIDO-Alliance}}, year = {2019}, urldate = {2025-07-14}, file = {C:\Users\Dominik\Zotero\storage\F7L7LM6I\fido-client-to-authenticator-protocol-v2.0-ps-20190130.html}, note = {(Zugriff am 14.07.2025)}, howpublished = {\url{https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html}} } @book{garbis2024, title = {{Zero Trust Sicherheit: Ein Leitfaden f{\"u}r Unternehmen}}, shorttitle = {{Zero Trust Sicherheit}}, author = {Garbis, Jason and Chapman, Jerry W.}, year = {2024}, publisher = {Apress}, address = {Berkeley, CA}, doi = {10.1007/979-8-8688-0105-1}, urldate = {2025-07-07}, copyright = {https://www.springernature.com/gp/researchers/text-and-data-mining}, isbn = {979-8-8688-0105-1}, langid = {ngerman}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\8DG9NI4S\Garbis und Chapman - 2024 - Zero Trust Sicherheit Ein Leitfaden für Unternehmen.pdf} } @misc{gillis2024, title = {{Was ist Trusted Platform Module (TPM)? - Definition von Computer Weekly}}, shorttitle = {{Was ist Trusted Platform Module (TPM)?}}, author = {Gillis, Alexander S.}, year = {2024}, journal = {ComputerWeekly.de}, urldate = {2025-07-14}, abstract = {Ein Trusted Platform Module (TPM) ist ein spezialisierter Chip, der Hardware mit integrierten kryptografischen Schl{\"u}sseln sichert.}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\ERHS8F2D\Trusted-Platform-Module-TPM.html}, note = {(Zugriff am 14.07.2025)}, howpublished = {\url{https://www.computerweekly.com/de/definition/Trusted-Platform-Module-TPM}} } @misc{ionos2021, title = {{CTAP: Protokoll f{\"u}r mehr Sicherheit \& Komfort im Web}}, shorttitle = {{CTAP}}, author = {{IONOS}}, year = {2021}, journal = {IONOS Digital Guide}, urldate = {2025-07-15}, abstract = {Mit FIDO2, WebAuthn und CTAP k{\"o}nnten Passw{\"o}rter bald der Vergangenheit angeh{\"o}ren. Neue Standards setzen stattdessen auf Hardware-Tokens und biometrische Daten.}, langid = {ngerman}, note = {(Zugriff am 15.07.2025)}, howpublished = {\url{https://www.ionos.de/digitalguide/server/sicherheit/client-to-authenticator-protocol-ctap/}} } @book{kaufmann2023, title = {{Grundkurs Wirtschaftsinformatik: Eine kompakte und praxisorientierte Einf{\"u}hrung}}, shorttitle = {{Grundkurs Wirtschaftsinformatik}}, author = {Kaufmann, Jens and M{\"u}lder, Wilhelm}, year = {2023}, publisher = {Springer Fachmedien}, address = {Wiesbaden}, doi = {10.1007/978-3-658-37937-7}, urldate = {2024-03-18}, isbn = {978-3-658-37937-7}, langid = {ngerman}, keywords = {Betriebliche Informationssysteme,Datenbanken,E-Business,Enterprise Resource Planning,ERP-Systeme,Grundlagen der Wirtschaftsinformatik,Informationsmanagement,IT-Grundlagen,IT-Sicherheit,M-Business,Mobile Business,Rechnersysteme,Social Media,Softwareentwicklung,Vorhanden,Wirtschaftsinformatik Buch}, file = {C:\Users\Dominik\Zotero\storage\YFPL5WWR\Kaufmann und Mülder - 2023 - Grundkurs Wirtschaftsinformatik Eine kompakte und.pdf} } @book{kebschull2023, title = {{Computer Hacking: Eine Einf{\"u}hrung zur Verbesserung der Computersicherheit in komplexen IT-Infrastrukturen}}, shorttitle = {{Computer Hacking}}, author = {Kebschull, Udo}, year = {2023}, edition = {1.}, publisher = {Springer Berlin Heidelberg}, address = {Berlin, Heidelberg}, urldate = {2025-01-10}, isbn = {978-3-662-67030-9}, langid = {german}, keywords = {Risk management; Computer networks; Data protection; Computer crimes; Lehrbuch; Hacker; Computersicherheit; Datensicherung; Softwareschwachstelle; Penetrationstest; Softwarewerkzeug,Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\97CIRM6Z\Kebschull - 2023 - Computer Hacking Eine Einführung zur Verbesserung der Computersicherheit in komplexen IT-Infrastruk.pdf} } @misc{koeller2023, title = {{Authentisierung, Authentifizierung \& Autorisierung: Was ist der Unterschied?}}, shorttitle = {{Authentisierung, Authentifizierung \& Autorisierung}}, author = {K{\"o}ller, Joe}, year = {2023}, journal = {tenfold Security}, urldate = {2025-07-24}, abstract = {Die Anmeldung in IT-Systemen erfolgt in 3 Phasen: Dateneingabe, Kontrolle und Freigabe. Alles {\"u}ber Authentisierung vs Authentifizierung {$\rightarrow$}}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\UNBYQ5W9\authentisierung-authentifizierung-autorisierung-unterschied.html}, note = {(Zugriff am 24.07.2025)}, howpublished = {\url{https://www.tenfold-security.com/authentisierung-authentifizierung-autorisierung-unterschied/}} } @phdthesis{kruse2020, type = {{Masterarbeit}}, title = {{Biometriebasierte Authentifizierung mit WebAuthn}}, author = {Kruse, Malte}, year = {2020}, address = {Berlin}, urldate = {2025-06-18}, langid = {ngerman}, school = {Humboldt-Universit{\"a}t zu Berlin}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\Y8MJYGT8\SAR-PR-2020-02_.pdf} } @misc{nevis2022, title = {{Grundlegendes Wissen von Nevis: Was ist FIDO}}, shorttitle = {{Grundlegendes Wissen von Nevis}}, author = {{Nevis}}, year = {2022}, urldate = {2025-07-21}, abstract = {Erfahren Sie mehr {\"u}ber den offenen, skalierbaren und sicheren, passwortfreien FIDO Standard f{\"u}r die Online-Authentifizierung}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\ZHZPGEPT\was-ist-fido.html}, note = {(Zugriff am 21.07.2025)}, howpublished = {\url{https://www.nevis.net/de/grundlagen/was-ist-fido}} } @article{ometov2018, title = {Multi-{{Factor Authentication}}: {{A Survey}}}, shorttitle = {Multi-{{Factor Authentication}}}, author = {Ometov, Aleksandr and Bezzateev, Sergey and M{\"a}kitalo, Niko and Andreev, Sergey and Mikkonen, Tommi and Koucheryavy, Yevgeni}, year = {2018}, month = jan, journal = {Cryptography}, volume = {2}, number = {1}, pages = {1}, issn = {2410-387X}, doi = {10.3390/cryptography2010001}, urldate = {2025-05-29}, abstract = {Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir's Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.}, copyright = {https://creativecommons.org/licenses/by/4.0/}, langid = {english}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\YMC3ZV3I\Ometov et al. - 2018 - Multi-Factor Authentication A Survey.pdf} } @book{pufahl2024, title = {{Cybersecurity f{\"u}r Manager: Cybergefahren wirksam begegnen -- das Kompetenzmodell f{\"u}r die Praxis}}, shorttitle = {{Cybersecurity f{\"u}r Manager}}, author = {Pufahl, Mario and Paulsen, Patrick and Arndt, Paul}, year = {2024}, publisher = {Springer Fachmedien Wiesbaden}, address = {Wiesbaden}, doi = {10.1007/978-3-658-44892-9}, urldate = {2025-01-19}, copyright = {https://www.springernature.com/gp/researchers/text-and-data-mining}, isbn = {978-3-658-44892-9}, langid = {ngerman}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\JHXGLIBP\Pufahl et al. - 2024 - Cybersecurity für Manager Cybergefahren wirksam begegnen – das Kompetenzmodell für die Praxis.pdf} } @misc{schwabe2021, title = {{Passwortlose Authentifizierung {\"u}ber FIDO2}}, author = {Schwabe, Caroline}, year = {2021}, journal = {Robin Data GmbH}, urldate = {2025-07-14}, abstract = {Passwortlose Authentifizierung {\"u}ber FIDO2, Webauthn \& CTAP. Warum das Passwort veraltet ist und welche Sicherheits-Standard g{\"a}ngig sind!}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\22H5YPKT\passwortlose-authentifizierung-ueber-fido2.html}, note = {(Zugriff am 14.07.2025)}, howpublished = {\url{https://www.robin-data.io/datenschutz-akademie/wiki/passwortlose-authentifizierung-ueber-fido2}} } @book{trojahn2016, title = {{Sichere Multi-Faktor-Authentifizierung an Smartphones mithilfe des Tippverhaltens}}, author = {Trojahn, Matthias}, year = {2016}, publisher = {Springer Fachmedien Wiesbaden}, address = {Wiesbaden}, doi = {10.1007/978-3-658-14049-6}, urldate = {2025-07-07}, copyright = {http://www.springer.com/tdm}, isbn = {978-3-658-14049-6}, langid = {ngerman}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\DBHDRUEU\Trojahn - 2016 - Sichere Multi-Faktor-Authentifizierung an Smartphones mithilfe des Tippverhaltens.pdf} } @book{tsolkas2017, title = {{Rollen und Berechtigungskonzepte}}, author = {Tsolkas, Alexander and Schmidt, Klaus}, year = {2017}, publisher = {Springer Fachmedien Wiesbaden}, address = {Wiesbaden}, doi = {10.1007/978-3-658-17987-8}, urldate = {2025-05-29}, copyright = {http://www.springer.com/tdm}, isbn = {978-3-658-17987-8}, langid = {ngerman}, keywords = {Vorhanden}, file = {C:\Users\Dominik\Zotero\storage\ND6EMKH4\Tsolkas und Schmidt - 2017 - Rollen und Berechtigungskonzepte.pdf} } @misc{vigo2024, title = {{Moderne Authentifizierung: {\"U}bersicht und Anwendungsf{\"a}lle}}, shorttitle = {{Moderne Authentifizierung}}, author = {Vigo, Jesus}, year = {2024}, urldate = {2025-07-13}, abstract = {Erfahren Sie, was moderne Authentifizierung ist und wie man sie implementiert. Erfahren Sie, wie Sie mit MFA, SSO, OAuth, OpenID Connect und mehr die Sicherheit Ihrer Organisation erh{\"o}hen k{\"o}nnen.}, langid = {ngerman}, file = {C:\Users\Dominik\Zotero\storage\WKHPL6ZK\moderne-authentifizierung-uebersicht.html}, note = {(Zugriff am 13.07.2025)}, howpublished = {\url{https://www.jamf.com/de/blog/moderne-authentifizierung-uebersicht/}} }