Authentication involves validating the authenticity of something or someone. This book is on advances in user authentication. It is authored by Dipankar Dasgupta, a faculty member at the University of Memphis, along with his former students Arunava Roy and Abhijit Nag. The first author has many achievements to his credit including three books apart from this one and scores of highly cited publications. This book is published as part of the Infosys Science Foundation Series in Applied Sciences and Engineering.

The book has many color illustrations and contains seven chapters. Chapter 1 focuses on very basic concepts and introduces the notion of authentication. This chapter acquaints the reader with various types of authentication based on what we know, what we have, what we are, and where we are. A combination of these is said to be better than just one.

Chapter 2 focuses on biometric authentication, which involves the automatic identification of living individuals by using their physiological and behavioral characteristics. Techniques for recognition by using the face, fingerprints, iris, retina, hand geometry, voice, keystrokes, gait, and brain prints are highlighted. The applications of biometrics for many real-life situations such as immigration and banking are mentioned. The limitations of biometrics, multimodal systems, and attacks on biometric systems are also very briefly discussed.

Chapter 3 is on negative authentication systems. In this chapter various types of negative authentication systems are mentioned. There is a short writeup about the implementation of such systems. Chapter 4 looks at honeywords, natural language encoders, Bloom filters, and nontextual passwords such as graphical passwords.

Chapter 5 is on multifactor authentication. Enhanced security is possible through the use of more than one authentication factor. The focus here is on the drawbacks of single-factor authentication and the benefits of using two or more authentication factors. Many different concepts related to authentication are also explained briefly here including single sign-on, and RSA SecurID. Finally, various products are compared.

Chapter 6 is on continuous authentication where the objective is to authenticate individuals periodically during sessions to ensure valid identity. Various aspects of continuous authentication are talked about such as the characteristics of a good continuous authentication system, ways to design such systems, and mechanisms for selecting attributes for such systems.

The seventh and last chapter of the book is on adaptive multifactor authentication. The objective of this chapter is to demonstrate that authentication factors, when chosen adaptively, can ameliorate multifactor authentication. This can be achieved by validating users at any instance of time by detecting devices, media, and the enveloping conditions so as to make the decisions irregular and unusable by cyberpunks.

The book, which is well organized, will be useful for teaching a course on user authentication; this is possible due to the existence of chapter summaries, review questions, multiple choice questions, and references at the end of chapters. Although the book is titled Advances in user authentication, the advances in the field have not been highlighted in a chronological manner. It should be pointed out that the focus of the book is on the authentication of living individuals alone and not computers, machines, or nonliving things. So we see that there is no mention of techniques such as Kerberos. There is no discussion about user authentication in systems such as operating systems, standards for authentication of financial transactions, the remote authentication dial-in user service (RADIUS) protocol, radio-frequency identification (RFID), authentication in unsecure environments, authentication on mobile devices, the use of visual cryptography for authentication, and public key certificates. The book does not provide any guidance on which authentication techniques will work best, depending on security requirements, budget, and user convenience. Privacy and data protection issues of biometric systems are not dealt with in the book. Many topics have not been covered in depth; often they are contained in less than a page. I feel the English language usage in the book could have been better. Nevertheless, this book is suitable as an introductory book on user authentication for novices to computer security, developers, students, system administrators, network security professionals, managers, researchers, and others.