Alex R. Mattukat

Alex R. Mattukat, Vincent Schmandt, Timo Langstrof et al.

Authentication is a fundamental security means for protecting system resources. Authenticator-centric authentication techniques (AuthN Techniques) address how mechanisms and credentials are used via Authenticators. There are many AuthN Techniques that differ in many ways and there exist classification approaches that aim to structure them. However, they are limited in the aspects they classify and are not flexible enough to accommodate the diverse nature of AuthN Techniques. This paper presents two contributions. First, novel, faceted classification schemes for AuthN Techniques and Authenticators are presented. The schemes were developed based on 345 papers identified through a targeted LLM-assisted literature review and semantic clustering. The classification schemes were applied to build a catalog of Authenticators and AuthN Techniques; the second contribution of this paper. This paper presents our methodology, the classification schemes with example applications, the list of AuthN Techniques from the catalog, and discussions on future work.

Alex R. Mattukat, Florian M. Braun, Horst Lichter

System requirement specifications (SyRSs) are central, natural-language (NL) artifacts. Access to real SyRS for research purposes is highly valuable but limited by proprietary restrictions or confidentiality concerns. Generating synthetic SyRSs (SSyRSs) can address this scarcity. Black-box large language models (LLMs) such as ChatGPT offer compelling generation capabilities by providing easy access to NL generation functions without requiring access to real data. However, LLMs suffer from hallucinations and overconfidence, which pose major challenges in their use. We designed an exploratory study to investigate whether, despite these challenges, we can generate realistic SSyRSs with ChatGPT without having access to real SyRSs. Using a systematic approach that leverages prompt patterns, LLM-based quality assessments, and iterative prompt refinements, we generated 300 SSyRSs across 10 industries with ChatGPT. The results were evaluated using cross-model checks and an expert study, with n=87 submitted surveys. 62\% of experts considered the SSyRSs to be realistic. However, in-depth examination revealed contradictory statements and deficiencies. Overall, we were able to generate realistic SSyRSs to a certain extent with ChatGPT, but LLM-based quality assessments cannot fully replace thorough expert evaluations. This paper presents the methodology and results of our study and discusses the key insights we obtained.