Toward the design of adaptive selection strategies for multi-factor authentication

Define authentication factors.Evaluate trustworthy values of different authentication factors.Evaluate trustworthy values of different sets of authentication factors.Design multi-objective optimization strategies for adaptive multi-factor authentication.Conducting experiments for checking the efficiency and effectiveness of the proposed approach. Authentication is the fundamental safeguard against any illegitimate access to a computing device and other sensitive online applications. Because of recent security threats, authentication through a single factor is not reliable to provide adequate protection of these devices and applications. Hence, to facilitate continuous protection of computing devices and other critical online services from unauthorized access, multi-factor authentication can provide a viable option. Many authentication mechanisms with varying degrees of accuracy and portability are available for different types of computing devices. As a consequence, several existing and well-known multi-factor authentication strategies have already been utilized to enhance the security of various applications. Keeping this in mind, we developed a framework for authenticating a user efficiently through a subset of available authentication modalities along with their several features (authentication factors) in a time-varying operating environment (devices, media, and surrounding conditions, like light, noise, motion, etc.) on a regular basis. The present work is divided into two parts, namely, a formulation for calculating trustworthy values of different authentication factors and then the development of a novel adaptive strategy for selecting different available authentication factors based on their calculated trustworthy values, performance, selection of devices, media, and surroundings. Here, adaptive strategy ensures the incorporation of the existing environmental conditions on the selection of authentication factors and provides significant diversity in the selection process. Simulation results show the proposed selection approach performs better than other existing and widely used selection strategies, mainly, random and optimal cost selections in different settings of operating environments. The detailed implementation of the proposed multi-factor authentication strategy, along with performance evaluation and user study, has been accomplished to establish its superiority over the existing frameworks.

[1]  Anil K. Jain,et al.  Fingerprint Reconstruction: From Minutiae to Phase , 2011, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[2]  Hamid Jahankhani,et al.  A Survey of User Authentication Based on Mouse Dynamics , 2008 .

[3]  Ingo Deutschmann,et al.  Behavioral biometrics for DARPA's Active Authentication program , 2013, 2013 International Conference of the BIOSIG Special Interest Group (BIOSIG).

[4]  Dipankar Dasgupta,et al.  An Adaptive Approach Towards the Selection of Multi-Factor Authentication , 2015, 2015 IEEE Symposium Series on Computational Intelligence.

[5]  David G. Luenberger,et al.  Linear and nonlinear programming , 1984 .

[6]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[7]  Anil K. Jain,et al.  Fingerprint Matching , 2010, Computer.

[8]  Claus Vielhauer Biometric User Authentication for it Security - From Fundamentals to Handwriting , 2006, Advances in Information Security.

[9]  Lutz Kilian,et al.  NEW INTRODUCTION TO MULTIPLE TIME SERIES ANALYSIS, by Helmut Lütkepohl, Springer, 2005 , 2006, Econometric Theory.

[10]  Mourad Debbabi,et al.  On fingerprinting probing activities , 2014, Comput. Secur..

[11]  KyungHee Lee,et al.  Two-factor face authentication using matrix permutation transformation and a user password , 2014, Inf. Sci..

[12]  Chu Kiong Loo,et al.  An integrated approach for head gesture based interface , 2012, Appl. Soft Comput..

[13]  Richard P. Guidorizzi Security: Active Authentication , 2013, IT Prof..

[14]  Sung-Hyuk Cha,et al.  An investigation of keystroke and stylometry traits for authenticating online test takers , 2011, 2011 International Joint Conference on Biometrics (IJCB).

[15]  Konrad Rieck,et al.  Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior , 2014, Sicherheit.

[16]  Yi Chen,et al.  Advanced Technologies for Touchless Fingerprint Recognition , 2009, Handbook of Remote Biometrics.

[17]  A. Singh Exponential Distribution: Theory, Methods and Applications , 1996 .

[18]  Ajith Abraham,et al.  Spiking neural network and wavelets for hiding iris data in digital images , 2009, Soft Comput..

[19]  D. Dasgupta,et al.  Advances in artificial immune systems , 2006, IEEE Computational Intelligence Magazine.

[20]  Helmut Ltkepohl,et al.  New Introduction to Multiple Time Series Analysis , 2007 .

[21]  Shane Dunn,et al.  Genetic Algorithm Optimisation of Mathematical Models Using Distributed Computing , 2002, IEA/AIE.

[22]  Sharath Pankanti,et al.  An identity-authentication system using fingerprints , 1997, Proc. IEEE.

[23]  David W. Aha,et al.  User Authentication from Web Browsing Behavior , 2013, FLAIRS.

[24]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1951 .

[25]  Chunming Tang,et al.  Privacy-preserving face recognition with outsourced computation , 2016, Soft Comput..

[26]  Nicolae Constantinescu,et al.  Intuitionistic fuzzy system for fingerprints authentication , 2013, Appl. Soft Comput..

[27]  Takeo Kanade,et al.  An Iterative Image Registration Technique with an Application to Stereo Vision , 1981, IJCAI.

[28]  Rachel Greenstadt,et al.  Adversarial stylometry: Circumventing authorship recognition to preserve privacy and anonymity , 2012, TSEC.

[29]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[30]  Reda Alhajj,et al.  Fraudulent and malicious sites on the web , 2009, Applied Intelligence.

[31]  Bin Liang,et al.  High-dimension space projection-based biometric encryption for fingerprint with fuzzy minutia , 2016, Soft Comput..

[32]  Vir V. Phoha,et al.  Continuous authentication with cognition-centric text production and revision features , 2014, IEEE International Joint Conference on Biometrics.

[33]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[34]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[35]  Anil K. Jain,et al.  Continuous user authentication using temporal information , 2010, Defense + Commercial Sensing.

[36]  Larry S. Davis,et al.  Screen Fingerprints: A Novel Modality for Active Authentication , 2013, IT Professional.

[37]  Dipankar Dasgupta,et al.  An adaptive approach for continuous multi-factor authentication in an identity eco-system , 2014, CISR '14.

[38]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[39]  Vir V. Phoha,et al.  Scan-Based Evaluation of Continuous Keystroke Authentication Systems , 2013, IT Professional.

[40]  Chung-Ming Ou,et al.  Adaptation of proxy certificates to non-repudiation protocol of agent-based mobile payment systems , 2009, Applied Intelligence.

[41]  Kevin Kwok,et al.  User Identification and Characterization From Web Browsing Behavior , 2012 .

[42]  Lorie M. Liebrock,et al.  Authentication graphs: Analyzing user behavior within an enterprise network , 2015, Comput. Secur..