Multiplicative Attributes Graph Approach for Persistent Authentication in Single-Sign-On Mobile Systems

Single-sign-on (SSO) has been proposed as a more efficient and convenient authentication method. Classic SSO systems re-authenticate a user to different applications based on a fixed set of attributes (e.g. Username-password combinations). However, the use of a fixed set of attributes fail to account for mobility and contextual variations of user activities. Thus, in a SSO based system, robust persistent authentications and secure session termination management are vital for ensuring secure operations. In this paper we propose a novel persistent authentication technique using multiplicative attribute graph model. We use multiple attribute based persistent authentication model using facial biometrics, location and activity specific information. We propose a novel membership (or group affiliations) based session management technique for user initiated SSO global logout management. Significance and viability of these methods are demonstrated by security, complexity and numerical analyses. In conclusion, our model provides meaningful insights and more pragmatic approaches for persistent authentication and session termination management in implementing SSO based mobile collaborative applications.

[1]  Bogdan Hoanca,et al.  Real-time continuous iris recognition for authentication using an eye tracker , 2012, CCS '12.

[2]  Peng Liu,et al.  The implementation and evaluation of a recovery system for workflows , 2009, J. Netw. Comput. Appl..

[3]  Jure Leskovec,et al.  Latent Multi-group Membership Graph Model , 2012, ICML.

[4]  Linus Nilsson,et al.  Continuous Authentication Using Behavioral Biometrics , 2013, IT Professional.

[5]  Anil K. Jain,et al.  Soft Biometric Traits for Continuous User Authentication , 2010, IEEE Transactions on Information Forensics and Security.

[6]  Sanna Suoranta,et al.  Authentication Session Migration , 2010, NordSec.

[7]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[8]  William J. Buchanan,et al.  Monitoring information security risks within health care , 2013, Comput. Secur..

[9]  Dan Boneh,et al.  Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks , 2012, USENIX Security Symposium.

[10]  Christian Fraboul,et al.  Multi-level Authentication Based Single Sign-On for IMS Services , 2012, Communications and Multimedia Security.

[11]  Wayne G. Lutters,et al.  Tensions of network security and collaborative work practice: Understanding a single sign-on deployment in a regional hospital , 2011, Int. J. Medical Informatics.

[12]  Corrado Aaron Visaggio Session management vulnerabilities in today's web , 2010, IEEE Security & Privacy.

[13]  Tuomas Aura,et al.  Logout in Single Sign-on Systems , 2013, IDMAN.

[14]  Wanyu Zang,et al.  Multi-version attack recovery for workflow systems , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[15]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[16]  Dan Boneh,et al.  SessionJuggler: secure web login from an untrusted terminal using session hijacking , 2012, WWW.

[17]  Indrakshi Ray,et al.  Recovering from Malicious Attacks in Workflow Systems , 2005, DEXA.

[18]  Chris J. Mitchell,et al.  A Taxonomy of Single Sign-On Systems , 2003, ACISP.

[19]  Michael Hanley Deriving Candidate Technical Controls and Indicators of Insider Attack from Socio-Technical Models and Data , 2011 .

[20]  Sahin Albayrak,et al.  Behavioral biometrics for persistent single sign-on , 2011, DIM '11.

[21]  Shree K. Nayar,et al.  Ieee Transactions on Pattern Analysis and Machine Intelligence Describable Visual Attributes for Face Verification and Image Search , 2022 .

[22]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[23]  Francisco Herrera,et al.  A Survey of Discretization Techniques: Taxonomy and Empirical Analysis in Supervised Learning , 2013, IEEE Transactions on Knowledge and Data Engineering.

[24]  Jiankun Hu,et al.  Correlation Keystroke Verification Scheme for User Access Control in Cloud Computing Environment , 2011, Comput. J..

[25]  Giovanni Vigna,et al.  Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications , 2007, RAID.

[26]  Bharat K. Bhargava,et al.  A Kolmogorov Complexity Approach for Measuring Attack Path Complexity , 2011, SEC.

[27]  F. Iannone,et al.  Enabling remote access to projects in a large collaborative environment , 2010 .

[28]  Jure Leskovec,et al.  Multiplicative Attribute Graph Model of Real-World Networks , 2010, Internet Math..

[29]  Pei-wei Tsai,et al.  Interactive Artificial Bee Colony Supported Passive Continuous Authentication System , 2014, IEEE Systems Journal.

[30]  Yong Joon Park,et al.  Web Application Intrusion Detection System for Input Validation Attack , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[31]  Dawn M. Cappelli,et al.  Common Sense Guide to Mitigating Insider Threats 4th Edition , 2012 .

[32]  David W. Chadwick,et al.  Persistent versus Dynamic Role Membership , 2003, DBSec.