A Continuous LoA Compliant Trust Evaluation Method

The trust provided by authentication systems is commonly expressed with a Level of Assurance (LoA see 3). If it can be considered as a first process to simplify the expression of trust during the authentication step, it does not handle all the aspects of the authentication mechanism and especially it fails to integrate continuous authentication systems. In this paper, we propose a model based on the Dempster Shafer theory to merge continuous authentication system with more traditional static authentication scheme and to assign a continuous trust level to the current LoA. In addition, this method is proved to be compliant with the LoA frameworks.

[1]  Ray A. Perlner,et al.  Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology (Special Publication 800-63-1) , 2012 .

[2]  Sean Peisert,et al.  Principles of authentication , 2013, NSPW '13.

[3]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[4]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[5]  Alex Pentland,et al.  Reality mining: sensing complex social systems , 2006, Personal and Ubiquitous Computing.

[6]  Patrick Bours,et al.  Gait and activity recognition using commercial phones , 2013, Comput. Secur..

[7]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[8]  Philippe Smets,et al.  The Transferable Belief Model , 1991, Artif. Intell..

[9]  Dipankar Dasgupta,et al.  An adaptive approach for continuous multi-factor authentication in an identity eco-system , 2014, CISR '14.

[10]  Lionel M. Ni,et al.  An unsupervised framework for sensing individual and cluster behavior patterns from human mobile data , 2012, UbiComp.

[11]  Kalyanmoy Deb,et al.  An Adaptive Approach for Active Multi-Factor Authentication , 2014 .

[12]  Einar Snekkenes,et al.  Formalizing the ranking of authentication products , 2009, Inf. Manag. Comput. Secur..

[13]  Audun Jøsang,et al.  Identity management and trusted interaction in internet and mobile computing , 2014, IET Inf. Secur..

[14]  Steven Furnell,et al.  Beyond the PIN: Enhancing user authentication for mobile devices , 2008 .

[15]  Nathan L. Clarke Transparent User Authentication - Biometrics, RFID and Behavioural Profiling , 2011 .

[16]  Karen Renaud,et al.  Invisible, Passive, Continuous and Multimodal Authentication , 2010, MSSP.

[17]  XiaoFeng Wang,et al.  Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services , 2012, 2012 IEEE Symposium on Security and Privacy.