Context-aware systems and adaptive user authentication

In this paper we discuss the possibilities of context-aware systems in providing more secure user authentication. We describe some approaches in using context information in adaptive security systems, especially in adaptive user authentication. In addition, we discuss some recent results in applying the context itself as an authentication factor. Recent advances in cryptographic protocol design and adaptive, context-aware systems enable the linking of the context information to the cryptographic keys and authentication. Furthermore, new protocols make adaptive user authentication easier as it is possible to combine several different factors in a single protocol. We give some examples of this and discuss the further potential of these methods.

[1]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[2]  Craig Gentry,et al.  Password authenticated key exchange using hidden smooth subgroups , 2005, CCS '05.

[3]  Sam Malek,et al.  A taxonomy and survey of self-protecting software systems , 2012, 2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[4]  B. Schneier Liars and Outliers: Enabling the Trust that Society Needs to Thrive , 2012 .

[5]  Mark Manulis,et al.  Modular Design and Analysis Framework for Multi-Factor Authentication and Key Exchange , 2012, IACR Cryptol. ePrint Arch..

[6]  Ronald Brown,et al.  Smart-M3 information sharing platform , 2010, The IEEE symposium on Computers and Communications.

[7]  Ladan Tahvildari,et al.  Self-adaptive software: Landscape and research challenges , 2009, TAAS.

[8]  Serge Egelman,et al.  It's not what you know, but who you know: a social approach to last-resort authentication , 2009, CHI.

[9]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[10]  Muthucumaru Maheswaran,et al.  Feasibility of a Socially Aware Authentication Scheme , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[11]  Andreas Uhl,et al.  A survey on biometric cryptosystems and cancelable biometrics , 2011, EURASIP J. Inf. Secur..

[12]  Matthias Baldauf,et al.  A survey on context-aware systems , 2007, Int. J. Ad Hoc Ubiquitous Comput..

[13]  Gerd Kortuem,et al.  Smart Sensing and Context, Second European Conference, EuroSSC 2007, Kendal, England, UK, October 23-25, 2007, Proceedings , 2007, EuroSSC.

[14]  Mohan Kumar,et al.  Pervasive and Mobile Computing ( ) – Pervasive and Mobile Computing Middleware for Pervasive Computing: a Survey , 2022 .

[15]  Dongho Won,et al.  Enhancement of two-factor authenticated key exchange protocols in public wireless LANs , 2010, Comput. Electr. Eng..

[16]  Reijo Savola,et al.  Development of Measurable Security for a Distributed Messaging System , 2010 .

[17]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[18]  Matthew K. Franklin,et al.  Anonymous authentication with subset queries (extended abstract) , 1999, CCS '99.

[19]  Sang Kyu Park,et al.  Two Factor Authenticated Key Exchange (TAKE) Protocol in Public Wireless LANs , 2004 .

[20]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[21]  Günther Pernul,et al.  Attribute-Based Authentication and Authorisation Infrastructures for E-Commerce Providers , 2006, EC-Web.

[22]  Frank Stajano,et al.  The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.

[23]  Marten van Sinderen,et al.  Quality-of-Context and its use for Protecting Privacy in Context Aware Systems , 2008, J. Softw..

[24]  Guanling Chen,et al.  A Survey of Context-Aware Mobile Computing Research , 2000 .

[25]  Aggelos Kiayias,et al.  Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings , 2011, CT-RSA.

[26]  Jon Whittle,et al.  A Survey of Approaches to Adaptive Application Security , 2007, International Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS '07).

[27]  Sean W. Smith,et al.  PEREA: towards practical TTP-free revocation in anonymous authentication , 2008, CCS.

[28]  Antti Evesti,et al.  Towards micro architecture for security adaptation , 2010, ECSA '10.

[29]  Feng Hao On robust key agreement based on public key authentication , 2014 .

[30]  David Pointcheval,et al.  Multi-factor Authenticated Key Exchange , 2008, ACNS.

[31]  Franco Zambonelli,et al.  Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber-physical convergence , 2012, Pervasive Mob. Comput..

[32]  Jani Suomalainen,et al.  Architecture and Knowledge-Driven Self-Adaptive Security in Smart Space , 2013, Comput..

[33]  A Min Tjoa,et al.  E-Commerce and Web Technologies , 2002, Lecture Notes in Computer Science.

[34]  Moti Yung,et al.  Fourth-factor authentication: somebody you know , 2006, CCS '06.

[35]  Tibor Jager,et al.  Generic Compilers for Authenticated Key Exchange , 2010, ASIACRYPT.

[36]  Moti Yung On the Evolution of User Authentication: Non-bilateral Factors , 2007, Inscrypt.

[37]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[38]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[39]  Fazl-e-Hadi,et al.  New Factor of Authentication: Something You Process , 2009, 2009 International Conference on Future Computer and Communication.

[40]  Li Zhou,et al.  Adaptive trust negotiation and access control , 2005, SACMAT '05.

[41]  Gabriele Lenzini,et al.  Context Sensitive Adaptive Authentication , 2007, EuroSSC.

[42]  James A. Landay,et al.  Modeling Privacy Control in Context-Aware Systems , 2002, IEEE Pervasive Comput..