Dynamic combination of authentication factors based on quantified risk and benefit

Han, Weili; Sun, Chen; Shen, Chenguang; Chang, Lei; Shen, Sean

doi:10.1002/sec.729

Cited by 4 publications

(6 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An analysis about risks in cloud environments is also presented in [46] which considers business level objectives (BLOs) of the organizations to make decisions about treatment of identified risks. Furthermore, in [47] a method to combine multiple authentication factors in an online banking system is proposed. That method called QSBAF (Quantified riSk and Benefit adaptive Authentication Factors) considers quantified risk and benefit of access, which are measured according to historical data.…”

Section: Related Workmentioning

confidence: 99%

Dynamic counter-measures for risk-based access control systems: An evolutive approach

Díaz-López

Dólera-Tormo

Mármol³

et al. 2016

Future Generation Computer Systems

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Dynamic counter-measures for risk-based access control systems: An evolutive approach

Díaz-López

Dólera-Tormo

Mármol³

et al. 2016

Future Generation Computer Systems

View full text Add to dashboard Cite

“…In recent years, some domain-specific risk-based user authentication systems were proposed to secure various applications. The authors in [4] proposed a risk engine based on a fuzzy inference system for online banking that considers the cost and benefits of each action. The authors of [7] proposed a risk engine based on fuzzy logic applicable to energy management tasks in smart homes.…”

Section: Related Work a Risk-based Authentication Systemsmentioning

confidence: 99%

“…Other works rely on static components like reauthentication methods or methods based on static contextual values [8], [18], [28]. Finally, most authors did not integrate mobile deployment in their design, leading to greater delays of authentication and privacy issues added by network communication [4], [27].…”

Section: Introductionmentioning

confidence: 99%

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

Picard¹,

Pierre²

2023

IEEE Access

View full text Add to dashboard Cite

Conventional authentication systems, that are used to protect most modern mobile applications, are faced with usability and security problems related to their static and one-shot nature. Indeed, one-shot authentication mechanisms challenge the user at the beginning of a session leaving them vulnerable to attacks on lost/stolen devices or session hijacking. In addition, static authentication mechanisms always use the same challenges to authenticate the user without considering the dynamic nature of the risk related to the authentication context. To mitigate these challenges, we propose RLAuth, a risk-based authentication system that can automatically adapt the level of challenge presented to the user on each authentication request based on the current context. RLAuth is based on binary anomaly detection, which is solved using a deep reinforcement learning agent that acts as the classifier. To cope with the high class imbalance in the anomaly detection problem, we propose to use a balanced sampling technique during experience replay and an imbalanced correction factor during reward computation. We evaluate RLAuth on a public dataset using the G-mean metric which is the square root of the product of sensitivity with specificity. This metric is efficient to measure the classification performance of a model under class imbalance since it does not overfit to the majority class. Finally, RLAuth obtained a G-Mean of 92.62%. In addition, the reinforcement learning agent can be trained offline for acceptable results in about 130 s and can then be periodically retrained to improve its performance over time.

show abstract

“…Han et Al. [50] also combined different authentication factors based on risk and benefit policies. An adaptive mechanism was followed which is ordered with historical data to measure risk and benefit.…”

Section: Cdhpmentioning

confidence: 99%

“…Browser extensions such as PwdHash is an example of such types[33]. ,[47][48][49][50][51][52][53][54][55][56][57][58][59][60][61] of third party attacks[58]. Password meters transmit the password information to the third party websites via JavaScript.…”

mentioning

confidence: 99%

A Critical appraisal on Password based Authentication

Kaur¹,

Mustafa²

2019

IJCNIS

View full text Add to dashboard Cite

There is no doubt that, even after the development of many other authentication schemes, passwords remain one of the most popular means of authentication. A review in the field of password based authentication is addressed, by introducing and analyzing different schemes of authentication, respective advantages and disadvantages, and probable causes of the 'very disconnect' between user and password mechanisms. The evolution of passwords and how they have deep-rooted in our life is remarkable. This paper addresses the gap between the user and industry perspectives of password authentication, the state of art of password authentication and how the most investigated topic in password authentication changed over time. The author's tries to distinguish password based authentication into two levels 'User Centric Design Level' and the 'Machine Centric Protocol Level' under one framework. The paper concludes with the special section covering the ways in which password based authentication system can be strengthened on the issues which are currently holding-in the password based authentication.

show abstract

Dynamic combination of authentication factors based on quantified risk and benefit

Cited by 4 publications

References 22 publications

Dynamic counter-measures for risk-based access control systems: An evolutive approach

Dynamic counter-measures for risk-based access control systems: An evolutive approach

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

A Critical appraisal on Password based Authentication

Contact Info

Product

Resources

About