Pick location security: Seamless integrated multi-factor authentication

Ramatsakane, Kobosa Icconies; Leung, Wai Sze

doi:10.23919/istafrica.2017.8102391

Cited by 6 publications

(4 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to the three classical factors, somewhere you are or location may be counted as the fourth factor ( Choi & Zage, 2012 ). Low-cost locators such as Bluetooth and GPS can be implemented to track or locate a user physically while authenticating ( Ramatsakane & Leung, 2017 ).…”

Section: Related Workmentioning

confidence: 99%

Usable comprehensive-factor authentication for a secure time attendance system

Vorakulpipat

Pichetjamroen

Rattanalerdnusorn

2021

PeerJ Computer Science

View full text Add to dashboard Cite

In information security, it is widely accepted that the more authentication factors are used, the higher the security level. However, more factors cannot guarantee usability in real usage because human and other non-technical factors are involved. This paper proposes the use of all possible authentication factors, called comprehensive-factor authentication, which can maintain the required security level and usability in real-world implementation. A case study of an implementation of a secure time attendance system that applies this approach is presented. The contribution of this paper is therefore to provide a security scheme seamlessly integrating all classical authentication factors plus a location factor into one single system in a real environment with a security and usability focus. Usability factors emerging from the study are related to a seamless process including the least number of actions required, the lowest amount of time taken, health safety during the pandemic, and data privacy compliance.

show abstract

Section: Related Workmentioning

confidence: 99%

Usable comprehensive-factor authentication for a secure time attendance system

Vorakulpipat

Pichetjamroen

Rattanalerdnusorn

2021

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…Common also is adding physical location to the authentication through definitions of geofences, such as a defined "home" location. Ramatsakane et al [33] utilized location for improving accuracy of identity determination for authentication purposes.…”

Section: Introductionmentioning

confidence: 99%

Risk-aware Fine-grained Access Control in Cyber-physical Contexts

et al. 2022

View full text Add to dashboard Cite

Access to resources by users may need to be granted only upon certain conditions and contexts, perhaps particularly in cyber-physical settings. Unfortunately, creating and modifying context-sensitive access control solutions in dynamic environments creates ongoing challenges to manage the authorization contexts. This paper proposes RASA, a context-sensitive access authorization approach and mechanism leveraging unsupervised machine learning to automatically infer risk-based authorization decision boundaries. We explore RASA in a healthcare usage environment, wherein cyber and physical conditions create context-specific risks for protecting private health information. The risk levels are associated with access control decisions recommended by a security policy. A coupling method is introduced to track coexistence of the objects within context using frequency and duration of coexistence, and these are clustered to reveal sets of actions with common risk levels; these are used to create authorization decision boundaries. In addition, we propose a method for assessing the risk level and labelling the clusters with respect to their corresponding risk levels. We evaluate the promise of RASA-generated policies against an heuristic rule-based policy. By employing three different coupling features (frequency-based, duration-based, and combined features), the decisions of the unsupervised method and that of the policy are more than 99% consistent.

show abstract

“…MFA thus offers security enhancement that allows a user to present two or more pieces of authentication credential when logging in to any account. This can range from something you know (password or PIN), something you have (smart card), or something you are (fingerprint) [ 17 , 18 ]. However, the latest MFA solutions incorporate additional factors which can consider context and behavior when authenticating a user—for instance, the location when logging in, attempted log-in time (such as late at night, for instance), the device being used (either a smartphone or a laptop), as well as the network being used to access (either private, public, or designated IP address range).…”

Section: Introductionmentioning

confidence: 99%

“…The username and password authentication process is the most popular means, despite their security flaws because they are easy to implement and allows the user quick entry to the system. They can be implemented with less computational complexity, speed, and scalability [ 17 ]. Additional devices are required to implement an MFA, which could be expensive, and more computational complexity will be required, which also increases processing time.…”

Section: Introductionmentioning

confidence: 99%

A Blockchain-Based Multi-Factor Authentication Model for a Cloud-Enabled Internet of Vehicles

Kebande

Awaysheh

Ikuesan

et al. 2021

Sensors

View full text Add to dashboard Cite

Continuous and emerging advances in Information and Communication Technology (ICT) have enabled Internet-of-Things (IoT)-to-Cloud applications to be induced by data pipelines and Edge Intelligence-based architectures. Advanced vehicular networks greatly benefit from these architectures due to the implicit functionalities that are focused on realizing the Internet of Vehicle (IoV) vision. However, IoV is susceptible to attacks, where adversaries can easily exploit existing vulnerabilities. Several attacks may succeed due to inadequate or ineffective authentication techniques. Hence, there is a timely need for hardening the authentication process through cutting-edge access control mechanisms. This paper proposes a Blockchain-based Multi-Factor authentication model that uses an embedded Digital Signature (MFBC_eDS) for vehicular clouds and Cloud-enabled IoV. Our proposed MFBC_eDS model consists of a scheme that integrates the Security Assertion Mark-up Language (SAML) to the Single Sign-On (SSO) capabilities for a connected edge to cloud ecosystem. MFBC_eDS draws an essential comparison with the baseline authentication scheme suggested by Karla and Sood. Based on the foundations of Karla and Sood’s scheme, an embedded Probabilistic Polynomial-Time Algorithm (ePPTA) and an additional Hash function for the Pi generated during Karla and Sood’s authentication were proposed and discussed. The preliminary analysis of the proposition shows that the approach is more suitable to counter major adversarial attacks in an IoV-centered environment based on the Dolev–Yao adversarial model while satisfying aspects of the Confidentiality, Integrity, and Availability (CIA) triad.

show abstract

Pick location security: Seamless integrated multi-factor authentication

Cited by 6 publications

References 4 publications

Usable comprehensive-factor authentication for a secure time attendance system

Usable comprehensive-factor authentication for a secure time attendance system

Risk-aware Fine-grained Access Control in Cyber-physical Contexts

A Blockchain-Based Multi-Factor Authentication Model for a Cloud-Enabled Internet of Vehicles

Contact Info

Product

Resources

About