RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

Picard, Catherine; Pierre, Samuel

doi:10.1109/access.2023.3286376

IEEE Access

2023

DOI: 10.1109/access.2023.3286376

|View full text |Cite

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

Catherine Picard¹,

Samuel Pierre²

Abstract: Conventional authentication systems, that are used to protect most modern mobile applications, are faced with usability and security problems related to their static and one-shot nature. Indeed, one-shot authentication mechanisms challenge the user at the beginning of a session leaving them vulnerable to attacks on lost/stolen devices or session hijacking. In addition, static authentication mechanisms always use the same challenges to authenticate the user without considering the dynamic nature of the risk rel… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 51 publications

(74 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

Prototyping a Secure and Usable User Authentication Mechanism for Mobile Passenger ID Devices for Land/Sea Border Control

Papaioannou,

Zachos,

Mantas

et al. 2024

Sensors

View full text Add to dashboard Cite

As the number of European Union (EU) visitors grows, implementing novel border control solutions, such as mobile devices for passenger identification for land and sea border control, becomes paramount to ensure the convenience and safety of passengers and officers. However, these devices, handling sensitive personal data, become attractive targets for malicious actors seeking to misuse or steal such data. Therefore, to increase the level of security of such devices without interrupting border control activities, robust user authentication mechanisms are essential. Toward this direction, we propose a risk-based adaptive user authentication mechanism for mobile passenger identification devices for land and sea border control, aiming to enhance device security without hindering usability. In this work, we present a comprehensive assessment of novelty and outlier detection algorithms and discern OneClassSVM, Local Outlier Factor (LOF), and Bayesian_GaussianMixtureModel (B_GMM) novelty detection algorithms as the most effective ones for risk estimation in the proposed mechanism. Furthermore, in this work, we develop the proposed risk-based adaptive user authentication mechanism as an application on a Raspberry Pi 4 Model B device (i.e., playing the role of the mobile device for passenger identification), where we evaluate the detection performance of the three best performing novelty detection algorithms (i.e., OneClassSVM, LOF, and B_GMM), with B_GMM surpassing the others in performance when deployed on the Raspberry Pi 4 device. Finally, we evaluate the risk estimation overhead of the proposed mechanism when the best performing B_GMM novelty detection algorithm is used for risk estimation, indicating efficient operation with minimal additional latency.

show abstract

Prototyping a Secure and Usable User Authentication Mechanism for Mobile Passenger ID Devices for Land/Sea Border Control

Papaioannou,

Zachos,

Mantas

et al. 2024

Sensors

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

RLAuth: A Risk-Based Authentication System Using Reinforcement Learning

Cited by 1 publication

References 51 publications

Prototyping a Secure and Usable User Authentication Mechanism for Mobile Passenger ID Devices for Land/Sea Border Control

Prototyping a Secure and Usable User Authentication Mechanism for Mobile Passenger ID Devices for Land/Sea Border Control

Contact Info

Product

Resources

About