Biblio
Filters: Keyword is risk-based authentication [Clear All Filters]
.
2021. Privacy Considerations for Risk-Based Authentication Systems. 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :320—327.
Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor authentication and just as secure. However, users currently obtain RBA’s high security and usability benefits at the cost of exposing potentially sensitive personal data (e.g., IP address or browser information). This conflicts with user privacy and requires to consider user rights regarding the processing of personal data. We outline potential privacy challenges regarding different attacker models and propose improvements to balance privacy in RBA systems. To estimate the properties of the privacy-preserving RBA enhancements in practical environments, we evaluated a subset of them with long-term data from 780 users of a real-world online service. Our results show the potential to increase privacy in RBA solutions. However, it is limited to certain parameters that should guide RBA design to protect privacy. We outline research directions that need to be considered to achieve a widespread adoption of privacy preserving RBA with high user acceptance.
.
2021. AI-Assisted Risk Based Two Factor Authentication Method (AIA-RB-2FA). 2021 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES). :1—5.
Authentication, forms an important step in any security system to allow access to resources that are to be restricted. In this paper, we propose a novel artificial intelligence-assisted risk-based two-factor authentication method. We begin with the details of existing systems in use and then compare the two systems viz: Two Factor Authentication (2FA), Risk-Based Two Factor Authentication (RB-2FA) with each other followed by our proposed AIA-RB-2FA method. The proposed method starts by recording the user features every time the user logs in and learns from the user behavior. Once sufficient data is recorded which could train the AI model, the system starts monitoring each login attempt and predicts whether the user is the owner of the account they are trying to access. If they are not, then we fallback to 2FA.
.
2019. Multi-Factor Authentication Modeling. 2019 9th International Conference on Advanced Computer Information Technologies (ACIT). :443–446.
The work defines a multi-factor authentication model in case the application supports multiple authentication factors. The aim of this modeling is to find acceptable authentication methods sufficient to access specifically qualified information. The core of the proposed model is risk-based authentication. Results of simulations of some key scenarios often used in practice are also presented.