Abstract
Multifactor authentication (MFA) is a growing trend for the accurate identification of the legitimate users through different modalities such as biometrics, nonbiometric, and cognitive behavior metric. In this paper, we have developed an adaptive MFA that considers the effects of different user devices, media, environments, and the frequency of authentication to detect the legitimate user. For this purpose, initially, we have evaluated the trustworthiness values of all the authentication modalities in different user devices and media using a nonlinear programming problem with probabilistic constraints. Finally, an evolutionary strategy, using fuzzy “IF–THEN” rule and genetic algorithm has been developed for the adaptive selection of authentication modalities. We have done a numerical simulation to prove the effectiveness and efficiency of the proposed method. Moreover, we have developed a prototype client–server-based application and have done a detailed user study to justify its better usability than the existing counterparts.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
JSON: Java Script Object Notation.
References
Abramson M, Aha DW (2013) User authentication from web browsing behavior. FLAIRS conference
Active Authentication, DARPA (2016) http://www.darpa.mil/program/active-authentication
Active Authentication, DARPA (2013) https://www.rsaconference.com/writable/presentations/file_upload/sec-t05_final.pdf
Brennan M, Afroz S, Greenstadt R (2012) Adversarial stylometry: circumventing authorship recognition to preserve privacy and anonymity. ACM Trans Inf Syst Secur (TISSEC) 15(3):12–22
Chatterjee S, Roy A (2014) Novel algorithms for web software fault prediction. Qual Reliab Eng Int (QREI). doi:10.1002/qre.1687
Chatterjee S, Roy A (2014b) Web software fault prediction under fuzzy environment using MODULO-M multivariate overlapping fuzzy clustering algorithm and newly proposed revised prediction algorithm. Appl Soft Comput 22:372–396
Chatterjee S, Singh JB, Roy A (2015) A structure-based software reliability allocation using fuzzy analytic hierarchy process. Int J Syst Sci 46(3):513–525
Dasgupta D (1999) Artificial immune systems and their applications. Springer, Berlin
Dasgupta D, McGregor DR (1993) sGA: A structured genetic algorithm. Department of Computer Science, University of Strathclyde, Glasgow
Dasgupta D, Roy A, Nag A (2016) Toward the design of adaptive selection strategies for multi-factor authentication. Comput Secur. doi:10.1016/j.cose.2016.09.0004
Davis L (1991) Handbook of genetic algorithms. Van Nostrand Reinhold, New York
Deb K, Pratap A, Agarwal S, Meyarivan TAMT (2002) A fast and elitist multi-objective genetic algorithm: NSGA-II. IEEE Trans Evol Comput 6:182–197
Deutschmann I, Lindholm J (2013) Behavioral biometrics for DARPA’s active authentication program. International conference of the biometrics special interest group (BIOSIG). IEEE, pp 1–8
Duc NM, Minh BQ (2009) Your face is NOT your password Face Authentication By—Passing Lenovo–Asus–Toshiba. Black Hat Briefings
Feng J, Jain AK (2011) Fingerprint reconstruction: from minutiae to phase. IEEE Trans Pattern Anal Mach Intell 33(2):209–223
Gomez J, Dasgupta D, Gonzalez F (2003a) Detecting cyber attackswith fuzzy data mining techniques. In: Proceedings of the third SIAMinternational conference on data mining, pp 1–4
Gomez J, Dasgupta D, Nasraoui O, Gonzalez F (2003b) Complete expression trees for evolving fuzzy classifier systems with genetic algorithms and application to network intrusion detection . In: Proceedings of the North American fuzzy information processing society (NAFIPS), pp 469–474
Gomez J, Gonzalez F, Dasgupta D (2003c) An immune-fuzzy approach to anomaly detection. In: Proceedings of the twelfth IEEE international conference on fuzzy systems (FUZZIEEE), pp 1219–1224
González F, Gómez J, Kaniganti M, Dasgupta D (2003) An evolutionary approach to generate fuzzy anomaly signatures. In: Proceedings of the fourth annual ieee information assurance workshop. West Point, New York, pp 251–259
Guidorizzi RP (2003) Security: active authentication. IT Prof 15:4–7
Guntti D, Picardi C (2005) Keystroke analysis of free text. ACM Trans Inf Syst Secur 8:312–347
Hwang S, Lee H, Cho S (2006) Improving authentication accuracy of unfamiliar passwords with pauses and cues for keystroke dynamics-based authentication. In: Chen H, Wang FY, Yang CC, Zeng D, Chau M, Chang K (eds) Intelligence and security informatics. Lecture Notes in Computer Science, vol 3917. Springer, Berlin, Heidelberg, pp 73–78
Jain AK, Feng J, Nandakumar K (2010) Fingerprint matching. Computer 43:36–44
Jain AK, Hong L, Pankanti S, Bolle R (1997) An identity authentication system using fingerprints. Proc. IEEE 85(9):1365–1388
Kang H, Slezak D (2010) Security technology. Disaster recovery and business continuity. Springer, Berlin
Kang J, Nyang D, Lee K (2014) Two-factor face authentication using matrix permutation transformation and a user password. Inf Sci 269:1–20
Kaufmann A (1975) Introduction to the theory of fuzzy subsets. Academic Press, London
Lin IC, Chang CC (2009) A countable and time-bound password-based user authentication scheme for the applications of electronic commerce. Inf Sci 179:1269–1277
Locklear H, Sitova Z, Govindarajan S, Goodkind A, Brizan DG, Gasti P (2014) Continuous authentication with cognition-centric text production and revision features. Presented at the international joint conference on biometrics (IJCB), Clearwater
Lucas B, Kanade T (1981) An integrative image registration technique with an application in stereo vision. In: Proceedings of the 7th international joint conference on artificial intelligence, pp 674–679
Luenberger DG, Ye Y (2008) Linear and nonlinear programming. Springer, Stanford
Mamdani EH (1977) Application of fuzzy logic to approximate reasoning using linguistic synthesis. IEEE Trans Comput C–26:1182–1191
Melanie M (1999) An introduction to genetic algorithms. MIT Press, Cambridge
Nag A, Roy A, Dasgupta D (2015) An adaptive approach towards the selection of multi-factor authentication. In: 2015 IEEE symposium series on computational intelligence, pp 463–472
Parziale G, Chen Y (2009) Advanced technologies for touchless fingerprint recognition. In: Tistarelli M, Li SZ, Chellappa R (eds) Handbook of Remote Biometrics, ser. Advances in Pattern Recognition, Springer, London, pp 83–109
Patel VM, Yeh T, Fathy ME, Zhang Y, Chen Y, Chellappa R, Davis L (2013) Screen fingerprints: a novel modality for active authentication. IT Prof 15(4):38–42
Primo A, Phoha VV, Kumar R, Serwadda A (2014) Context-aware active authentication using smartphone accelerometer measurements. In: IEEE conference on computer vision and pattern recognition (CVPR) workshops
Razzaq A, Latif K, Ahmad HF, Hur A, Anwar Z, Bloodsworth PC (2014) Semantic security against web application attacks. Inf Sci 254:19–38
Ross TJ (2010) Fuzzy logic and engineering applications. Wiley, New Delhi
Roy A (2015) A novel multivariate fuzzy time series based forecasting algorithm incorporating the effect of clustering on prediction. Soft Comput. doi:10.1007/s00500-015-1619-3
Single-factor authentication (SFA) (2015). http://searchsecurity.techtarget.com/definition/single-factor-authentication-SFA
Serwadda A, Wang Z, Koch P, Govindarajan S, Pokala R, Goodkind A (2013) Scan-based evaluation of continuous keystroke authentication systems. IEEE IT Prof 15:20–23
Stewart JC, Monaco JV, Cha SH, Tappert CC (2011) An investigation of keystroke and Stylometry traits for authenticating online test takers. In: International joint conference on biometrics (IJCB). IEEE, pp 1–7
Tanaka K (1996) An introduction to fuzzy logic for practical applications. Springer, Berlin
Tian Y, Kanade T, Cohn J (2000) Robust lip tracking by combining shape, color, and motion. In: Proceedings of ACCV’2000, pp 1040–1045
Tian YL, Kanade T, Cohn JF (2001)Recognizing facial actions by combining geometric features and regional appearance patterns. Robotics Institute, Carnegie Mellon University, Pittsburgh, PA 15213, CMU-RI-TR-01-01, CMU
Vielhauer C (2006) Biometric user authentication for IT security. Springer, Berlin
Zadeh LA (1975) The concept of linguistic variable and its application to approximate reasoning, parts 1–3. Inform Sci 8(3):199–249, 301–357, 9:43–80
Zi J, Dasgupta D (2009) V-detector: an efficient negative selection algorithm with “probably adequate” detector coverage. Inf Sci 179:1390–1406
Zimmermann HJ (1996) Fuzzy set theory and its applications. Allied, New Delhi
Acknowledgements
The authors are also thankful to The University of Memphis, TN, USA and the National University of Singapore (NUS) for providing all the necessary supports to continue this research work. The authors are also thankful to the extremely learned reviewers for their valuable suggestions for the improvement of the paper.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
Author Dr. Arunava Roy declares that he has no conflict of interest. Author Prof. Dipankar Dasgupta declares that he has no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Roy, A., Dasgupta, D. A fuzzy decision support system for multifactor authentication. Soft Comput 22, 3959–3981 (2018). https://doi.org/10.1007/s00500-017-2607-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-017-2607-6