skip to main content
10.1145/2675682.2676400acmconferencesArticle/Chapter ViewAbstractPublication PagesgisConference Proceedingsconference-collections
research-article

A spatial entropy-based approach to improve mobile risk-based authentication

Published: 04 November 2014 Publication History

Abstract

The research presented in this paper develops a novel approach for a risk-based authentication system that takes into account mobile user movement patterns. Inspired by the concept of Shannon's information theory, we introduce a variant version of spatial entropy vectors embedded with time information as a mathematical modeling tool to evaluate regular movement patterns, and spatial entropy vectors derived from user movements range and paces. To support the approach, several algorithms have been designed and implemented. A prototype iPhone application was developed as a proof-of-concept, user movement data has been collected over a predetermined timeframe by accumulating, merging, and saving spatial entropy vectors in a database on the application. The application simulates risk-based authentication by calculating risk factors based on the similarity between current spatial entropy vectors calculated on demand, and historical distributions of movement patterns. Data collected on the field shows that the risk factor is relatively low for similar moving patterns, while different patterns can yield a higher risk factor. Rather than modeling this process by directly storing GPS location data with complicated path-matching algorithms, the spatial entropy model developed uses sampled location data, but does not keep it, preserving user privacy. Practical applications can be used, for example, to adjust fingerprint authentication threshold in iPhone when combining with the risk factor calculated in real time.

References

[1]
Aftab, Cheung, Kim, Thakkar, & Yeddnapudi. (2001). Information Theory And the Digital Age. (Final Paper): mit.edu/6.933/www/Fall2001/Shannon2.pdf
[2]
Blazquez, C. A. (2012). A Decision-Rule Topological Map-Matching Algorithm with Multiple Spatial Data. Global Navigation Satellite Systems: Signal, Theory and Applications, S. Jin (Ed.), InTech.
[3]
Chen, Y., & Liginlal, D. (2008). A Maximum Entropy Approach To Feature Selection In Knowledge-based Authentication. Decision Support Systems, 46(1), 388--398.
[4]
Claramunt, C. (2012). Towards a Spatio-temporal Form of Entropy, S. Castano et al.(Eds.): ER workshops 2012, LNCS 7518, pp. 221--230.
[5]
EMC Corporation. (2013). Using a Risk-Based Approach to Address a Changing Threat Landscape {White paper}: https://store.emc.com
[6]
Jobanputra, N., Kulkarni, V., Rao, D., & Gao, J. (2009). Emerging Security Technologies for Mobile User Accesses. Electronic Journal for Emerging Tools & Applications, 2(4), 10--21.
[7]
Kuseler, T. & Lami, I. A. (2012), Using Geographical Location as an Authentication Factor to Enhance mCommerce on Smart Phones, International Journal of Computer Science and Security, 6(4), 277--287.
[8]
MacKay, D. J. (2003). Probability, Entropy, and Inference. Information Theory, Inference, and Learning Algorithms (pp. 22--46). Cambridge, UK: Cambridge University Press.
[9]
Miller, H. J. (2004). Tobler's First Law and Spatial Analysis. Annals of the Association of American Geographers, 94(2), 284--289.
[10]
Mujeye, S., & Levy, Y. (2013). Complex Passwords: How Far Is Too Far? The Role of Cognitive Load on Employee Productivity. Online Journal of Applied Knowledge Management, 1(1), 122--132.
[11]
Mulliner, C. R. (2006). Security of Smart Phones. (Master's Thesis), University of California, Sanata Barbara.
[12]
Pastzo, V., Tucek, P., & Vozenielk, V. (2009). On Spatial Entropy in Geographical Data. GIS Ostrava, 1(1), 1--1.
[13]
Pew Research Center. (2013). Smartphone Ownership -- 2013 Update. Washington, DC: Aaron Smith.
[14]
Rider, M. (2012, September 28). Are passwords getting too complex? - New York Computer Security. Examiner.com.
[15]
Roberts, S., Guilford, T., Rezek, I., & Biro, D. (2004). Positional Entropy during Pigeon Homing I: Application of Bayesian Latent State Modeling. Journal of Theoretical Biology, 227(1), 39--50.
[16]
Ruffolo, R. (2011). Password policies are getting too complex: Symantec. IT World Canada Information Technology.
[17]
Shannon, C. E., Weaver, W., & Wiener, N. (1950). The Mathematical Theory of Communication. Physics Today, 3(9), 31.
[18]
Terdiman, D. (2013). Google security exec: 'Passwords are dead'. Technology News - CNET News.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
GeoPrivacy '14: Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis
November 2014
55 pages
ISBN:9781450331340
DOI:10.1145/2675682
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Shannon's information theory
  2. mobile security
  3. multi-factor authentication
  4. risk-based authentication
  5. spatial entropy

Qualifiers

  • Research-article

Conference

SIGSPATIAL '14
Sponsor:

Acceptance Rates

GeoPrivacy '14 Paper Acceptance Rate 5 of 8 submissions, 63%;
Overall Acceptance Rate 5 of 8 submissions, 63%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)11
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)RLAuth: A Risk-Based Authentication System Using Reinforcement LearningIEEE Access10.1109/ACCESS.2023.328637611(61129-61143)Online publication date: 2023
  • (2022)Risk-Based AuthenticationHandbook of Research on Mathematical Modeling for Smart Healthcare Systems10.4018/978-1-6684-4580-8.ch009(154-179)Online publication date: 24-Jun-2022
  • (2019)A Survey on Adaptive AuthenticationACM Computing Surveys10.1145/333611752:4(1-30)Online publication date: 11-Sep-2019
  • (2016)Generic RAID reassembly using block-level entropyDigital Investigation: The International Journal of Digital Forensics & Incident Response10.1016/j.diin.2016.01.00716:S(S44-S54)Online publication date: 29-Mar-2016
  • (2015)Authentication User's PrivacyWireless Personal Communications: An International Journal10.1007/s11277-015-2300-y82:3(1585-1600)Online publication date: 1-Jun-2015

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media