ABSTRACT
The research presented in this paper develops a novel approach for a risk-based authentication system that takes into account mobile user movement patterns. Inspired by the concept of Shannon's information theory, we introduce a variant version of spatial entropy vectors embedded with time information as a mathematical modeling tool to evaluate regular movement patterns, and spatial entropy vectors derived from user movements range and paces. To support the approach, several algorithms have been designed and implemented. A prototype iPhone application was developed as a proof-of-concept, user movement data has been collected over a predetermined timeframe by accumulating, merging, and saving spatial entropy vectors in a database on the application. The application simulates risk-based authentication by calculating risk factors based on the similarity between current spatial entropy vectors calculated on demand, and historical distributions of movement patterns. Data collected on the field shows that the risk factor is relatively low for similar moving patterns, while different patterns can yield a higher risk factor. Rather than modeling this process by directly storing GPS location data with complicated path-matching algorithms, the spatial entropy model developed uses sampled location data, but does not keep it, preserving user privacy. Practical applications can be used, for example, to adjust fingerprint authentication threshold in iPhone when combining with the risk factor calculated in real time.
- Aftab, Cheung, Kim, Thakkar, & Yeddnapudi. (2001). Information Theory And the Digital Age. (Final Paper): mit.edu/6.933/www/Fall2001/Shannon2.pdfGoogle Scholar
- Blazquez, C. A. (2012). A Decision-Rule Topological Map-Matching Algorithm with Multiple Spatial Data. Global Navigation Satellite Systems: Signal, Theory and Applications, S. Jin (Ed.), InTech.Google Scholar
- Chen, Y., & Liginlal, D. (2008). A Maximum Entropy Approach To Feature Selection In Knowledge-based Authentication. Decision Support Systems, 46(1), 388--398. Google ScholarDigital Library
- Claramunt, C. (2012). Towards a Spatio-temporal Form of Entropy, S. Castano et al.(Eds.): ER workshops 2012, LNCS 7518, pp. 221--230. Google ScholarDigital Library
- EMC Corporation. (2013). Using a Risk-Based Approach to Address a Changing Threat Landscape {White paper}: https://store.emc.comGoogle Scholar
- Jobanputra, N., Kulkarni, V., Rao, D., & Gao, J. (2009). Emerging Security Technologies for Mobile User Accesses. Electronic Journal for Emerging Tools & Applications, 2(4), 10--21.Google Scholar
- Kuseler, T. & Lami, I. A. (2012), Using Geographical Location as an Authentication Factor to Enhance mCommerce on Smart Phones, International Journal of Computer Science and Security, 6(4), 277--287.Google Scholar
- MacKay, D. J. (2003). Probability, Entropy, and Inference. Information Theory, Inference, and Learning Algorithms (pp. 22--46). Cambridge, UK: Cambridge University Press.Google Scholar
- Miller, H. J. (2004). Tobler's First Law and Spatial Analysis. Annals of the Association of American Geographers, 94(2), 284--289.Google ScholarCross Ref
- Mujeye, S., & Levy, Y. (2013). Complex Passwords: How Far Is Too Far? The Role of Cognitive Load on Employee Productivity.. Online Journal of Applied Knowledge Management, 1(1), 122--132.Google Scholar
- Mulliner, C. R. (2006). Security of Smart Phones. (Master's Thesis), University of California, Sanata Barbara.Google Scholar
- Pastzo, V., Tucek, P., & Vozenielk, V. (2009). On Spatial Entropy in Geographical Data. GIS Ostrava, 1(1), 1--1.Google Scholar
- Pew Research Center. (2013). Smartphone Ownership -- 2013 Update. Washington, DC: Aaron Smith.Google Scholar
- Rider, M. (2012, September 28). Are passwords getting too complex? - New York Computer Security. Examiner.com.Google Scholar
- Roberts, S., Guilford, T., Rezek, I., & Biro, D. (2004). Positional Entropy during Pigeon Homing I: Application of Bayesian Latent State Modeling. Journal of Theoretical Biology, 227(1), 39--50.Google ScholarCross Ref
- Ruffolo, R. (2011). Password policies are getting too complex: Symantec. IT World Canada Information Technology.Google Scholar
- Shannon, C. E., Weaver, W., & Wiener, N. (1950). The Mathematical Theory of Communication. Physics Today, 3(9), 31.Google ScholarCross Ref
- Terdiman, D. (2013). Google security exec: 'Passwords are dead'. Technology News - CNET News.Google Scholar
Index Terms
- A spatial entropy-based approach to improve mobile risk-based authentication
Recommendations
Spatial entropy for biodiversity and environmental data: The R-package SpatEntropy
AbstractEntropy measures are standard tools in environmental and ecological sciences to describe the heterogeneity of data. This paper reviews a selection of spatial entropy indices, some of which are very recent, suitable to deal with spatial ...
Highlights- Environmental studies need spatial entropy measure and suitable software.
- The R ...
Spatial entropy-based clustering for mining data with spatial correlation
PAKDD'11: Proceedings of the 15th Pacific-Asia conference on Advances in knowledge discovery and data mining - Volume Part IDue to the inherent characteristics of spatial datasets, spatial clustering methods need to consider spatial attributes, nonspatial attributes and spatial correlation among non-spatial attributes across space. However, most existing spatial clustering ...
Dimensions of Risk in Mobile Applications: A User Study
CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and PrivacyMobile platforms, such as Android, warn users about the permissions an app requests and trust that the user will make the correct decision about whether or not to install the app. Unfortunately many users either ignore the warning or fail to understand ...
Comments