Abstract
Adaptive Authentication allows a system to dynamically select the best mechanism(s) for authenticating a user depending on contextual factors, such as location, proximity to devices, and other attributes. Though this technology has the potential to change the current password-dominated authentication landscape, research to date has not led to practical solutions that transcend to our daily lives. Motivated to find out how to improve adaptive authentication design, we provide a structured survey of the existing literature to date and analyze it to identify and discuss current research challenges and future directions.
- Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12 (Dec. 1999), 40--46. Google ScholarDigital Library
- Jalal Al-Muhtadi, Anand Ranganathan, Roy Campbell, and M. Dennis Mickunas. 2003. Cerberus: A context-aware security scheme for smart spaces. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’03). 489--496. Google ScholarDigital Library
- Nora Alkaldi and Karen Renaud. 2016. Why do people adopt, or reject, smartphone password managers? In Proceedings of the IEEE European Symposium on Security and Privacy (EuroUSEC’16).Google ScholarCross Ref
- Abdulaziz Alzubaidi and Jugal Kalita. 2016. Authentication of smartphone users using behavioral biometrics. IEEE Commun. Sur. Tut. 18, 3 (2016), 1998--2026.Google ScholarDigital Library
- Patricia Arias-Cabarcos, Florina Almenarez, Ruben Trapero, Daniel Diaz-Sanchez, and Andres Marin. 2015. Blended identity: Pervasive IdM for continuous authentication. IEEE Secur. Privacy 13, 3 (2015), 32--39.Google ScholarDigital Library
- Patricia Arias-Cabarcos and Christian Krupitzer. 2017. On the design of distributed adaptive authentication systems. In Proceedings of the WAY Symposium on Usable Privacy and Security (SOUPS’17).Google Scholar
- Shiori Arimura, Masahiro Fujita, Shinya Kobayashi, Junya Kani, Masakatsu Nishigaki, and Akira Shiba. 2014. i/k-Contact: A context-aware user authentication using physical social trust. In Proceedings of the 12th IEEE Annual Conference on Privacy, Security, and Trust (PST’14). 407--413.Google ScholarCross Ref
- Khairul Azmi Abu Bakar and Galoh Rashidah Haron. 2013. Adaptive authentication: Issues and challenges. In Proceedings of the World Congress on Computer and Information Technology (WCCIT’13). IEEE, 1--6.Google Scholar
- Khairul Azmi Abu Bakar and Galoh Rashidah Haron. 2014. Adaptive authentication based on analysis of user behavior. In Proceedings of the IEEE Science and Information Conference (SAI’14). 601--606.Google ScholarCross Ref
- Dirk Balfanz, Alexei Czeskis, Jeff Hodges, J. C. Jones, Michael B. Jones, Akshay Kumar, Angelo Liao, Rolf Lindemann, and Emil Lundberg. 2018. Web Authentication: An API for accessing Public Key Credentials Level 1. W3C Candidate Recommendation.Google Scholar
- Jakob E. Bardram, Rasmus E. Kjær, and Michael Ø. Pedersen. 2003. Context-aware user authentication--supporting proximity-based login in pervasive computing. In Proceedings of the International Conference on Ubiquitous Computing. 107--123.Google ScholarCross Ref
- Abigail Barr. 1999. Familiarity and trust: An experimental investigation. The Centre for the Study of African Economies Working Paper Series. 107.Google Scholar
- Marco Barreno, Blaine Nelson, Anthony D. Joseph, and J. Doug Tygar. 2010. The security of machine learning. Mach. Learn. 81, 2 (2010), 121--148. Google ScholarDigital Library
- Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. Doug Tygar. 2006. Can machine learning be secure? In Proceedings of the ACM Symposium on Information, Computer, and Communications Security. ACM, 16--25. Google ScholarDigital Library
- Sagar Behere and Martin Törngren. 2016. A functional reference architecture for autonomous driving. Info. Software Technol. 73 (2016), 136--150. Google ScholarDigital Library
- Nelly Bencomo, Paul Grace, Carlos Flores, Danny Hughes, and Gordon Blair. 2008. Genie: Supporting the model driven development of reflective, component-based adaptive systems. In Proceedings of the ACM International Conference on Software Engineering (ICSE’08). 811--814. Google ScholarDigital Library
- Claudio Bettini, Oliver Brdiczka, Karen Henricksen, Jadwiga Indulska, Daniela Nicklas, Anand Ranganathan, and Daniele Riboni. 2010. A survey of context modelling and reasoning techniques. Pervas. Mobile Comput. 6, 2 (2010), 161--180. Google ScholarDigital Library
- Technical Committee: ISO/IEC JTC 1/SC 37 Biometrics. 2018. ISO/IEC 19784-1:2018 Information technology—Biometric application programming interface—Part 1: BioAPI specification. Retrieved from https://www.iso.org/standard/70866.html.Google Scholar
- Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the IEEE Symposium on Security and Privacy. 553--567. Google ScholarDigital Library
- Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2015. Passwords and the evolution of imperfect authentication. Commun. ACM 58, 7 (June 2015), 78--87. Google ScholarDigital Library
- Patrick Bours and Soumik Mondal. 2015. Performance evaluation of continuous authentication systems. IET Biometrics 4, 4 (2015), 220--226.Google ScholarCross Ref
- Thomas Buchholz and Michael Schiffers. 2003. Quality of context: What it is and why we need it. In Proceedings of the 10th Workshop of the OpenView University Association (OVUA’03).Google Scholar
- Kim Cameron. 2005. The laws of identity. Microsoft Corp.Google Scholar
- Betty H. C. Cheng, Rogerio De Lemos, Holger Giese, Paola Inverardi, Jeff Magee, Jesper Andersson, Basil Becker, Nelly Bencomo, Yuriy Brun, Bojan Cukic et al. 2009. Software engineering for self-adaptive systems: A research roadmap. In Software Engineering for Self-adaptive Systems. Springer, 1--26. Google ScholarDigital Library
- Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C. Van Oorschot. 2012. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Depend. Secure Comput. 9, 2 (2012), 222--235. Google ScholarDigital Library
- Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C. Van Oorschot. 2012. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Depend. Secure Comput. 9, 2 (2012), 222--235. Google ScholarDigital Library
- Ronald Cramer, Ivan Bjerre Damgård, et al. 2015. Secure Multiparty Computation. Cambridge University Press. Google ScholarDigital Library
- Heather Crawford and Ebad Ahmadzadeh. 2017. Authentication on the go: Assessing the effect of movement on mobile device keystroke dynamics. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’17). 163--173. Google ScholarDigital Library
- Dipankar Dasgupta, Arunava Roy, and Abhijit Nag. 2016. Toward the design of adaptive selection strategies for multi-factor authentication. Comput. Secur. 63 (2016), 85--116. Google ScholarDigital Library
- Rogério De Lemos, Holger Giese, Hausi A Müller, Mary Shaw, Jesper Andersson, Marin Litoiu, Bradley Schmerl, Gabriel Tamura, Norha M Villegas, Thomas Vogel et al. 2013. Software engineering for self-adaptive systems: A second research roadmap. In Software Engineering for Self-Adaptive Systems II. Springer, 1--32.Google Scholar
- Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2017. Evaluating behavioral biometrics for continuous authentication: Challenges and metrics. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS’17). 386--399. Google ScholarDigital Library
- Ahmed Elkhodary and Jon Whittle. 2007. A survey of approaches to adaptive application security. In Proceedings of the International Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’07). IEEE, 16--16. Google ScholarDigital Library
- Carl M. Ellison. 2007. Ceremony design and analysis. IACR Cryptol. ePrint Arch. (2007), 399. Retrieved from https://pdfs.semanticscholar.org/8b6a/22b53e9ab50d29c804311e9151f09a8e7243.pdf.Google Scholar
- Antti Evesti and Eila Ovaska. 2013. Comparison of adaptive information security approaches. ISRN Artific. Intell. 2013, Article 482949 (2013), 18 pages.Google Scholar
- Reza Fathi, Mohsen Amini Salehi, and Ernst L. Leiss. 2015. User-friendly and secure architecture (UFSA) for authentication of cloud services. In Proceedings of the IEEE International Conference on Cloud Computing (CLOUD’15). 516--523. Google ScholarDigital Library
- Jacqueline Floch, Svein Hallsteinsen, Erlend Stav, Frank Eliassen, Ketil Lund, and Eli Gjorven. 2006. Using architecture models for runtime adaptability. IEEE Software 23, 2 (2006), 62--70. Google ScholarDigital Library
- Caroline Fontaine and Fabien Galand. 2007. A survey of homomorphic encryption for nonspecialists. EURASIP J. Info. Secur. 2007, 1 (2007), 15.Google ScholarCross Ref
- Alain Forget, Sonia Chiasson, and Robert Biddle. 2015. Choose your own authentication. In Proceedings of the New Security Paradigms Workshop. 1--15. Google ScholarDigital Library
- Alain Forget, Sonia Chiasson, Paul C. van Oorschot, and Robert Biddle. 2008. Improving text passwords through persuasion. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’08). 1--12. Google ScholarDigital Library
- David Freeman, Sakshi Jain, Markus Dürmuth, Battista Biggio, and Giorgio Giacinto. 2016. Who are you? A statistical approach to measuring user authenticity. In Proceedings of the Network and Distributed System Security Symposium (NDSS’16). 1--15.Google ScholarCross Ref
- Davrondzhon Gafurov, Einar Snekkenes, and Patrick Bours. 2007. Spoof attacks on gait authentication system. IEEE T. Inf. Foren. Sec. 2, 3 (2007), 491--502. Google ScholarDigital Library
- Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, and Anind K. Dey. 2009. Context-aware authentication framework. In Proceedings of the International Conference on Mobile Computing, Applications, and Services (MobiCASE’09). 26--41.Google Scholar
- Erving Goffman. 1959. The Presentation of Self in Everyday Life. Doubleday Anchor Books, Doubleday, Garden City.Google Scholar
- P. A. Grassi, M. E. Garcia, and J. L. Fenton. 2017. NIST special publication 800--63-3: Digital identity guidelines. Retrieved from https://pages.nist.gov/800-63-3/.Google Scholar
- Aditi Gupta, Markus Miettinen, N. Asokan, and Marcin Nagy. 2012. Intuitive security policy configuration in mobile devices using context profiling. In Proceedings of the International Conference on Privacy, Security, Risk and Trust (PASSAT’12) and the International Confernece on Social Computing (SocialCom’12). IEEE, 471--480. Google ScholarDigital Library
- Eiji Hayashi, Sauvik Das, Shahriyar Amini, Jason Hong, and Ian Oakley. 2013. CASA: Context-aware scalable authentication. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’13). 3:1--3:10. Google ScholarDigital Library
- Marti A. Hearst, Susan T Dumais, Edgar Osuna, John Platt, and Bernhard Scholkopf. 1998. Support vector machines. IEEE Intell. Syst. Appl. 13, 4 (1998), 18--28. Google ScholarDigital Library
- Daniel Hintze, Rainhard D. Findling, Muhammad Muaaz, Eckhard Koch, and René Mayrhofer. 2015. Cormorant: Towards continuous risk-aware multi-modal cross-device authentication. In Proceedings of the ACM International Joint Conference on Pervasive and Ubiquitous Computing and ACM International Symposium on Wearable Computers. 169--172. Google ScholarDigital Library
- David W. Hosmer Jr., Stanley Lemeshow, and Rodney X. Sturdivant. 2013. Applied Logistic Regression, Vol. 398. John Wiley 8 Sons.Google Scholar
- Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43--58.Google Scholar
- Wonil Hwang and Gavriel Salvendy. 2010. Number of people required for usability evaluation: The 102 rule. Commun. ACM 53, 5 (2010), 130--133. Google ScholarDigital Library
- Didac Gil De La Iglesia and Danny Weyns. 2015. MAPE-K formal templates to rigorously design behaviors for self-adaptive systems. ACM Trans. Auton. Adapt. Syst. 10, 3 (2015), 15. Google ScholarDigital Library
- Gleneesha M. Johnson. 2009. Towards shrink-wrapped security: A taxonomy of security-relevant context. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PERCOM’09). 1--2. Google ScholarDigital Library
- Hilmi Gunes Kayacik, Mike Just, Lynne Baillie, David Aspinall, and Nicholas Micallef. 2014. Data driven authentication: On the effectiveness of user behaviour modelling with mobile device sensors. arXiv preprint arXiv:1410.7743.Google Scholar
- Jeffrey O. Kephart and David M. Chess. 2003. The vision of autonomic computing. IEEE Comput. 36, 1 (2003), 41--50. Google ScholarDigital Library
- Hassan Khan, Urs Hengartner, and Daniel Vogel. 2016. Targeted mimicry attacks on touch input-based implicit authentication schemes. In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobySys’16). 387--398. Google ScholarDigital Library
- Arun Kishore Ramakrishnan, Davy Preuveneers, and Yolande Berbers. 2014. Enabling self-learning in dynamic and open IoT environments. Comput. Sci. 32 (2014), 207--214.Google Scholar
- Barbara Kitchenham. 2004. Procedures for Performing Systematic Reviews. Technical Report TR/SE-0401. Keele University, Keele, UK.Google Scholar
- Jeff Kramer and Jeff Magee. 2007. Self-managed systems: An architectural challenge. In Future of Software Engineering. IEEE Computer Society, 259--268. Google ScholarDigital Library
- Christian Krupitzer, Felix Maximilian Roth, Christian Becker, Markus Weckesser, Malte Lochau, and Andy Schürr. 2016. FESAS IDE: An integrated development environment for autonomic computing. In Proceedings of the IEEE International Conference on Autonomic Computing (ICAC’16). 15--24.Google ScholarCross Ref
- Christian Krupitzer, Felix Maximilian Roth, Sebastian VanSyckel, Gregor Schiele, and Christian Becker. 2015. A survey on engineering approaches for self-adaptive systems. Pervas. Mobile Comput. 17 (2015), 184--206. Google ScholarDigital Library
- Gabriele Lenzini, Mortaza S. Bargh, and Bob Hulsebosch. 2008. Trust-enhanced security in location-based adaptive authentication. Electron. Notes Theoret. Comput. Sci. 197, 2 (2008), 105--119. Google ScholarDigital Library
- João Carlos D. Lima, Cristiano C. Rocha, Matheus A. Vieira, Iara Augustin, and Mario A. R. Dantas. 2011. CARS-AD: A context-aware recommender system to decide about implicit or explicit authentication in ubihealth. In Proceedings of the 9th ACM International Symposium on Mobility Management and Wireless Access (MobiWac’11). ACM, New York, NY, 83--92. Google ScholarDigital Library
- Zhan Liu, Riccardo Bonazzi, and Yves Pigneur. 2016. Privacy-based adaptive context-aware authentication system for personal mobile devices. J. Mob. Multimed. 12, 1--2 (Apr. 2016), 159--180. Retrieved from http://dl.acm.org/citation.cfm?id=3177177.3177187. Google ScholarDigital Library
- Hal Lockhart and B. Campbell. 2008. Security assertion markup language (SAML) V2. 0 technical overview. OASIS Committee Draft 2 (2008), 94--106.Google Scholar
- David G. Luenberger, Yinyu Ye et al. 1984. Linear and Nonlinear Programming, Vol. 2. Springer.Google Scholar
- Frank D. Macías-Escrivá, Rodolfo Haber, Raul Del Toro, and Vicente Hernandez. 2013. Self-adaptive systems: A survey of current approaches, research challenges and applications. Expert Syst. Appl. 40, 18 (2013), 7267--7279.Google ScholarCross Ref
- Eve Maler and Drummond Reed. 2008. The venn of identity: Options and issues in federated identity management. IEEE Secur. Priv. 6, 2 (2008), 16--23. Google ScholarDigital Library
- Abdeljebar Mansour, Mohamed Sadik, Essaïd Sabir, and Mohamed Azmi. 2016. A context-aware multimodal biometric authentication for cloud-empowered systems. In Proceedings of the IEEE International Conference on Wireless Networks and Mobile Communications (WINCOM’16). 278--285.Google ScholarCross Ref
- R. Timothy Marler and Jasbir S. Arora. 2004. Survey of multi-objective optimization methods for engineering. Struct. Multidisc. Optimiz. 26, 6 (2004), 369--395.Google ScholarCross Ref
- Weizhi Meng, Duncan S. Wong, Steven Furnell, and Jianying Zhou. 2015. Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tut. 17, 3 (2015), 1268--1293.Google ScholarDigital Library
- Markus Miettinen, Stephan Heuser, Wiebke Kronz, Ahmad-Reza Sadeghi, and N. Asokan. 2014. ConXsense: Automated context classification for context-aware access control. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS’14). 293--304. Google ScholarDigital Library
- Robert Morris and Ken Thompson. 1979. Password security: A case history. Commun. ACM 22, 11 (1979), 594--597. Google ScholarDigital Library
- Jakob Nielsen. 1994. Usability Engineering. Elsevier.Google ScholarDigital Library
- Lawrence O’Gorman. 2003. Comparing passwords, tokens, and biometrics for user authentication. P. IEEE 91, 12 (2003), 2021--2040.Google ScholarCross Ref
- P. Oreizy, M. M. Gorlick, R. N. Taylor, D. Heimhigner, G. Johnson, N. Medvidovic, A. Quilici, D. S. Rosenblum, and A. L. Wolf. 1999. An architecture-based approach to self-adaptive software. IEEE Intell. Syst. App. 14, 3 (1999), 54--62. Google ScholarDigital Library
- EU Parliament and the Council of the EU. 2016. General Data Protection Regulation. Retrieved from http://eur-lex.europa.eu/legal-content/EN/TXT/.Google Scholar
- Vishal M. Patel, Rama Chellappa, Deepak Chandra, and Brandon Barbello. 2016. Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal. Proc. Mag. 33, 4 (2016), 49--61.Google ScholarCross Ref
- Bernhard Pfahringer, Geoffrey Holmes, and Richard Kirkby. 2007. New options for hoeffding trees. In Proceedings of the Australasian Joint Conference on Artificial Intelligence. 90--99. Google ScholarDigital Library
- Davy Preuveneers and Wouter Joosen. 2015. SmartAuth: Dynamic context fingerprinting for continuous user authentication. In Proceedings of the ACM Special Interest Group on Applied Computing (SIGAPP’15). 2185--2191. Google ScholarDigital Library
- Abena Primo, Vir V. Phoha, Rajesh Kumar, and Abdul Serwadda. 2014. Context-aware active authentication using smartphone accelerometer measurements. In Proceedings of the IEEE Conference Computer Vision and Pattern Recognition Workshops. 98--105. Google ScholarDigital Library
- Arun Ramakrishnan, Jochen Tombal, Davy Preuveneers, and Yolande Berbers. 2015. PRISM: Policy-driven risk-based implicit locking for improving the security of mobile end-user devices. In Proceedings of the ACM International Conference on Advances in Mobile Computing 8 Multimedia (MoMM’15). 365--374. Google ScholarDigital Library
- Peter Reichert, Nele Schuwirth, and Simone Langhans. 2013. Constructing, evaluating and visualizing value and utility functions for decision support. Environ. Model. Software 46 (2013), 283--291. Google ScholarDigital Library
- Oriana Riva, Chuan Qin, Karin Strauss, and Dimitrios Lymberopoulos. 2012. Progressive authentication: Deciding when to authenticate on mobile phones. In Proceedings of the USENIX Security Symposium. 301--316. Google ScholarDigital Library
- Arun Ross and Anil K. Jain. 2004. Multimodal biometrics: An overview. In Proceedings of the 12th IEEE European Signal Processing Conference. 1221--1224.Google Scholar
- Scott Ruoti, Brent Roberts, and Kent Seamons. 2015. Authentication melee: A usability analysis of seven web authentication systems. In Proceedings of the 24th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 916--926. Google ScholarDigital Library
- Thomas L. Saaty. 1990. How to make a decision: The analytic hierarchy process. Eur. J. Operation. Res. 48, 1 (1990), 9--26.Google ScholarCross Ref
- Nat Sakimura, John Bradley, Mike Jones, Breno de Medeiros, and Chuck Mortimore. 2014. OpenID connect core 1.0 incorporating errata set 1. OpenID Found., Specific. (2014). Retrieved from https://openid.net/specs/openid-connect-core-1_0.html.Google Scholar
- Mazeiar Salehie and Ladan Tahvildari. 2009. Self-adaptive software: Landscape and research challenges. ACM Trans. Auton. Adapt. Syst. 4, 2 (2009), 14:1--14:42. Google ScholarDigital Library
- Gerard Salton, Anita Wong, and Chung-Shu Yang. 1975. A vector space model for automatic indexing. Commun. ACM 18, 11 (1975), 613--620. Google ScholarDigital Library
- Vipin Samar. 1996. Unified login with pluggable authentication modules (PAM). In Proceedings of the ACM Conference on Computer and Communications Security (CCS’96). 1--10. Google ScholarDigital Library
- M. Angela Sasse. 2013. Technology should be smarter than this!: A vision for overcoming the great authentication fatigue. In Proceedings of the Workshop on Secure Data Management. 33--36. Google ScholarDigital Library
- Martina Angela Sasse, Sacha Brostoff, and Dirk Weirich. 2001. Transforming the “weakest link” human/computer interaction approach to usable and effective security. BT Technol. J. 19, 3 (2001), 122--131. Google ScholarDigital Library
- Julian Seifert, Alexander De Luca, Bettina Conradi, and Heinrich Hussmann. 2010. Treasurephone: Context-sensitive user data protection on mobile phones. In Proceedings of the International Conference on Pervasive Computing. 130--137. Google ScholarDigital Library
- Simon J. Sheather and Michael C. Jones. 1991. A reliable data-based bandwidth selection method for kernel density estimation. J. Roy. Stat. Soc. Ser. B (Methodological) (1991), 683--690.Google Scholar
- Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. 2010. Implicit authentication through learning user behavior. In Proceedings of the International Conference on Information Security. Springer, 99--113. Google ScholarDigital Library
- David Silver, Suman Jana, Dan Boneh, Eric Yawei Chen, and Collin Jackson. 2014. Password managers: Attacks and defenses. In Proceedings of the USENIX Security Symposium. 449--464. Google ScholarDigital Library
- Bogdan Solomon, Dan Ionescu, Marin Litoiu, and Gabriel Iszlai. 2010. Autonomic computing control of composed web services. In Proceedings of the ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems. ACM, 94--103. Google ScholarDigital Library
- Sampath Srinivas, John Kemp, and FIDO Alliance. 2013. FIDO UAF architectural overview. Retrieved from https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-overview-v1.0-ps-20141208.html.Google Scholar
- Frank Stajano. 1999. The resurrecting duckling. In Proceedings of the International Workshop Security Protocols. 183--194. Google ScholarDigital Library
- Frank Stajano. 2011. Pico: No more passwords!. In Proceedings of the International Workshop on Security Protocols. 49--81. Google ScholarDigital Library
- Elizabeth Stobert and Robert Biddle. 2013. Memory retrieval and graphical passwords. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’13). 15:1--15:14. Google ScholarDigital Library
- Thomas Strang and Claudia Linnhoff-Popien. 2004. A context modeling survey. In Proceedings of the Workshop Advanced Context Modelling, Reasoning and Management (UbiComp’04), Vol. 4. 34--41.Google Scholar
- Julie Thorpe, Paul C. van Oorschot, and Anil Somayaji. 2005. Pass-thoughts: Authenticating with our minds. In Proceedings of the Workshop New Security Paradigms. ACM, 45--56. Google ScholarDigital Library
- C. Toader and Frank Stajano. 2014. User authentication for Pico: When to unlock a security token. Master’s Thesis, University of Cambridge.Google Scholar
- Evangelos Triantaphyllou. 2000. Multi-criteria decision making methods. In Multi-criteria Decision Making Methods: A Comparative Study. Springer, 5--21.Google ScholarCross Ref
- Giannis Tziakouris, Rami Bahsoon, and Muhammad Ali Babar. 2018. A survey on self-adaptive security for large-scale open environments. ACM Comput. Surveys 51, 5 (2018). Google ScholarDigital Library
- Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib et al. 2017. Design and evaluation of a data-driven password meter. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’17). 3775--3786. Google ScholarDigital Library
- Pallapa Venkataram and B. Sathish Babu. 2008. An authentication scheme for ubiquitous commerce: A cognitive agents-based approach. In Proceedings of the IEEE Network Operations and Management Symposium (NOMS’08). 248--256.Google Scholar
- Robert A. Virzi. 1992. Refining the test phase of usability evaluation: How many subjects is enough? Hum. Fact. 34, 4 (1992), 457--468. Google ScholarDigital Library
- Rick Waldron, Mikhail Pozdnyakov, and Alexander Shalamov. 2018. Generic Sensor API, W3C Candidate Recommendation.Google Scholar
- Mike West. 2017. Credential Management Level 1. W3C Working Draft.Google Scholar
- Heiko Witte, Christian Rathgeb, and Christoph Busch. 2013. Context-aware mobile biometric authentication based on support vector machines. In Proceedings of the 4th IEEE International Conference on Emerging Security Technologies (EST’13). 29--32. Google ScholarDigital Library
- Adam Wójtowicz and Jacek Chmielewski. 2017. Technical feasibility of context-aware passive payment authorization for physical points of sale. Person. Ubiq. Comput. 21, 6 (2017), 1113--1125. Google ScholarDigital Library
- Adam Wójtowicz and Krzysztof Joachimiak. 2016. Model for adaptable context-based biometric authentication for mobile devices. Person. Ubiq. Comput. 20, 2 (2016), 195--207. Google ScholarDigital Library
- Jeffrey Xiong, John Xiong, and Christophe Claramunt. 2014. A spatial entropy-based approach to improve mobile risk-based authentication. In Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis. 3. Google ScholarDigital Library
- Eric Yuan, Naeem Esfahani, and Sam Malek. 2014. A systematic survey of self-protecting software systems. ACM Trans. Auton. Adapt. Syst. 8, 4 (2014). Google ScholarDigital Library
- Jie Zhang, Ali A. Ghorbani et al. 2004. Familiarity and trust: Measuring familiarity with a web site. In Proceedings of the International Conference on Privacy, Security, and Trust (PST’04). 23--28.Google Scholar
Index Terms
- A Survey on Adaptive Authentication
Recommendations
On Understanding Context Modelling for Adaptive Authentication Systems
In many situations, it is of interest for authentication systems to adapt to context (e.g., when the user’s behavior differs from the previous behavior). Hence, representing the context with appropriate and well-designed models is crucial. We provide a ...
Client-based authentication technology: user-centric authentication using secure containers
DIM '11: Proceedings of the 7th ACM workshop on Digital identity managementToday's authentication suffers from unsolved problems in security and usability. Adversaries have multiple attack vectors with which to steal user credentials, including phishing, malware, and attacks on service providers. Current security practices ...
Trust-enhanced Security in Location-based Adaptive Authentication
We propose trust to enhance security in adaptive and non-intrusive user authentication in controlled and pervasive environments. In addition to who a user is (e.g., via biometrics) and what a user knows (e.g., a password, a PIN), recent authentication ...
Comments