survey

A Survey on Adaptive Authentication

Authors:
Patricia Arias-Cabarcos

University of Mannheim, Mannheim, Germany

University of Mannheim, Mannheim, Germany

0000-0001-7401-6185
View Profile

,
Christian Krupitzer

University of Würzburg, Am Hubland, Würzburg, Germany

University of Würzburg, Am Hubland, Würzburg, Germany

0000-0002-7275-0738
View Profile

,
Christian Becker

University of Mannheim, Mannheim, Germany

University of Mannheim, Mannheim, Germany
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 52 Issue 4Article No.: 80pp 1–30https://doi.org/10.1145/3336117

Published:11 September 2019Publication History

ACM Computing Surveys

Abstract

Adaptive Authentication allows a system to dynamically select the best mechanism(s) for authenticating a user depending on contextual factors, such as location, proximity to devices, and other attributes. Though this technology has the potential to change the current password-dominated authentication landscape, research to date has not led to practical solutions that transcend to our daily lives. Motivated to find out how to improve adaptive authentication design, we provide a structured survey of the existing literature to date and analyze it to identify and discuss current research challenges and future directions.

References

Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12 (Dec. 1999), 40--46. Google ScholarDigital Library
Jalal Al-Muhtadi, Anand Ranganathan, Roy Campbell, and M. Dennis Mickunas. 2003. Cerberus: A context-aware security scheme for smart spaces. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PerCom’03). 489--496. Google ScholarDigital Library
Nora Alkaldi and Karen Renaud. 2016. Why do people adopt, or reject, smartphone password managers? In Proceedings of the IEEE European Symposium on Security and Privacy (EuroUSEC’16).Google ScholarCross Ref
Abdulaziz Alzubaidi and Jugal Kalita. 2016. Authentication of smartphone users using behavioral biometrics. IEEE Commun. Sur. Tut. 18, 3 (2016), 1998--2026.Google ScholarDigital Library
Patricia Arias-Cabarcos, Florina Almenarez, Ruben Trapero, Daniel Diaz-Sanchez, and Andres Marin. 2015. Blended identity: Pervasive IdM for continuous authentication. IEEE Secur. Privacy 13, 3 (2015), 32--39.Google ScholarDigital Library
Patricia Arias-Cabarcos and Christian Krupitzer. 2017. On the design of distributed adaptive authentication systems. In Proceedings of the WAY Symposium on Usable Privacy and Security (SOUPS’17).Google Scholar
Shiori Arimura, Masahiro Fujita, Shinya Kobayashi, Junya Kani, Masakatsu Nishigaki, and Akira Shiba. 2014. i/k-Contact: A context-aware user authentication using physical social trust. In Proceedings of the 12th IEEE Annual Conference on Privacy, Security, and Trust (PST’14). 407--413.Google ScholarCross Ref
Khairul Azmi Abu Bakar and Galoh Rashidah Haron. 2013. Adaptive authentication: Issues and challenges. In Proceedings of the World Congress on Computer and Information Technology (WCCIT’13). IEEE, 1--6.Google Scholar
Khairul Azmi Abu Bakar and Galoh Rashidah Haron. 2014. Adaptive authentication based on analysis of user behavior. In Proceedings of the IEEE Science and Information Conference (SAI’14). 601--606.Google ScholarCross Ref
Dirk Balfanz, Alexei Czeskis, Jeff Hodges, J. C. Jones, Michael B. Jones, Akshay Kumar, Angelo Liao, Rolf Lindemann, and Emil Lundberg. 2018. Web Authentication: An API for accessing Public Key Credentials Level 1. W3C Candidate Recommendation.Google Scholar
Jakob E. Bardram, Rasmus E. Kjær, and Michael Ø. Pedersen. 2003. Context-aware user authentication--supporting proximity-based login in pervasive computing. In Proceedings of the International Conference on Ubiquitous Computing. 107--123.Google ScholarCross Ref
Abigail Barr. 1999. Familiarity and trust: An experimental investigation. The Centre for the Study of African Economies Working Paper Series. 107.Google Scholar
Marco Barreno, Blaine Nelson, Anthony D. Joseph, and J. Doug Tygar. 2010. The security of machine learning. Mach. Learn. 81, 2 (2010), 121--148. Google ScholarDigital Library
Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. Doug Tygar. 2006. Can machine learning be secure? In Proceedings of the ACM Symposium on Information, Computer, and Communications Security. ACM, 16--25. Google ScholarDigital Library
Sagar Behere and Martin Törngren. 2016. A functional reference architecture for autonomous driving. Info. Software Technol. 73 (2016), 136--150. Google ScholarDigital Library
Nelly Bencomo, Paul Grace, Carlos Flores, Danny Hughes, and Gordon Blair. 2008. Genie: Supporting the model driven development of reflective, component-based adaptive systems. In Proceedings of the ACM International Conference on Software Engineering (ICSE’08). 811--814. Google ScholarDigital Library
Claudio Bettini, Oliver Brdiczka, Karen Henricksen, Jadwiga Indulska, Daniela Nicklas, Anand Ranganathan, and Daniele Riboni. 2010. A survey of context modelling and reasoning techniques. Pervas. Mobile Comput. 6, 2 (2010), 161--180. Google ScholarDigital Library
Technical Committee: ISO/IEC JTC 1/SC 37 Biometrics. 2018. ISO/IEC 19784-1:2018 Information technology—Biometric application programming interface—Part 1: BioAPI specification. Retrieved from https://www.iso.org/standard/70866.html.Google Scholar
Joseph Bonneau, Cormac Herley, Paul C. Van Oorschot, and Frank Stajano. 2012. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the IEEE Symposium on Security and Privacy. 553--567. Google ScholarDigital Library
Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, and Frank Stajano. 2015. Passwords and the evolution of imperfect authentication. Commun. ACM 58, 7 (June 2015), 78--87. Google ScholarDigital Library
Patrick Bours and Soumik Mondal. 2015. Performance evaluation of continuous authentication systems. IET Biometrics 4, 4 (2015), 220--226.Google ScholarCross Ref
Thomas Buchholz and Michael Schiffers. 2003. Quality of context: What it is and why we need it. In Proceedings of the 10th Workshop of the OpenView University Association (OVUA’03).Google Scholar
Kim Cameron. 2005. The laws of identity. Microsoft Corp.Google Scholar
Betty H. C. Cheng, Rogerio De Lemos, Holger Giese, Paola Inverardi, Jeff Magee, Jesper Andersson, Basil Becker, Nelly Bencomo, Yuriy Brun, Bojan Cukic et al. 2009. Software engineering for self-adaptive systems: A research roadmap. In Software Engineering for Self-adaptive Systems. Springer, 1--26. Google ScholarDigital Library
Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C. Van Oorschot. 2012. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Depend. Secure Comput. 9, 2 (2012), 222--235. Google ScholarDigital Library
Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C. Van Oorschot. 2012. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Depend. Secure Comput. 9, 2 (2012), 222--235. Google ScholarDigital Library
Ronald Cramer, Ivan Bjerre Damgård, et al. 2015. Secure Multiparty Computation. Cambridge University Press. Google ScholarDigital Library
Heather Crawford and Ebad Ahmadzadeh. 2017. Authentication on the go: Assessing the effect of movement on mobile device keystroke dynamics. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’17). 163--173. Google ScholarDigital Library
Dipankar Dasgupta, Arunava Roy, and Abhijit Nag. 2016. Toward the design of adaptive selection strategies for multi-factor authentication. Comput. Secur. 63 (2016), 85--116. Google ScholarDigital Library
Rogério De Lemos, Holger Giese, Hausi A Müller, Mary Shaw, Jesper Andersson, Marin Litoiu, Bradley Schmerl, Gabriel Tamura, Norha M Villegas, Thomas Vogel et al. 2013. Software engineering for self-adaptive systems: A second research roadmap. In Software Engineering for Self-Adaptive Systems II. Springer, 1--32.Google Scholar
Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, and Ivan Martinovic. 2017. Evaluating behavioral biometrics for continuous authentication: Challenges and metrics. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS’17). 386--399. Google ScholarDigital Library
Ahmed Elkhodary and Jon Whittle. 2007. A survey of approaches to adaptive application security. In Proceedings of the International Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’07). IEEE, 16--16. Google ScholarDigital Library
Carl M. Ellison. 2007. Ceremony design and analysis. IACR Cryptol. ePrint Arch. (2007), 399. Retrieved from https://pdfs.semanticscholar.org/8b6a/22b53e9ab50d29c804311e9151f09a8e7243.pdf.Google Scholar
Antti Evesti and Eila Ovaska. 2013. Comparison of adaptive information security approaches. ISRN Artific. Intell. 2013, Article 482949 (2013), 18 pages.Google Scholar
Reza Fathi, Mohsen Amini Salehi, and Ernst L. Leiss. 2015. User-friendly and secure architecture (UFSA) for authentication of cloud services. In Proceedings of the IEEE International Conference on Cloud Computing (CLOUD’15). 516--523. Google ScholarDigital Library
Jacqueline Floch, Svein Hallsteinsen, Erlend Stav, Frank Eliassen, Ketil Lund, and Eli Gjorven. 2006. Using architecture models for runtime adaptability. IEEE Software 23, 2 (2006), 62--70. Google ScholarDigital Library
Caroline Fontaine and Fabien Galand. 2007. A survey of homomorphic encryption for nonspecialists. EURASIP J. Info. Secur. 2007, 1 (2007), 15.Google ScholarCross Ref
Alain Forget, Sonia Chiasson, and Robert Biddle. 2015. Choose your own authentication. In Proceedings of the New Security Paradigms Workshop. 1--15. Google ScholarDigital Library
Alain Forget, Sonia Chiasson, Paul C. van Oorschot, and Robert Biddle. 2008. Improving text passwords through persuasion. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’08). 1--12. Google ScholarDigital Library
David Freeman, Sakshi Jain, Markus Dürmuth, Battista Biggio, and Giorgio Giacinto. 2016. Who are you? A statistical approach to measuring user authenticity. In Proceedings of the Network and Distributed System Security Symposium (NDSS’16). 1--15.Google ScholarCross Ref
Davrondzhon Gafurov, Einar Snekkenes, and Patrick Bours. 2007. Spoof attacks on gait authentication system. IEEE T. Inf. Foren. Sec. 2, 3 (2007), 491--502. Google ScholarDigital Library
Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, and Anind K. Dey. 2009. Context-aware authentication framework. In Proceedings of the International Conference on Mobile Computing, Applications, and Services (MobiCASE’09). 26--41.Google Scholar
Erving Goffman. 1959. The Presentation of Self in Everyday Life. Doubleday Anchor Books, Doubleday, Garden City.Google Scholar
P. A. Grassi, M. E. Garcia, and J. L. Fenton. 2017. NIST special publication 800--63-3: Digital identity guidelines. Retrieved from https://pages.nist.gov/800-63-3/.Google Scholar
Aditi Gupta, Markus Miettinen, N. Asokan, and Marcin Nagy. 2012. Intuitive security policy configuration in mobile devices using context profiling. In Proceedings of the International Conference on Privacy, Security, Risk and Trust (PASSAT’12) and the International Confernece on Social Computing (SocialCom’12). IEEE, 471--480. Google ScholarDigital Library
Eiji Hayashi, Sauvik Das, Shahriyar Amini, Jason Hong, and Ian Oakley. 2013. CASA: Context-aware scalable authentication. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’13). 3:1--3:10. Google ScholarDigital Library
Marti A. Hearst, Susan T Dumais, Edgar Osuna, John Platt, and Bernhard Scholkopf. 1998. Support vector machines. IEEE Intell. Syst. Appl. 13, 4 (1998), 18--28. Google ScholarDigital Library
Daniel Hintze, Rainhard D. Findling, Muhammad Muaaz, Eckhard Koch, and René Mayrhofer. 2015. Cormorant: Towards continuous risk-aware multi-modal cross-device authentication. In Proceedings of the ACM International Joint Conference on Pervasive and Ubiquitous Computing and ACM International Symposium on Wearable Computers. 169--172. Google ScholarDigital Library
David W. Hosmer Jr., Stanley Lemeshow, and Rodney X. Sturdivant. 2013. Applied Logistic Regression, Vol. 398. John Wiley 8 Sons.Google Scholar
Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43--58.Google Scholar
Wonil Hwang and Gavriel Salvendy. 2010. Number of people required for usability evaluation: The 102 rule. Commun. ACM 53, 5 (2010), 130--133. Google ScholarDigital Library
Didac Gil De La Iglesia and Danny Weyns. 2015. MAPE-K formal templates to rigorously design behaviors for self-adaptive systems. ACM Trans. Auton. Adapt. Syst. 10, 3 (2015), 15. Google ScholarDigital Library
Gleneesha M. Johnson. 2009. Towards shrink-wrapped security: A taxonomy of security-relevant context. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications (PERCOM’09). 1--2. Google ScholarDigital Library
Hilmi Gunes Kayacik, Mike Just, Lynne Baillie, David Aspinall, and Nicholas Micallef. 2014. Data driven authentication: On the effectiveness of user behaviour modelling with mobile device sensors. arXiv preprint arXiv:1410.7743.Google Scholar
Jeffrey O. Kephart and David M. Chess. 2003. The vision of autonomic computing. IEEE Comput. 36, 1 (2003), 41--50. Google ScholarDigital Library
Hassan Khan, Urs Hengartner, and Daniel Vogel. 2016. Targeted mimicry attacks on touch input-based implicit authentication schemes. In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobySys’16). 387--398. Google ScholarDigital Library
Arun Kishore Ramakrishnan, Davy Preuveneers, and Yolande Berbers. 2014. Enabling self-learning in dynamic and open IoT environments. Comput. Sci. 32 (2014), 207--214.Google Scholar
Barbara Kitchenham. 2004. Procedures for Performing Systematic Reviews. Technical Report TR/SE-0401. Keele University, Keele, UK.Google Scholar
Jeff Kramer and Jeff Magee. 2007. Self-managed systems: An architectural challenge. In Future of Software Engineering. IEEE Computer Society, 259--268. Google ScholarDigital Library
Christian Krupitzer, Felix Maximilian Roth, Christian Becker, Markus Weckesser, Malte Lochau, and Andy Schürr. 2016. FESAS IDE: An integrated development environment for autonomic computing. In Proceedings of the IEEE International Conference on Autonomic Computing (ICAC’16). 15--24.Google ScholarCross Ref
Christian Krupitzer, Felix Maximilian Roth, Sebastian VanSyckel, Gregor Schiele, and Christian Becker. 2015. A survey on engineering approaches for self-adaptive systems. Pervas. Mobile Comput. 17 (2015), 184--206. Google ScholarDigital Library
Gabriele Lenzini, Mortaza S. Bargh, and Bob Hulsebosch. 2008. Trust-enhanced security in location-based adaptive authentication. Electron. Notes Theoret. Comput. Sci. 197, 2 (2008), 105--119. Google ScholarDigital Library
João Carlos D. Lima, Cristiano C. Rocha, Matheus A. Vieira, Iara Augustin, and Mario A. R. Dantas. 2011. CARS-AD: A context-aware recommender system to decide about implicit or explicit authentication in ubihealth. In Proceedings of the 9th ACM International Symposium on Mobility Management and Wireless Access (MobiWac’11). ACM, New York, NY, 83--92. Google ScholarDigital Library
Zhan Liu, Riccardo Bonazzi, and Yves Pigneur. 2016. Privacy-based adaptive context-aware authentication system for personal mobile devices. J. Mob. Multimed. 12, 1--2 (Apr. 2016), 159--180. Retrieved from http://dl.acm.org/citation.cfm?id=3177177.3177187. Google ScholarDigital Library
Hal Lockhart and B. Campbell. 2008. Security assertion markup language (SAML) V2. 0 technical overview. OASIS Committee Draft 2 (2008), 94--106.Google Scholar
David G. Luenberger, Yinyu Ye et al. 1984. Linear and Nonlinear Programming, Vol. 2. Springer.Google Scholar
Frank D. Macías-Escrivá, Rodolfo Haber, Raul Del Toro, and Vicente Hernandez. 2013. Self-adaptive systems: A survey of current approaches, research challenges and applications. Expert Syst. Appl. 40, 18 (2013), 7267--7279.Google ScholarCross Ref
Eve Maler and Drummond Reed. 2008. The venn of identity: Options and issues in federated identity management. IEEE Secur. Priv. 6, 2 (2008), 16--23. Google ScholarDigital Library
Abdeljebar Mansour, Mohamed Sadik, Essaïd Sabir, and Mohamed Azmi. 2016. A context-aware multimodal biometric authentication for cloud-empowered systems. In Proceedings of the IEEE International Conference on Wireless Networks and Mobile Communications (WINCOM’16). 278--285.Google ScholarCross Ref
R. Timothy Marler and Jasbir S. Arora. 2004. Survey of multi-objective optimization methods for engineering. Struct. Multidisc. Optimiz. 26, 6 (2004), 369--395.Google ScholarCross Ref
Weizhi Meng, Duncan S. Wong, Steven Furnell, and Jianying Zhou. 2015. Surveying the development of biometric user authentication on mobile phones. IEEE Commun. Surv. Tut. 17, 3 (2015), 1268--1293.Google ScholarDigital Library
Markus Miettinen, Stephan Heuser, Wiebke Kronz, Ahmad-Reza Sadeghi, and N. Asokan. 2014. ConXsense: Automated context classification for context-aware access control. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS’14). 293--304. Google ScholarDigital Library
Robert Morris and Ken Thompson. 1979. Password security: A case history. Commun. ACM 22, 11 (1979), 594--597. Google ScholarDigital Library
Jakob Nielsen. 1994. Usability Engineering. Elsevier.Google ScholarDigital Library
Lawrence O’Gorman. 2003. Comparing passwords, tokens, and biometrics for user authentication. P. IEEE 91, 12 (2003), 2021--2040.Google ScholarCross Ref
P. Oreizy, M. M. Gorlick, R. N. Taylor, D. Heimhigner, G. Johnson, N. Medvidovic, A. Quilici, D. S. Rosenblum, and A. L. Wolf. 1999. An architecture-based approach to self-adaptive software. IEEE Intell. Syst. App. 14, 3 (1999), 54--62. Google ScholarDigital Library
EU Parliament and the Council of the EU. 2016. General Data Protection Regulation. Retrieved from http://eur-lex.europa.eu/legal-content/EN/TXT/.Google Scholar
Vishal M. Patel, Rama Chellappa, Deepak Chandra, and Brandon Barbello. 2016. Continuous user authentication on mobile devices: Recent progress and remaining challenges. IEEE Signal. Proc. Mag. 33, 4 (2016), 49--61.Google ScholarCross Ref
Bernhard Pfahringer, Geoffrey Holmes, and Richard Kirkby. 2007. New options for hoeffding trees. In Proceedings of the Australasian Joint Conference on Artificial Intelligence. 90--99. Google ScholarDigital Library
Davy Preuveneers and Wouter Joosen. 2015. SmartAuth: Dynamic context fingerprinting for continuous user authentication. In Proceedings of the ACM Special Interest Group on Applied Computing (SIGAPP’15). 2185--2191. Google ScholarDigital Library
Abena Primo, Vir V. Phoha, Rajesh Kumar, and Abdul Serwadda. 2014. Context-aware active authentication using smartphone accelerometer measurements. In Proceedings of the IEEE Conference Computer Vision and Pattern Recognition Workshops. 98--105. Google ScholarDigital Library
Arun Ramakrishnan, Jochen Tombal, Davy Preuveneers, and Yolande Berbers. 2015. PRISM: Policy-driven risk-based implicit locking for improving the security of mobile end-user devices. In Proceedings of the ACM International Conference on Advances in Mobile Computing 8 Multimedia (MoMM’15). 365--374. Google ScholarDigital Library
Peter Reichert, Nele Schuwirth, and Simone Langhans. 2013. Constructing, evaluating and visualizing value and utility functions for decision support. Environ. Model. Software 46 (2013), 283--291. Google ScholarDigital Library
Oriana Riva, Chuan Qin, Karin Strauss, and Dimitrios Lymberopoulos. 2012. Progressive authentication: Deciding when to authenticate on mobile phones. In Proceedings of the USENIX Security Symposium. 301--316. Google ScholarDigital Library
Arun Ross and Anil K. Jain. 2004. Multimodal biometrics: An overview. In Proceedings of the 12th IEEE European Signal Processing Conference. 1221--1224.Google Scholar
Scott Ruoti, Brent Roberts, and Kent Seamons. 2015. Authentication melee: A usability analysis of seven web authentication systems. In Proceedings of the 24th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 916--926. Google ScholarDigital Library
Thomas L. Saaty. 1990. How to make a decision: The analytic hierarchy process. Eur. J. Operation. Res. 48, 1 (1990), 9--26.Google ScholarCross Ref
Nat Sakimura, John Bradley, Mike Jones, Breno de Medeiros, and Chuck Mortimore. 2014. OpenID connect core 1.0 incorporating errata set 1. OpenID Found., Specific. (2014). Retrieved from https://openid.net/specs/openid-connect-core-1_0.html.Google Scholar
Mazeiar Salehie and Ladan Tahvildari. 2009. Self-adaptive software: Landscape and research challenges. ACM Trans. Auton. Adapt. Syst. 4, 2 (2009), 14:1--14:42. Google ScholarDigital Library
Gerard Salton, Anita Wong, and Chung-Shu Yang. 1975. A vector space model for automatic indexing. Commun. ACM 18, 11 (1975), 613--620. Google ScholarDigital Library
Vipin Samar. 1996. Unified login with pluggable authentication modules (PAM). In Proceedings of the ACM Conference on Computer and Communications Security (CCS’96). 1--10. Google ScholarDigital Library
M. Angela Sasse. 2013. Technology should be smarter than this!: A vision for overcoming the great authentication fatigue. In Proceedings of the Workshop on Secure Data Management. 33--36. Google ScholarDigital Library
Martina Angela Sasse, Sacha Brostoff, and Dirk Weirich. 2001. Transforming the “weakest link” human/computer interaction approach to usable and effective security. BT Technol. J. 19, 3 (2001), 122--131. Google ScholarDigital Library
Julian Seifert, Alexander De Luca, Bettina Conradi, and Heinrich Hussmann. 2010. Treasurephone: Context-sensitive user data protection on mobile phones. In Proceedings of the International Conference on Pervasive Computing. 130--137. Google ScholarDigital Library
Simon J. Sheather and Michael C. Jones. 1991. A reliable data-based bandwidth selection method for kernel density estimation. J. Roy. Stat. Soc. Ser. B (Methodological) (1991), 683--690.Google Scholar
Elaine Shi, Yuan Niu, Markus Jakobsson, and Richard Chow. 2010. Implicit authentication through learning user behavior. In Proceedings of the International Conference on Information Security. Springer, 99--113. Google ScholarDigital Library
David Silver, Suman Jana, Dan Boneh, Eric Yawei Chen, and Collin Jackson. 2014. Password managers: Attacks and defenses. In Proceedings of the USENIX Security Symposium. 449--464. Google ScholarDigital Library
Bogdan Solomon, Dan Ionescu, Marin Litoiu, and Gabriel Iszlai. 2010. Autonomic computing control of composed web services. In Proceedings of the ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems. ACM, 94--103. Google ScholarDigital Library
Sampath Srinivas, John Kemp, and FIDO Alliance. 2013. FIDO UAF architectural overview. Retrieved from https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-overview-v1.0-ps-20141208.html.Google Scholar
Frank Stajano. 1999. The resurrecting duckling. In Proceedings of the International Workshop Security Protocols. 183--194. Google ScholarDigital Library
Frank Stajano. 2011. Pico: No more passwords!. In Proceedings of the International Workshop on Security Protocols. 49--81. Google ScholarDigital Library
Elizabeth Stobert and Robert Biddle. 2013. Memory retrieval and graphical passwords. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’13). 15:1--15:14. Google ScholarDigital Library
Thomas Strang and Claudia Linnhoff-Popien. 2004. A context modeling survey. In Proceedings of the Workshop Advanced Context Modelling, Reasoning and Management (UbiComp’04), Vol. 4. 34--41.Google Scholar
Julie Thorpe, Paul C. van Oorschot, and Anil Somayaji. 2005. Pass-thoughts: Authenticating with our minds. In Proceedings of the Workshop New Security Paradigms. ACM, 45--56. Google ScholarDigital Library
C. Toader and Frank Stajano. 2014. User authentication for Pico: When to unlock a security token. Master’s Thesis, University of Cambridge.Google Scholar
Evangelos Triantaphyllou. 2000. Multi-criteria decision making methods. In Multi-criteria Decision Making Methods: A Comparative Study. Springer, 5--21.Google ScholarCross Ref
Giannis Tziakouris, Rami Bahsoon, and Muhammad Ali Babar. 2018. A survey on self-adaptive security for large-scale open environments. ACM Comput. Surveys 51, 5 (2018). Google ScholarDigital Library
Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib et al. 2017. Design and evaluation of a data-driven password meter. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’17). 3775--3786. Google ScholarDigital Library
Pallapa Venkataram and B. Sathish Babu. 2008. An authentication scheme for ubiquitous commerce: A cognitive agents-based approach. In Proceedings of the IEEE Network Operations and Management Symposium (NOMS’08). 248--256.Google Scholar
Robert A. Virzi. 1992. Refining the test phase of usability evaluation: How many subjects is enough? Hum. Fact. 34, 4 (1992), 457--468. Google ScholarDigital Library
Rick Waldron, Mikhail Pozdnyakov, and Alexander Shalamov. 2018. Generic Sensor API, W3C Candidate Recommendation.Google Scholar
Mike West. 2017. Credential Management Level 1. W3C Working Draft.Google Scholar
Heiko Witte, Christian Rathgeb, and Christoph Busch. 2013. Context-aware mobile biometric authentication based on support vector machines. In Proceedings of the 4th IEEE International Conference on Emerging Security Technologies (EST’13). 29--32. Google ScholarDigital Library
Adam Wójtowicz and Jacek Chmielewski. 2017. Technical feasibility of context-aware passive payment authorization for physical points of sale. Person. Ubiq. Comput. 21, 6 (2017), 1113--1125. Google ScholarDigital Library
Adam Wójtowicz and Krzysztof Joachimiak. 2016. Model for adaptable context-based biometric authentication for mobile devices. Person. Ubiq. Comput. 20, 2 (2016), 195--207. Google ScholarDigital Library
Jeffrey Xiong, John Xiong, and Christophe Claramunt. 2014. A spatial entropy-based approach to improve mobile risk-based authentication. In Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis. 3. Google ScholarDigital Library
Eric Yuan, Naeem Esfahani, and Sam Malek. 2014. A systematic survey of self-protecting software systems. ACM Trans. Auton. Adapt. Syst. 8, 4 (2014). Google ScholarDigital Library
Jie Zhang, Ali A. Ghorbani et al. 2004. Familiarity and trust: Measuring familiarity with a web site. In Proceedings of the International Conference on Privacy, Security, and Trust (PST’04). 23--28.Google Scholar

Index Terms

A Survey on Adaptive Authentication
1. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Self-organizing autonomic computing
2. Security and privacy

Recommendations

On Understanding Context Modelling for Adaptive Authentication Systems
In many situations, it is of interest for authentication systems to adapt to context (e.g., when the user’s behavior differs from the previous behavior). Hence, representing the context with appropriate and well-designed models is crucial. We provide a ...
Read More
Client-based authentication technology: user-centric authentication using secure containers
DIM '11: Proceedings of the 7th ACM workshop on Digital identity management

Today's authentication suffers from unsolved problems in security and usability. Adversaries have multiple attack vectors with which to steal user credentials, including phishing, malware, and attacks on service providers. Current security practices ...
Read More
Trust-enhanced Security in Location-based Adaptive Authentication

We propose trust to enhance security in adaptive and non-intrusive user authentication in controlled and pervasive environments. In addition to who a user is (e.g., via biometrics) and what a user knows (e.g., a password, a PIN), recent authentication ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 52, Issue 4
July 2020
769 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3359984
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering
Issue’s Table of Contents
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 September 2019
- Revised: 1 May 2019
- Accepted: 1 May 2019
- Received: 1 December 2018
Published in csur Volume 52, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Adaptive authentication
systematic literature review
usable security
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 31
  Total Citations
  View Citations
- 1,246
  Total Downloads
- Downloads (Last 12 months)184
- Downloads (Last 6 weeks)11
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

A Survey on Adaptive Authentication

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

On Understanding Context Modelling for Adaptive Authentication Systems

Client-based authentication technology: user-centric authentication using secure containers

Trust-enhanced Security in Location-based Adaptive Authentication