Abhijit Kumar Nag

Toward the design of adaptive selection strategies for multi-factor authentication

Define authentication factors.Evaluate trustworthy values of different authentication factors.Evaluate trustworthy values of different sets of authentication factors.Design multi-objective optimization strategies for adaptive multi-factor authentication.Conducting experiments for checking the efficiency and effectiveness of the proposed approach. Authentication is the fundamental safeguard against any illegitimate access to a computing device and other sensitive online applications. Because of recent security threats, authentication through a single factor is not reliable to provide adequate protection of these devices and applications. Hence, to facilitate continuous protection of computing devices and other critical online services from unauthorized access, multi-factor authentication can provide a viable option. Many authentication mechanisms with varying degrees of accuracy and portability are available for different types of computing devices. As a consequence, several existing and well-known multi-factor authentication strategies have already been utilized to enhance the security of various applications. Keeping this in mind, we developed a framework for authenticating a user efficiently through a subset of available authentication modalities along with their several features (authentication factors) in a time-varying operating environment (devices, media, and surrounding conditions, like light, noise, motion, etc.) on a regular basis. The present work is divided into two parts, namely, a formulation for calculating trustworthy values of different authentication factors and then the development of a novel adaptive strategy for selecting different available authentication factors based on their calculated trustworthy values, performance, selection of devices, media, and surroundings. Here, adaptive strategy ensures the incorporation of the existing environmental conditions on the selection of authentication factors and provides significant diversity in the selection process. Simulation results show the proposed selection approach performs better than other existing and widely used selection strategies, mainly, random and optimal cost selections in different settings of operating environments. The detailed implementation of the proposed multi-factor authentication strategy, along with performance evaluation and user study, has been accomplished to establish its superiority over the existing frameworks.

An adaptive approach for continuous multi-factor authentication in an identity eco-system

Multi-factor Authentication (MFA) is the current trend to genuinely identify the legitimate users in cyber eco-system through an active authentication process. This process includes passwords, security token, biometrics, human cognitive behavior metrics, etc. New sensors and better authentication modalities are evolving, which provide the opportunity for the security researchers to come up with new solutions facilitating MFA to different online resource access and identity management systems. This paper focuses on the design and development of a framework for continuous MFA where authentication modalities are selected adaptively through sensing many characteristics of the users operating environment. The degree of adaptiveness in the selection of authentication modalities exhibits dynamism in the authentication process and lessens the burden of the users to use the same set of authentication process in less trustworthy environments. A trustworthy framework to quantify the available authentication modalities is proposed and the applicability of the framework for identity eco-system is illustrated in this paper.

An Adaptive Approach Towards the Selection of Multi-Factor Authentication

Authentication is the fundamental defense against any illegitimate access to a computing device or any sensitive online applications. Due to recent trends of emerging security threats, authentication using only a single factor is not reliable to provide adequate protection for these devices and applications. Hence, to facilitate continuous protection of computing devices and other critical online services from an un-authorized access, multi-factor authentication emerges as a viable option. Many authentication mechanisms with varying degrees of accuracy and portability are available for different types of computing devices connected with various communicating media. As a consequence, several existing and well-known multi-factor authentication strategies have already been utilized to enhance the security of various applications. Keeping this in mind, this research is focused on designing a robust and scalable framework for authenticating a legitimate user efficiently through a subset of available authentication modalities along with their several features (authentication factors) in time-varying operating environments (devices, media and surrounding conditions) on a regular basis. This paper highlights the creation of a trustworthy framework to quantify different authentication factors in terms of selection of different types of devices and media. In addition, a novel adaptive selection strategy for the available authentication factors incorporating the trustworthy values, previous history of selection as well as surrounding conditions is proposed in the paper. Selection through adaptive strategy ensures the incorporation of the existing environmental conditions within the selection of authentication factors and provides better diversity in the selection of these factors. Simulation results show that the proposed selection approach performs better than other existing selection strategies, namely, random and optimal selections in different settings of operating environments.

G-NAS: A grid-based approach for negative authentication

Surveys show that more than 80% authentication systems are password based and these systems are increasingly under direct and indirect attacks. In an effort to protect the Positive Authentication System (PAS), the negative authentication concept was introduced [9]. Here, the representation space of password profile is called self-region; any element outside this self-region is defined as the non-self-region. Then anti-password detectors (clusters) are generated covering most of the non-self-region while leaving some space uncovered to reduce detector generation time and obfuscation. In this work, we investigate a Grid-based NAS approach, called G-NAS, where anti-password detectors are generated deterministically. This approach allows faster detector generation compared to previous NAS approaches. We reported some experimental results of G-NAS using different real-world password datasets. Results demonstrate the efficiency of the proposed approach and exhibited significant improvements compared to NAS approaches. It appears to be more robust and scalable with respect to the size of password profiles and able to update of detector sets on-the-fly.

Multi-Factor Authentication

Multi-Factor authentication (MFA) is a secure process of authentication which requires more than one authentication technique chosen from independent categories of credentials. Like single factor, multi-factor is increasingly used to verify the users’ identities in accessing the cyber system and information. MFA combines two or more types of authentication to provide better and secure way of authenticating users.

Adaptive Multi-factor Authentication

With the advancements of modern technology, most user activities rely upon various online services, which need to be trusted and secured to prevent the thorny issue of illegal access. Authentication is the primary defense to address the growing need of authentications, though a single-factor (user id and password, for example) is suffering from some significant pitfalls as mentioned in earlier chapters.

Pseudo-Passwords and Non-textual Approaches

This chapter describes various complementary approaches of passwords, namely, Honeywords, Cracking-Resistant Password Vaults using Natural Encoders, Bloom Filter, and non-textual and graphical passwords to protect user identities against any type of credential breaches. At the end, a comparison of various non-textual passwords is provided by highlighting their strength and weaknesses.

Negative Authentication Systems

Password-based authentication systems are the oldest and most popular among all authentication methods.