Context-Aware Multifactor Authentication Based on Dynamic Pin
An innovative context-aware multi-factor authentication scheme based on a dynamic PIN is presented. The scheme is based on graphical passwords where a challenge is dynamically produced based on contextual factors and client device constraints while balanc
- PDF / 336,611 Bytes
- 9 Pages / 439.363 x 666.131 pts Page_size
- 90 Downloads / 234 Views
School of Electronic Engineering and Computer Science, Queen Mary University of London, London, United Kingdom {y.diaz-tellez,eliane.bodanese}@qmul.ac.uk 2 Security Futures Practice, BT Innovate and Design, British Telecommunications Ipswich, United Kingdom {theo.dimitrakos,michael.turner}@bt.com
Abstract. An innovative context-aware multi-factor authentication scheme based on a dynamic PIN is presented. The scheme is based on graphical passwords where a challenge is dynamically produced based on contextual factors and client device constraints while balancing security assurance and usability. The approach utilizes a new methodology where the cryptographic transformation used to produce the Dynamic PIN changes dynamically based on the user input, history of authentications, and available authentication factors at the client device. Keywords: authentication, dual ciphers, context-aware, dynamic PIN.
1
Introduction
User authentication is a means of identifying a user and verifying his identity. Different authentication methods exist, e.g. token-based, biometric-based, and knowledgebased. Each method has its own properties, (dis)advantages, and applications. Text passwords are a widely used method because of convenience and usability; however, they are vulnerable to key logging, shoulder-surfing, dictionary, and social engineering attacks. Graphical passwords are an alternative as they can mitigate the abovementioned attacks. One approach to increase assurance is multi-factor authentication. However, not all transactions require the same assurance level. An adequate level depends on criticality, sensitivity, context, and the risk involved. Additionally, there are trade-offs among variables such as assurance, performance, and usability. This work proposes an innovative context-aware multi-factor authentication scheme based on a Dynamic PIN. The scheme produces a graphical challenge based on context, client device constraints, and risk associated, while balancing assurance and usability. Also, a methodology is proposed where the crypto-function used to produce the Dynamic PIN changes dynamically. A PIN is generated without any predictable backward and forward correlation making practically infeasible for an attacker to predict the next PIN. The approach leverages on the fact that users commonly use various types of client devices that incorporate authentication factors N. Cuppens-Boulahia et al. (Eds.): SEC 2014, IFIP AICT 428, pp. 330–338, 2014. © IFIP International Federation for Information Processing 2014
Context-Aware Multifactor Authentication Based on Dynamic Pin
331
(e.g. SIM cards, biometric readers, etc.), sensors, and APIs, which can be integrated in the authentication process to modulate security assurance, and to optimize it using context. Section 2 presents related work. The scheme consists of two functional phases: registration and setup: the user creates an account and registers different information (section 3); and challenge and dynamic PIN: a challenge and Dynamic PIN are generated (section 4)
Data Loading...
