Proceedings of the 30th Annual ACM Symposium on Applied Computing, 2015, p.2185-2191
2015
Volltextzugriff (PDF)
Details
- Autor(en) / Beteiligte
- Titel
- SmartAuth: dynamic context fingerprinting for continuous user authentication
- Ist Teil von
- Proceedings of the 30th Annual ACM Symposium on Applied Computing, 2015, p.2185-2191
- Ort / Verlag
- New York, NY, USA: ACM
- Erscheinungsjahr
- 2015
- Quelle
- Association for Computing Machinery
- Beschreibungen/Notizen
- As recent incidents have shown, weak passwords are a severe security risk for authenticating users and granting access to protected resources. Additionally, strong passwords score low on usability, especially on mobile devices. In this work, we present SmartAuth, a scalable context-aware authentication framework built on top of OpenAM, a state-of-practice identity and access management suite. It uses adaptive and dynamic context fingerprinting based on Hoeffding trees to continuously ascertain whether a user's identity is authentic or not, and it respects privacy preferences by adopting consent-driven use of context information. We assess our approach from both an offensive and defensive security perspective. Our results show that dynamic context fingerprinting has good potential for a zero-interaction authentication scheme, with a minimal performance overhead compared to traditional authentication schemes.
- Sprache
- Englisch
- Identifikatoren
- ISBN: 1450331963, 9781450331968DOI: 10.1145/2695664.2695908Titel-ID: cdi_acm_books_10_1145_2695664_2695908
- Format
- –
- Schlagworte
- General and reference -- Cross-computing tools and techniques -- Performance, Security and privacy -- Cryptography -- Cryptanalysis and other attacks, Security and privacy -- Intrusion/anomaly detection and malware mitigation, Security and privacy -- Systems security -- Information flow control, Security and privacy -- Systems security -- Operating systems security, Social and professional topics -- Computing -- technology policy -- Computer crime, Social and professional topics -- Professional topics -- Management of computing and information systems -- Software management -- Software selection and adaptation, Software and its engineering -- Software creation and management -- Software verification and validation -- Empirical software validation, Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software performance, Software and its engineering -- Software organization and properties -- Software functional properties, Software and its engineering -- Software organization and properties -- Software functional properties -- Formal methods