skip to main content
research-article

On Understanding Context Modelling for Adaptive Authentication Systems

Published:31 March 2023Publication History
Skip Abstract Section

Abstract

In many situations, it is of interest for authentication systems to adapt to context (e.g., when the user’s behavior differs from the previous behavior). Hence, representing the context with appropriate and well-designed models is crucial. We provide a comprehensive overview and analysis of research work on Context Modelling for Adaptive Authentication systems (CM4AA). To this end, we pursue three goals based on the Systematic Mapping Study (SMS) and Systematic Literature Review (SLR) research methodologies. We first present a SMS to structure the research area of CM4AA (goal 1). We complement the SMS with an SLR to gather and synthesise evidence about context information and its modelling for adaptive authentication systems (goal 2). From the knowledge gained from goal 2, we determine the desired properties of the context information model and its use for adaptive authentication systems (goal 3). Motivated to find out how to model context information for adaptive authentication, we provide a structured survey of the literature to date on CM4AA and a classification of existing proposals according to several analysis metrics. We demonstrate the ability of capturing a common set of contextual features that are relevant for adaptive authentication systems independent from the application domain. We emphasise that despite the possibility of a unified framework, no standard for CM4AA exists.

REFERENCES

  1. [1] Achilleos Achilleas P., Kapitsaki Georgia M., and Papadopoulos George A.. 2012. A framework for dynamic validation of context-aware applications. In IEEE 15th International Conference on Computational Science and Engineering. 532539. DOI:Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. [2] Al-Halabi Yahia, Raeq Nisreen, and Abu-Dabaseh Farah. 2017. Study on access control approaches in the context of internet of things: A survey. In International Conference on Engineering and Technology (ICET). IEEE, 17.Google ScholarGoogle ScholarCross RefCross Ref
  3. [3] Al-Muhtadi Jalal, Saleem Kashif, Al-Rabiaah Sumayah, Imran Muhammad, Gawanmeh Amjad, and Rodrigues Joel J. P. C.. 2021. A lightweight cyber security framework with context-awareness for pervasive computing environments. Sustain. Cit. Societ. 66 (2021), 102610.Google ScholarGoogle ScholarCross RefCross Ref
  4. [4] Arias-Cabarcos Patricia and Krupitzer Christian. 2017. On the design of distributed adaptive authentication systems. Open Access Media 5 (2017), 1214.Google ScholarGoogle Scholar
  5. [5] Arias-Cabarcos Patricia, Krupitzer Christian, and Becker Christian. 2019. A survey on adaptive authentication. ACM Comput. Surv. 52, 4 (2019), 130.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. [6] Bakar Khairul Azmi Abu and Haron Galoh Rashidah. 2013. Adaptive authentication: Issues and challenges. In World Congress on Computer and Information Technology (WCCIT). IEEE, 16.Google ScholarGoogle Scholar
  7. [7] Baldini Gianmarco and Steri Gary. 2017. A survey of techniques for the identification of mobile phones using the physical fingerprints of the built-in components. IEEE Commun. Surv. Tutor. 19, 3 (2017), 17611789.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. [8] Bencomo Nelly, Götz Sebastian, and Song Hui. 2019. Models@ run.time: A guided tour of the state of the art and research challenges. Softw. Syst. Model. 18, 5 (2019), 30493082.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. [9] Bertin Emmanuel, Hussein Dina, Sengul Cigdem, and Frey Vincent. 2019. Access control in the internet of things: A survey of existing approaches and open research questions. Ann. Telecommun. 74 (032019). DOI:Google ScholarGoogle ScholarCross RefCross Ref
  10. [10] Cai Li-jun, Li Rui, and Yi Ye-qing. 2012. A multiple watermarks algorithm for image content authentication. J. Centr. South Univ. 19, 10 (2012), 28662874.Google ScholarGoogle ScholarCross RefCross Ref
  11. [11] Das I., Singh S., Das R., Biswas S., Roy S., and Gupta S.. 2020. Design and implementation on EMBA authentication models. In IEEE VLSI Device Circuit and System (VLSI DCS). IEEE, 283288. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  12. [12] Dey Anind K.. 2001. Understanding and using context. Person. Ubiq. Comput. 5, 1 (2001), 47.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. [13] Domingo Ana I. Segovia and Enríquez Álvaro Martín. 2018. Digital identity: The current state of affairs. BBVA Res. 1, 0 (2018), 146.Google ScholarGoogle Scholar
  14. [14] Eckert Claudia. 2013. IT-Sicherheit: Konzepte-Verfahren-Protokolle. Walter de Gruyter, Germany.Google ScholarGoogle ScholarCross RefCross Ref
  15. [15] El-Tarhouni Wafa. 2017. Finger Knuckle Print and Palmprint for Efficient Person Recognition. Ph.D. Dissertation. Northumbria University, Northumbria.Google ScholarGoogle Scholar
  16. [16] En-Nasry Brahim and Kettani Mohamed Dafir Ech-Cherif El. 2011. Towards an open framework for mobile digital identity management through strong authentication methods. In FTRA International Conference on Secure and Trust Computing, Data Management, and Application. Springer, na, 5663.Google ScholarGoogle ScholarCross RefCross Ref
  17. [17] Freeman David, Jain Sakshi, Dürmuth Markus, Biggio Battista, and Giacinto Giorgio. 2016. Who are you? A statistical approach to measuring user authenticity. In 23rd Annual Network & Distributed System Security Symposium (NDSS). 2124.Google ScholarGoogle Scholar
  18. [18] H. Samyama Gunjal G. and Swamy Samarth C.. 2020. A security approach to build a trustworthy ubiquitous learning system. In IEEE Bangalore Humanitarian Technology Conference (B-HTC). IEEE, 16.Google ScholarGoogle Scholar
  19. [19] Habib Kashif and Leister Wolfgang. 2015. Context-aware authentication for the internet of things. In 11th International Conference on Autonomic and Autonomous Systems. IEEE, 134139.Google ScholarGoogle Scholar
  20. [20] Hintze Daniel, Füller Matthias, Scholz Sebastian, Findling Rainhard D., Muaaz Muhammad, Kapfer Philipp, Koch Eckhard, and Mayrhofer René. 2019. CORMORANT: Ubiquitous risk-aware multi-modal biometric authentication across mobile devices. Proc. ACM on Interact., Mob., Wear. Ubiq. Technol. 3, 3 (2019), 123.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. [21] Idrus Syed Zulkarnain Syed, Cherrier Estelle, Rosenberger Christophe, and Schwartzmann Jean-Jacques. 2013. A review on authentication methods. Austral. J. Basic Appl. Sci. 7, 5 (2013), 95107.Google ScholarGoogle Scholar
  22. [22] Johnson Gleneesha M.. 2009. Towards shrink-wrapped security: A taxonomy of security-relevant context. In IEEE International Conference on Pervasive Computing and Communications. IEEE, 12.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. [23] Kayes A. S. M., Kalaria Rudri, Sarker Iqbal H., Islam Md, Watters Paul A., Ng Alex, Hammoudeh Mohammad, Badsha Shahriar, Kumara Indika et al. 2020. A survey of context-aware access control mechanisms for cloud and fog networks: Taxonomy and open research issues. Sensors 20, 9 (2020), 2464.Google ScholarGoogle ScholarCross RefCross Ref
  24. [24] Khan Wazir Zada, Hakak Saqib, Khan Muhammad Khurram, et al. 2020. Trust management in social internet of things: Architectures, recent advancements and future challenges. IEEE Internet Things J. 8, 10 (2020), 77687788.Google ScholarGoogle ScholarCross RefCross Ref
  25. [25] Kisku Dakshina Ranjan, Rattani Ajita, Gupta Phalguni, Sing Jamuna Kanta, and Hwang C. Jinshong. 2012. Human identity verification using multispectral palmprint fusion. J. Sig. Inf. Process. 3, 2 (2012), 263273.Google ScholarGoogle Scholar
  26. [26] Kumar Abhilove and Mishra Apoorv. 2021. Palm print recognition using 2D Fourier transformation and integration function. (2021). Google ScholarGoogle ScholarCross RefCross Ref
  27. [27] Kumar Rajesh, Kundu Partha Pratim, Shukla Diksha, and Phoha Vir V.. 2017. Continuous user authentication via unlabeled phone movement patterns. In IEEE International Joint Conference on Biometrics (IJCB). IEEE, 177184.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. [28] Lal Nilesh A., Prasad Salendra, and Farik Mohammed. 2016. A review of authentication methods. Vol 5 (2016), 246249. http://hozir.org/pars_docs/refs/619/618479/618479.pdf.Google ScholarGoogle Scholar
  29. [29] Lima Joao Carlos D., Rocha Cristiano C., Augustin Iara, et al. 2011. A context-aware recommendation system to behavioral based authentication in mobile and pervasive environments. In IFIP 9th International Conference on Embedded and Ubiquitous Computing. IEEE, 312319.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. [30] Liu Meng, Wang Longbiao, Lee Kong Aik, Zhang Hanyi, Zeng Chang, and Dang Jianwu. 2021. Exploring Deep Learning for Joint Audio-Visual Lip Biometrics. (2021). Google ScholarGoogle ScholarCross RefCross Ref
  31. [31] Ma Sihua et al. 2018. Using Blockchain to Build Decentralized Access Control in a Peer-to-peer E-learning Platform. Ph.D. Dissertation. University of Saskatchewan, Saskatchewan.Google ScholarGoogle Scholar
  32. [32] Menezes Alfred J., Oorschot Paul C. Van, and Vanstone Scott A.. 2018. Handbook of Applied Cryptography. CRC Press.Google ScholarGoogle Scholar
  33. [33] Miettinen Markus, Nguyen Thien Duc, Sadeghi Ahmad-Reza, and Asokan N.. 2018. Revisiting context-based authentication in IoT. In 55th Annual Design Automation Conference. 16.Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. [34] Milton Leslie C. and Memon Atif. 2016. Intruder detector: A continuous authentication tool to model user behavior. In IEEE Conference on Intelligence and Security Informatics (ISI). IEEE, 286291.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. [35] Mir A. H., Rubab S., and Jhat Z. A.. 2011. Biometrics verification: A literature survey. Int. J. Comput. ICT Res. 5, 2 (2011), 6780.Google ScholarGoogle Scholar
  36. [36] Miraoui Moeiz and El-etriby Sherif. 2019. A context-aware authentication approach for smartphones. In International Conference on Computer and Information Sciences (ICCIS). IEEE, 15.Google ScholarGoogle ScholarCross RefCross Ref
  37. [37] Mozzaquatro Bruno A., Jardim-Goncalves Ricardo, and Agostinho Carlos. 2017. Situation awareness in the internet of things. In International Conference on Engineering, Technology and Innovation (ICE/ITMC). IEEE, 982990.Google ScholarGoogle ScholarCross RefCross Ref
  38. [38] Neverova Natalia, Wolf Christian, Lacey Griffin, Fridman Lex, Chandra Deepak, Barbello Brandon, and Taylor Graham. 2016. Learning human identity from motion patterns. IEEE Access 4 (2016), 18101820.Google ScholarGoogle ScholarCross RefCross Ref
  39. [39] Pal S., Hitchens M., and Varadharajan V.. 2018. Modeling identity for the internet of things: Survey, classification and trends. In 12th International Conference on Sensing Technology (ICST). ICST, 4551. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  40. [40] Perumal Esther and Ramachandran Shanmugalakshmi. 2015. A multimodal biometric system based on palmprint and finger knuckle print recognition methods.Int. Arab J. Inf. Technol. 12, 2 (2015), 118128.Google ScholarGoogle Scholar
  41. [41] Petersen Kai, Feldt Robert, Mujtaba Shahid, and Mattsson Michael. 2008. Systematic mapping studies in software engineering. In 12th International Conference on Evaluation and Assessment in Software Engineering (EASE). 110.Google ScholarGoogle ScholarCross RefCross Ref
  42. [42] Petersen Kai, Vakkalanka Sairam, and Kuzniarz Ludwik. 2015. Guidelines for conducting systematic mapping studies in software engineering: An update. Inf. Softw. Technol. 64 (2015), 118.Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. [43] Pisani P. H., Lorena A. C., and Carvalho A. C. P. L. F. de. 2015. Adaptive approaches for keystroke dynamics. In International Joint Conference on Neural Networks (IJCNN). IJCNN, 18. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  44. [44] Pititheeraphab Yutthana, Thongpance Nuntachai, Aoyama Hisayuki, and Pintavirooj Chuchart. 2020. Vein pattern verification and identification based on local geometric invariants constructed from minutia points and augmented with barcoded local feature. Appl. Sci. 10, 9 (2020), 3192.Google ScholarGoogle ScholarCross RefCross Ref
  45. [45] Porter Martin F.. 1980. An algorithm for suffix stripping. Program 14, 3 (1980), 130137.Google ScholarGoogle ScholarCross RefCross Ref
  46. [46] Ramakrishnan Arun, Tombal Jochen, Preuveneers Davy, and Berbers Yolande. 2015. PRISM: Policy-driven risk-based implicit locking for improving the security of mobile end-user devices. In 13th International Conference on Advances in Mobile Computing and Multimedia. ACM, 365374.Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. [47] Riva Oriana, Qin Chuan, Strauss Karin, and Lymberopoulos Dimitrios. 2012. Progressive authentication: Deciding when to authenticate on mobile phones. In 21st USENIX Security Symposium (USENIX Security’12). 301316.Google ScholarGoogle Scholar
  48. [48] Roth Joseph, Liu Xiaoming, and Metaxas Dimitris. 2014. On continuous user authentication via typing behavior. IEEE Trans. Image Process. 23, 10 (2014), 46114624.Google ScholarGoogle ScholarCross RefCross Ref
  49. [49] Saedi Shahla and Charkari Nasrollah Moghadam. 2011. Characterization of palmprint using discrete orthonormal s-transform. In International Conference on Hand-based Biometrics. IEEE, 16.Google ScholarGoogle ScholarCross RefCross Ref
  50. [50] Gunjal G. H. Samyama, Venkataram Pallapa, and Kumar G. Narendra. 2014. A context-based user authentication scheme for ubiquitous services. In World Congress on Engineering and Computer Science.Google ScholarGoogle Scholar
  51. [51] Shrestha Babins, Saxena Nitesh, Truong Hien Thi Thu, and Asokan N.. 2018. Sensor-based proximity detection in the face of active adversaries. IEEE Trans. Mob. Comput. 18, 2 (2018), 444457.Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. [52] Solano Jesus, Camacho Luis, Correa Alejandro, Deiro Claudio, Vargas Javier, and Ochoa Martín. 2019. Risk-based static authentication in web applications with behavioral biometrics and session context analytics. In International Conference on Applied Cryptography and Network Security. Springer, 323.Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. [53] Stojanova Riste, Stojanovab Slobodanka, Jovanovika Milos, Zdraveskia Vladimir, and Trajanova Dimitar. 2017. Ranking semantic web authorization systems. Semant. Web 8 1, 5 (2017), 5700844.Google ScholarGoogle Scholar
  54. [54] Troya Javier, Moreno Nathalie, Bertoa Manuel F., and Vallecillo Antonio. 2021. Uncertainty representation in software models: A survey. Softw. Syst. Model. 20, 4 (2021), 131.Google ScholarGoogle Scholar
  55. [55] Truong H. T. T., Gao Xiang, Shrestha B., Saxena N., Asokan N., and Nurmi P.. 2014. Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. In IEEE International Conference on Pervasive Computing and Communications (PerCom). IEEE, 163171. DOI:Google ScholarGoogle ScholarCross RefCross Ref
  56. [56] Wiefling Stephan, Iacono Luigi Lo, and Dürmuth Markus. 2019. Is this really you? An empirical study on risk-based authentication applied in the wild. In IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 134148.Google ScholarGoogle ScholarCross RefCross Ref
  57. [57] Witte Heiko, Rathgeb Christian, and Busch Christoph. 2013. Context-aware mobile biometric authentication based on support vector machines. In 4th International Conference on Emerging Security Technologies. IEEE, 2932.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. On Understanding Context Modelling for Adaptive Authentication Systems

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Autonomous and Adaptive Systems
      ACM Transactions on Autonomous and Adaptive Systems  Volume 18, Issue 1
      March 2023
      82 pages
      ISSN:1556-4665
      EISSN:1556-4703
      DOI:10.1145/3589019
      Issue’s Table of Contents

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 31 March 2023
      • Online AM: 1 February 2023
      • Accepted: 24 January 2023
      • Revised: 18 January 2023
      • Received: 22 February 2022
      Published in taas Volume 18, Issue 1

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
    • Article Metrics

      • Downloads (Last 12 months)238
      • Downloads (Last 6 weeks)46

      Other Metrics

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Full Text

    View this article in Full Text.

    View Full Text

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!