engleski

Knowledge-based authentication using decentralised verifiers

User authentication is crucial for securing digital identities in information systems. Naturally, its importance means that user authentication methods are a major target in countless cyber-attacks. The aim of this dissertation is to propose and provide an approach to authenticating human users on servers via the Internet using knowledge-based authentication methods. The developed approach is an application-layer protocol performed over the Internet by leveraging existing transport mechanisms in web services (e.g. REST-compliant Web services). Knowledge-based authentication methods are typically based on static or slowly changing data sources, thereby making them vulnerable to eavesdropping, wiretapping, and other types of attacks. Thus, an alternative approach is needed for creating an authentication challenge that competes with other authentication factors: hardware tokens and biometrics. This study proposes a new authentication approach that exploits user behavior patterns captured in non-public data sources to create unique, one-time challenges. This study proposes: (i) a model capable of representing user behavior patterns in a wide range of user activities captured from various data sources and (ii) a method for creating unique one-time challenges based on the model. The study also tests the model and method based on multiple non-public data sources such as bank transactions, phone logs, computer usage data, and e-mail correspondence. The efficacy of the study is also demonstrated using a live user pool. Most user authentication methods rely on a single verifier stored at a central location in the information system. Such information storage presents a single point of compromise from a security perspective. This dissertation proposes a distributed authentication environment in which there is no such single point of compromise. The proposed architecture does not rely on a single verifier to authenticate users, but rather a distributed authentication architecture where several authentication servers are used for user authentication. The proposed architecture allows each server to use any authentication factor. The study provides a security analysis of the proposed architecture and protocol, showing that they are secure against the attacks chosen for the analysis.

One-time challenge generation ; user behavior profiling ; distributed architecture ; knowledge-based authentication ; question-based authentication

nije evidentirano