Pregled bibliografske jedinice broj: 866057
Authentication approach using one-time challenge generation based on user behavior patterns captured in transactional data sets
Authentication approach using one-time challenge generation based on user behavior patterns captured in transactional data sets // Computers & security, 67 (2017), 107-121 doi:10.1016/j.cose.2017.03.002 (međunarodna recenzija, članak, znanstveni)
CROSBI ID: 866057 Za ispravke kontaktirajte CROSBI podršku putem web obrasca
Naslov
Authentication approach using one-time challenge generation based on user behavior patterns captured in transactional data sets
Autori
Skračić, Kristian ; Pale, Predrag ; Kostanjčar, Zvonko
Izvornik
Computers & security (0167-4048) 67
(2017);
107-121
Vrsta, podvrsta i kategorija rada
Radovi u časopisima, članak, znanstveni
Ključne riječi
User authentication ; One-time challenge generation ; User behavior profiling ; Transactional data set patterns ; Knowledge-based authentication ; Question-based authentication
Sažetak
Knowledge-based authentication methods have become increasingly popular, where they started as simple passwords, before evolving into static questions for fallback authentication and graphical password-based systems. Question-based authentication methods are typically based on static or slowly changing data sources, thereby making them vulnerable to eavesdropping, wiretapping, and other types of attacks. Thus, an alternative approach is needed to create an authentication challenge that could compete with other authentication factors: hardware tokens and biometrics. In this study, we propose a new authentication approach that exploits the user behavior patterns captured in non-public data sources to create unique, one-time challenges. We propose: (i) a model that is capable of representing user behavior patterns in a wide range of user activities captured from various data sources and (ii) a method for creating unique one-time challenges based on the model. We tested the model and the method based on multiple non-public data sources such as bank transactions, phone logs, computer usage data, and e-mail correspondence. We also demonstrated its efficacy with a live user pool. Security analysis indicated the full resilience of the proposed method against eavesdropping as well as its adaptability in response to guessing attacks by dynamically increasing the complexity of the challenge.
Izvorni jezik
Engleski
Znanstvena područja
Računarstvo
POVEZANOST RADA
Projekti:
HRZZ-UIP-2014-09-5349 - Algoritmi za mjerenje sustavskog rizika (ASYRMEA) (Kostanjčar, Zvonko, HRZZ ) ( CroRIS)
Ustanove:
Fakultet elektrotehnike i računarstva, Zagreb
Citiraj ovu publikaciju:
Časopis indeksira:
- Current Contents Connect (CCC)
- Web of Science Core Collection (WoSCC)
- Science Citation Index Expanded (SCI-EXP)
- SCI-EXP, SSCI i/ili A&HCI
- Scopus