Toward the design of adaptive selection strategies for multi-factor authentication


Authentication is the fundamental safeguard against any illegitimate access to a computing device and other sensitive online applications. Because of recent security threats, authentication through a single factor is not reliable to provide adequate protection of these devices and applications. Hence, to facilitate continuous protection of computing devices and other critical online services from unauthorized access, multi-factor authentication can provide a viable option. Many authentication mechanisms with varying degrees of accuracy and portability are available for different types of computing devices. As a consequence, several existing and well-known multi-factor authentication strategies have already been utilized to enhance the security of various applications. Keeping this in mind, we developed a framework for authenticating a user efficiently through a subset of available authentication modalities along with their several features (authentication factors) in a time-varying operating environment (devices, media, and surrounding conditions, like light, noise, motion, etc.) on a regular basis. The present work is divided into two parts, namely, a formulation for calculating trustworthy values of different authentication factors and then the development of a novel adaptive strategy for selecting different available authentication factors based on their calculated trustworthy values, performance, selection of devices, media, and surroundings. Here, adaptive strategy ensures the incorporation of the existing environmental conditions on the selection of authentication factors and provides significant diversity in the selection process. Simulation results show the proposed selection approach performs better than other existing and widely used selection strategies, mainly, random and optimal cost selections in different settings of operating environments. The detailed implementation of the proposed multi-factor authentication strategy, along with performance evaluation and user study, has been accomplished to establish its superiority over the existing frameworks.

Publication Title

Computers and Security