Please note: This PhD seminar will be given online.
Jiayi
Chen, PhD
candidate
David
R.
Cheriton
School
of
Computer
Science
Supervisor: Professor Urs Hengartner
An adaptive authentication system can dynamically choose and adjust authentication mechanisms based on contextual information. With a strong context sensing ability brought by various sensors, the adaptive authentication system on mobile devices can automatically determine when to and how to authenticate a user balance the security and usability requirements. Existing studies mainly focus on context sensing and modelling, which triggers authentication adaptation. As for the adaptation process, most existing frameworks follow a simple adaption structure without the extensibility to handle different risks and progressive adaptation.
We propose a multi-stage risk-aware adaptive authentication and access control framework (MRAAC), which organizes different adaptation policies in several stages and uses contextual factors and authentication results for adaptation. Each stage represents a particular risk type and level that has specific adaptation goals and requirements. The multi-stage design allows our framework to handle different scenarios and support complex adaptation workflows. We implement two use cases, continuous authentication and device sharing, to show how to design a multi-stage adaptation solution using the MRAAC framework.
The experimental results on the HMOG dataset have shown that our multi-stage framework can enable early reactions to potential risks and lower the false rejection rate for continuous authentication mechanisms. We also conducted a small-scale device sharing user study to demonstrate how the MRAAC framework automatically detects sharing activities and adapts implicit authentication and access control to provide a secure sharing environment.
To join this PhD seminar on BigBlueButton, please go to https://bbb.crysp.org/b/jia-4zu-74k.