A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

Παπαϊωάννου, Μαρία; Pelekoudas-Oikonomou, Filippos; Μαντάς, Γεώργιος; Serrelis, Emmanouil; Rodrı́guez, Jonathan; Fengou, Maria-Anna

doi:10.3390/s23062979

Cited by 5 publications

(1 citation statement)

References 64 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The vulnerabilities of mobile applications (authentication and authorization errors, data leakage, etc.) and their security risks (API vulnerabilities, weak authorization and According to [17,18], when it comes to mobile App security, the main problems that occur the most frequently are improper platform usage, insecure data storage, insecure client-server communication, insecure authentication (for example, the password authentication of users imposes a number of restrictions and is no longer considered safe and convenient for mobile users, while biometric authentication of users has recently attracted increasing attention as a promising solution for improving mobile security [19,20]), insecure authorization, insufficient data encryption, poor code quality, code tampering, reverse engineering risk, and extraneous functionality. The frequency of these precedents impact on the security of mobile applications is shown in Figure 1 (on the basis of the OWASP Mobile Top 10 Risks from 2018 [17,18], because the new Mobile Top 10 Risks list for 2023 is being worked upon, as indicated on the official OWASP website).…”

Section: Introductionmentioning

confidence: 99%

Identifying the Mutual Correlations and Evaluating the Weights of Factors and Consequences of Mobile Application Insecurity

Zaitseva

Hovorushchenko

Pavlova

et al. 2023

Systems

View full text Add to dashboard Cite

Currently, there is a contradiction between the growing number of mobile applications in use and the responsibility that is placed on them, on the one hand, and the imperfection of the methods and tools for ensuring the security of mobile applications, on the other hand. Therefore, ensuring the security of mobile applications by developing effective methods and tools is a challenging task today. This study aims to evaluate the mutual correlations and weights of factors and consequences of mobile application insecurity. We have developed a method of evaluating the weights of factors of mobile application insecurity, which, taking into account the mutual correlations of mobile application insecurity consequences from these factors, determines the weights of the factors and allows us to conclude which factors are necessary to identify and accurately determine (evaluate) to ensure an appropriate level of reliability of forecasting and assess the security of mobile applications. The experimental results of our research are the evaluation of the weights of ten OWASP mobile application insecurity factors the identification of the mutual correlations of the consequences of mobile applications’ insecurity from these factors, and the identification of common factors on which more than one consequence depends.

show abstract

Section: Introductionmentioning

confidence: 99%

Identifying the Mutual Correlations and Evaluating the Weights of Factors and Consequences of Mobile Application Insecurity

Zaitseva

Hovorushchenko

Pavlova

et al. 2023

Systems

View full text Add to dashboard Cite

show abstract

Outlier Detection for Risk-Based User Authentication on Mobile Devices

Papaioannou,

Zachos,

Mantas

et al. 2023

GLOBECOM 2023 - 2023 IEEE Global Communications Conference

Self Cite

View full text Add to dashboard Cite

Mobile user authentication is the primary means of verifying the claimed identity of a user before granting access to resources on a mobile device. Common user authentication methods include passwords and biometrics. Despite the fact that passwords have been the most popular user authentication method for several decades, recent research suggests that they are no longer secure or convenient for mobile users due to several limitations that compromise both device security and usability. Biometric-based user authentication, on the other hand, is gaining popularity because it appears to strike a balance between security and usability. Such methods rely on human physical traits (physiological biometrics) or user involuntary actions (behavioral biometrics) for authentication. Risk-based user authentication using behavioral biometrics is particularly promising for mobile user authentication enhancing mobile authentication security while maintaining usability. In this context, we present an overview of mobile user authentication and discuss risk-based user authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Afterwards, we test and evaluate a set of outlier detection algorithms for risk estimation in order to identify the most suitable ones for risk-based user authentication on mobile devices in terms of their accuracy and efficiency.

show abstract

Adaptive Risk-Based Passwordless Authentication: A Fido2 Integrated Approach for Enhanced Security and Usability

Al Kabir,

Elmedany

2024

Preprint

View full text Add to dashboard Cite

A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

Cited by 5 publications

References 64 publications

Identifying the Mutual Correlations and Evaluating the Weights of Factors and Consequences of Mobile Application Insecurity

Identifying the Mutual Correlations and Evaluating the Weights of Factors and Consequences of Mobile Application Insecurity

Outlier Detection for Risk-Based User Authentication on Mobile Devices

Adaptive Risk-Based Passwordless Authentication: A Fido2 Integrated Approach for Enhanced Security and Usability

Contact Info

Product

Resources

About