Addressing insider threat using &amp;#x201C;where you are&amp;#x201D; as fourth factor authentication

Choi, Sung Hyuk; Zage, David John

doi:10.1109/ccst.2012.6393550

Cited by 19 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All three factors can be blended successfully in general, but cost effectiveness should be considered (Abiew, Jnr & Banning, 2020). In addition to the three classical factors, somewhere you are or location may be counted as the fourth factor (Choi & Zage, 2012). Low-cost locators such as Bluetooth and GPS can be implemented to track or locate a user physically while authenticating (Ramatsakane & Leung, 2017).…”

Section: Related Workmentioning

confidence: 99%

Usable comprehensive-factor authentication for a secure time attendance system

Vorakulpipat

Pichetjamroen

Rattanalerdnusorn

2021

PeerJ Computer Science

View full text Add to dashboard Cite

In information security, it is widely accepted that the more authentication factors are used, the higher the security level. However, more factors cannot guarantee usability in real usage because human and other non-technical factors are involved. This paper proposes the use of all possible authentication factors, called comprehensive-factor authentication, which can maintain the required security level and usability in real-world implementation. A case study of an implementation of a secure time attendance system that applies this approach is presented. The contribution of this paper is therefore to provide a security scheme seamlessly integrating all classical authentication factors plus a location factor into one single system in a real environment with a security and usability focus. Usability factors emerging from the study are related to a seamless process including the least number of actions required, the lowest amount of time taken, health safety during the pandemic, and data privacy compliance.

show abstract

Section: Related Workmentioning

confidence: 99%

Usable comprehensive-factor authentication for a secure time attendance system

Vorakulpipat

Pichetjamroen

Rattanalerdnusorn

2021

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…Out of these, 217 propose the use of inherence-based authentication schemes, whereas 169 propose the use of possession-based schemes and 124 the use of knowledge-based ones. The remaining 5 articles propose the use of schemes based on other authentication factors, such as the use of the user's social networks [21] and location-based authentication [22]. Table 3 shows the number of articles proposing the use of the distinct authentication schemes, split by the authentication factors to which they belong.…”

Section: Authentication Schemesmentioning

confidence: 99%

Framework for the Comparison and Selection of Schemes for Multi-Factor Authentication

Velásquez

2021

CLEIej

View full text Add to dashboard Cite

Authentication is the process of verifying a user’s identity for them to access a system’s resources. An authentication factor is a piece of information used for this authentication. Three well-known groups of authentication factors exist: knowledge-based (what you know), possession-based (what you have) and inherence-based (what you are). Authentication schemes belonging to distinct authentication factors can be combined in a multi-factor manner to increase security. Although multiple multi-factor proposals are seen in literature, the absence of a method that allows a proper comparison and selection of these authentication methods, based on an application’s security requirements, can be observed. Existing frameworks for the analysis of authentication methods have been identified through the realization of a systematic literature review, but most of these focus on specific contexts and do not provide a generic enough solution. Due to the above, this research focuses on the creation of a recommendation framework that guides in the comparison and selection of single and multi-factor authentication schemes, considering both the application’s requirements and its context. This has been attained not only through the knowledge found in literature, but the experience from industry experts has been compiled as well through the collaboration with a multinational software development company. Consequently, the knowledge found in literature has been obtained from a systematic literature review, whereas the experience from industry experts was obtained through a survey and interviews. The framework proposal has been generated based on the above and has been validated through an expert panel and a case study methodology in collaboration with the partnered software development company. A tool prototype has been constructed as well. The result is a recommendation framework for the comparison and selection of authentication methods that can support this decision process in multiple contexts.

show abstract

“…Almost all of these solutions utilize difference of signal strength (DSS) techniques to estimate proximity. Unfortunately, DSS is highly susceptible to multi-path and reflection problems due to heterogeneous building structures and reflective materials making it difficult to ascertain accurate location information [1].…”

Section: Embers For Fourth Factor Authenticationmentioning

confidence: 99%

“…In order to mitigate the identified limitations, we proposed the usage of "where you are" as a complementary fourth factor that can significantly improve both cybersecurity and physical security [1]. RTLSs have been largely used as means of tracking manufacturing process [2], [3] but their performance, integrity and assurance as a security and safety tool is unknown.…”

Section: Introductionmentioning

confidence: 99%

EMBERS: EpheMeral biometrically enhanced real-time location System

Choi¹,

Bierma²,

Choe³

et al. 2014

2014 International Carnahan Conference on Security Technology (ICCST)

Self Cite

View full text Add to dashboard Cite

In nuclear facilities, having efficient accountability of critical assets, personnel locations, and activities is essential for productive, safe, and secure operations. Such accountability tracked through standard manual procedures is highly inefficient and prone to human error. The ability to actively and autonomously monitor both personnel and critical assets can significantly enhance security and safety operations while removing significant levels of human reliability issues and reducing insider threat concerns. A Real-Time Location System (RTLS) encompasses several technologies that use wireless signals to determine the precise location of tagged critical assets or personnel. RTLS systems include tags that either transmit or receive signals at regular intervals, location sensors/beacons that receive/transmit signals, and a location appliance that collects and correlates the data. Combined with ephemeral biometrics (EB) to validate the live-state of a user, an ephemeral biometrically-enhanced RTLS (EMBERS) can eliminate time-consuming manual searches and audits by providing precise location data. If critical assets or people leave a defined secured area, EMBERS can automatically trigger an alert and function as an access control mechanism and/or ingress/egress monitoring tool. Three different EMBERS application scenarios for safety and security have been analyzed and the heuristic results of this study are outlined in this paper along with areas of technological improvements and innovations that can be made if EMBERS is to be used as safety and security tool.

show abstract

Addressing insider threat using “where you are” as fourth factor authentication

Cited by 19 publications

References 13 publications

Usable comprehensive-factor authentication for a secure time attendance system

Usable comprehensive-factor authentication for a secure time attendance system

Framework for the Comparison and Selection of Schemes for Multi-Factor Authentication

EMBERS: EpheMeral biometrically enhanced real-time location System

Contact Info

Product

Resources

About