Location-based risk assessment for mobile authentication

Hintze, Daniel; Koch, Eckhard; Scholz, Sebastian; Mayrhofer, René

doi:10.1145/2968219.2971448

Cited by 15 publications

(7 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attempts to strengthen password-based authentication using riskbased metrics (such as behavioural biometrics, device fingerprinting, session context, time of access among others) have been discussed amply in the literature, see for instance [4; 5; 9; 23; 25]. In particular, several proposals use a given user's location as a risk factor, which is a natural feature that profiles several users in common circumstances [15].…”

Section: Related Workmentioning

confidence: 99%

Risk-based Authentication Based on Network Latency Profiling

Rivera¹,

Tengana²,

Solano³

et al. 2020

Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

View full text Add to dashboard Cite

Impersonation attacks against web authentication servers have been increasing in complexity over the last decade. Tunnelling services, such as VPNs or proxies, can be for instance used to faithfully impersonate victims in foreign countries. In this paper we study the detection of user authentication attacks involving network tunnelling geolocation deception. For that purpose we explore different models to profile a user based on network latencies. We design a classical machine learning model and a deep learning model to profile web resource loading times collected on client-side. In order to test our approach we profiled network latencies for 86 real users located around the globe. We show that our proposed novel network profiling is able to detect up to 88.3% of attacks using VPN tunneling schemes.

show abstract

Section: Related Workmentioning

confidence: 99%

Risk-based Authentication Based on Network Latency Profiling

Rivera¹,

Tengana²,

Solano³

et al. 2020

Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

View full text Add to dashboard Cite

show abstract

“…To avoid password challenges, Stajano [51] introduced Pico which unlocks a device in the presence of k-out-of-n small encrypted hardware tokens called Picosiblings. A preliminary architecture for a cross-device authentication system utilizing multiple biometrics as well as risk has been proposed in [20] and later expanded in [21,24,25]. A system for behavior-based, transparent multi-factor authentication has been patented by Gordon et al [14].…”

Section: Related Workmentioning

confidence: 99%

Cormorant

Hintze

Füller

Scholz

et al. 2019

Proceedings of the 17th International Conference on Advances in Mobile Computing &Amp; Multimedia

Self Cite

View full text Add to dashboard Cite

This paper presents the design and open source implementation of CORMORANT, an Android authentication framework able to increase usability and security of mobile authentication. It uses transparent behavioral and physiological biometrics like gait, face, voice, and keystrokes dynamics to continuously evaluate the user's identity without explicit interaction. Using signals like location, time of day, and nearby devices to assess the risk of unauthorized access, the required level of confidence in the user's identity is dynamically adjusted. Authentication results are shared securely, end-to-end encrypted using the Signal messaging protocol, with trusted devices to facilitate cross-device authentication for co-located devices, detected using Bluetooth low energy beacons. CORMORANT is able to reduce the authentication overhead by up to 97% compared to conventional knowledge-based authentication whilst increasing security at the same time. We share our perspective on some of the successes and shortcomings we encountered implementing and evaluating CORMORANT to hope to inform others working on similar projects. CCS CONCEPTS• Security and privacy → Multi-factor authentication; Usability in security and privacy; Biometrics.

show abstract

“…While re-active risk-based authentication accepts some of the risks until the risk score goes beyond the acceptable threshold level, and consequently, reauthentication is required. In [18], Hintze et al evaluate the risk and make authentication decision for mobile devices based on user´s geographical location and multi-modal biometrics. On the other hand, in [19], Hurkala et al proposed a context risk aware authentication to evaluate the risk associated to the user identity.…”

Section: Risk-based User Authenticationmentioning

confidence: 99%

Risk-Based User Authentication for Mobile Passenger ID Devices for Land and Sea Border Control

Παπαϊωάννου

Μαντάς

Rodrı́guez

2021

2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom)

View full text Add to dashboard Cite

Although the continuously increasing number of visitors entering the European Union through land-border crossing points or seaports brings tremendous economic benefits, novel border control solutions, such as mobile devices for passenger identification for land and sea border control, are essential to promote further the comfort of passengers. Nevertheless, the highly sensitive information handled by this type of devices makes them an attractive target for malicious actors. Therefore, novel secure and usable user authentication mechanisms are required to increase the level of security of this kind of devices without interrupting border control activities. Towards this direction, we, firstly, discuss risk-based authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Besides that, an overview of existing risk estimation approaches -both qualitative and quantitative -is given to provide a foundation for organizing research efforts towards the design and development of proper risk estimation mechanisms for riskbased user authentication for mobile passenger identification devices used by border control officers at land and sea borders.

show abstract

Location-based risk assessment for mobile authentication

Cited by 15 publications

References 12 publications

Risk-based Authentication Based on Network Latency Profiling

Risk-based Authentication Based on Network Latency Profiling

Cormorant

Risk-Based User Authentication for Mobile Passenger ID Devices for Land and Sea Border Control

Contact Info

Product

Resources

About