A Continuous LoA Compliant Trust Evaluation Method
J. Hatin, E. Cherrier, J.-J. Schwartzmann, V. Frey, C. Rosenberger
2016
Abstract
The trust provided by authentication systems is commonly expressed with a Level of Assurance (LoA see 3). If it can be considered as a first process to simplify the expression of trust during the authentication step, it does not handle all the aspects of the authentication mechanism and especially it fails to integrate continuous authentication systems. In this paper, we propose a model based on the Dempster Shafer theory to merge continuous authentication system with more traditional static authentication scheme and to assign a continuous trust level to the current LoA. In addition, this method is proved to be compliant with the LoA frameworks.
References
- Australian governement (2009). National e-authentication framework.
- Clarke, N. (2011). Transparent User Authentication Biometrics, RFID and Behavioural Profiling. Springer.
- Crawford, H., Renaud, K., and Storer, T. (2013). A framework for continuous, transparent mobile device authentication. computers & security elsevier.
- Derawi, M. and Bours, P. (2013). Gait and activity recognition using commercial phones. Computers & Security.
- Eagle, N. and Pentland, A. (2006). Reality mining: sensing complex social systems. Personal and ubiquitous computing, 10(4):255-268.
- Europe (2007). eid interoperability for pegs. Technical report, iDABC European eGovernement services.
- Furnell, S., Clarke, N., and Karatzouni, S. (2008). Beyond the pin: Enhancing user authentication for mobile devices. Computer Fraud & Security.
- Government of India (2012). e-pramaan: Framework for e-authentication. Technical report, Ministry of Communications and Information Technology.
- Helkala, K. and Snekkenes, E. (2009). Formalizing the ranking of authentication products. Information Management & Computer Security, 17(1):30-43.
- ISO (2013). Information technology security techniques entity authentication assurance framework (iso 29115).
- Jain, A. K., Ross, A., and Prabhakar, S. (2004). An introduction to biometric recognition. Circuits and Systems for Video Technology, IEEE Transactions on, 14(1):4- 20.
- Jøsang, A. (2013). Identity management and trusted interaction in internet and mobile computing. Information Security, IET.
- Nag, A. K. and Dasgupta, D. (2014). An adaptive approach for continuous multi-factor authentication in an identity eco-system. In Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 7814, pages 65-68, New York, NY, USA. ACM.
- Nag, A. K., Dasgupta, D., and Deb, K. (2014). An adaptive approach for active multi-factor authentication. In 9th Annual Symposium on Information Assurance (ASIA14), page 39.
- O'Gorman, L. (2003). Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE, 91(12):2021-2040.
- Peisert, S., Talbot, E., and Kroeger, T. (2013). Principles of authentication. In Proceedings of the 2013 workshop on New security paradigms workshop, pages 47-56. ACM.
- Renaud, K. and Crawford, H. (2014). Invisible, passive, continuous and multimodal authentication. In Mobile Social Signal Processing, pages 34-41. Springer.
- Shafer, G. et al. (1976). A mathematical theory of evidence, volume 1. Princeton university press Princeton.
- Smets, P. and Kennes, R. (1994). The transferable belief model. Artificial intelligence, 66(2):191-234.
- Syed, Z., Banerjee, S., and Cukic, B. (2014). Continual authentication. Biometric Technology Today.
- United State gouvernement (2006). Electronic authentication guideline. Technical report, NIST.
- Wang, R., Chen, S., and Wang, X. (2012). Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 365- 379. IEEE.
- Zheng, J. and Ni, L. M. (2012). An unsupervised framework for sensing individual and cluster behavior patterns from human mobile data. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pages 153-162. ACM.
Paper Citation
in Harvard Style
Hatin J., Cherrier E., Schwartzmann J., Frey V. and Rosenberger C. (2016). A Continuous LoA Compliant Trust Evaluation Method . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 355-363. DOI: 10.5220/0005738403550363
in Bibtex Style
@conference{icissp16,
author={J. Hatin and E. Cherrier and J.-J. Schwartzmann and V. Frey and C. Rosenberger},
title={A Continuous LoA Compliant Trust Evaluation Method},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={355-363},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005738403550363},
isbn={978-989-758-167-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Continuous LoA Compliant Trust Evaluation Method
SN - 978-989-758-167-0
AU - Hatin J.
AU - Cherrier E.
AU - Schwartzmann J.
AU - Frey V.
AU - Rosenberger C.
PY - 2016
SP - 355
EP - 363
DO - 10.5220/0005738403550363