A new authentication management model oriented on user’s experience
Mariusz Sepczuk, Zbigniew Kotulski
DOI: http://dx.doi.org/10.15439/2016F219
Citation: Proceedings of the 2016 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 8, pages 1021–1030 (2016)
Abstract. Authenticating users connecting to online services, social networks or m-banking became an indispensable element of our everyday life. Reliable authentication is a foundation of security of Internet services but, on the other hand, also a source of users' frustration due to possible account block-ing in case of three fails. In this paper we propose a model of authentication service management which helps in keeping a balance between the authentication security level and positive users' perception of this procedure. The proposed procedure allows a user more than three attempts of au-thentication by switching after two failures to a more se-cure authentication protocol keeping a balance between QoP and QoE measures. Finally, the procedure determines an optimal path of authentication using a decision tree algorithm.
References
- Wang, Z., Crowcroft, J., "Quality-of-service routing for supporting multimedia applications", IEEE JSAC, vol. 14, no. 7, pp. 1228-1233, 1996 http://dx.doi.org/10.1109/49.536364
- “Qualinet White Paper on Definitions of Quality of Experience” Output from the fifth Qualinet meeting, Novi Sad, March 12, 2013 Version 1.2
- Reichl, P., Egger, S., Möller, S., Kilkki, K., Fiedler, M., Hossfeld, T., Tsiaras, Ch., Asrese, A., “Towards a comprehensive framework for QoE and user behavior modelling”, Seventh International Workshop on Quality of Multimedia Experience (QoMEX), 2015 http://dx.doi.org/10.1109/QoMEX.2015.7148138
- Hossfeld, T., Fiedler, M., Tran-Gia, P., “A Generic Quantitative Relationship between Quality of Experience and Quality of Service”, IEEE Network Special Issue on Improving QoE for Network Service, March 2010 http://dx.doi.org/10.1109/MNET.2010.5430142.
- Ciszkowski, T., Mazurczyk, W., Kotulski, Z., Hossfeld, T., Fiedler, M., Collange, D., “Towards Quality of Experience-based Reputation Models for Future Web Service Provisioning”, Telecommunication Systems, Vol.51, No.4, pp.283-295, (2012) http://dx.doi.org/10.1007/s11235-011-9435-2.
- Gerstel, O., Sasaki, G., “Quality of Protection (QoP): a quantitative unifying paradigm to protection service grades”, in: SPIE Proc. OptiComm 2001, vol. 4599, (2001a), pp. 12–23 http://dx.doi.org/10.1117/12.436060.
- “Quality of Protection Security Measurements and Metrics”, Editors: Gollmann, Dieter, Massacci, Fabio, Yautsiukhin, Artsiom (Eds.), Springer 2006 http://dx.doi.org/10.1007/978-0-387-36584-8.
- Księżopolski, B., Kotulski, Z., “Adaptable security mech- anism for dynamic environments”, Computers & Security, Vol.26, No.3, pp.246-255, (2007) http://dx.doi.org/10.1016/j.cose.2006.11.002.
- Siewruk G., Średniawa M., Grabowski S., Legierski J. , "Integration of context information from different sources: Unified Communication, Telco 2.0 and M2M", Proceedings of the 2013 Federated Conference on Computer Science and Information Systems pp. 851–858
- Schilit, B., Adams, N., Want, R., “Context-Aware Computing Applications”, Proceeding WMCSA ’94 Proceedings of the 1994 First Workshop on Mobile Computing Systems and Applications, pp.: 85 – 90 http://dx.doi.org/10.1109/WMCSA.1994.16.
- Pascalau E., Nalepa G. J., Kluza K., "Towards a Better Understanding of Context-Aware Applications", Proceedings of the 2013 Federated Conference on Computer Science and Information Systems pp. 959–962
- Wrona, K., Gomez, L., “Context-aware security and secure context- awareness in ubiquitous computing environ- ments”, XXI Autumn Meeting of Polish Information Processing Society, Conference Proceedings, pp.: 255 – 265
- Alves, P., Ferreira, P., Radiator, “Efficient message propagation in context-aware systems”, in Journal of Internet Services and Applications, 2014, http://dx.doi.org/10.1186/1869-0238-5-4.
- Orynczak, G., Kotulski, Z., “Context-Aware Secure Routing Protocol for Real-Time Services”, in: Cryptography and Security Systems, Volume 448 of the series Communications in Computer and Information Science pp 193-207, Springer 2014 http://dx.doi.org/10.1007/978-3-662-44893-9_17.
- Wenning, B-L., “Context-Based Routing”, in Dynamic Networks, Springer 2010 http://dx.doi.org/10.1007/978-3-8348-9709-1.
- Goel, D., Kher, E., Joag, S., Mujumdar, V., Griss, M., Dey, A. K., “Context-Aware Authentication Framework”, Proc. First Annual Conference on Mobile Computing, Applications, and Services (MobiCASE 2009), pp. 26-29 http://dx.doi.org/10.1007/978-3-642-12607-9_3.
- Lenzini, G., “Trust-Based and Context-Aware Authentication in a Software Architecture for Context and Proximity-Aware Services”, in Architecting Dependable Systems VI Volume 5835 of the series Lecture Notes in Computer Science, 2009, pp. 284-307 http://dx.doi.org/10.1007/978-3-642-10248-6_12.
- Park, S., Han, Y., Chung, T., “Context-Aware Security Management System for Pervasive Computing Environment”, in Modeling and Using Context Volume 4635 of the series Lecture Notes in Computer Science pp 384-396, August 2007, pp. 20-24 http://dx.doi.org/10.1007/978-3-540-74255-5_29.
- Hayashi, E., Das, S., Amini, S., Hong, J., Oakley, I., “CASA: Context- Aware Scalable Authentication”, Proc. of the Ninth Symposium on Usable Privacy and Security, ISBN 978-1-4503-2319-2, July 2013 http://dx.doi.org/10.1145/2501604.2501607.
- Kulkarni, D., Tripathi, A., “Context-aware role-based access control in pervasive computing systems”, Proc. of the 13th ACM symposium on Access control models and technologies (SACMAT ’08), June 2008, pp. 113-122 http://dx.doi.org/10.1145/1377836.1377854.
- Chun-Dong, W., Ting, L., Li-Chun, F., “Context-Aware Environment-Role-Based Access Control Model for Web Services”, in Multimedia and Ubiquitous Engineering, ISBN 978-0-7695-3134-2, April 2008, pp. 288 – 293 http://dx.doi.org/10.1109/MUE.2008.77.
- Khan, M., F., F., Sakamura, K., “Context-aware access control for clinical information systems” , in Innovations in Information Technology (IIT), ISBN 978-1-4673-1100-7, March 2012, pp. 123 – 128 http://dx.doi.org/10.1109/INNOVATIONS.2012.6207715
- Krawczyk, H., Lubomski, P., “User Trust Levels and Their Impact on System Security and Usability”, Proc. of 22nd International Conference Computer Networks, ISBN 978-3-319-19418-9, May 2015, pp. 82 – 91 http://dx.doi.org/10.1007/978-3-319-19419-6_8
- Furnell, S., M., Jusoh, A., Katsabas, D., “The challenges of understanding and using security: A survey of end-user”, in Computers and Security vol. 25 issue 1, February 2006, pp. 27 – 35 http://dx.doi.org/10.1016/j.cose.2005.12.004.
- Furnell, S., “Usability versus complexity – Striking the balance in end – user security “, in Network Security, December 2010, pp. 13 – 17 http://dx.doi.org/10.1016/S1353-4858(10)70147-1.
- Wu, D., Zhang, H., Wang, H., Wang, C., Wang, R., Xie, Y., “Quality of protection – driven data forwarding for intermittently connected wireless networks”, in IEEE Wireless Communications vol. 22 issue 4, August 2015, pp. 66 – 73 http://dx.doi.org/10.1109/MWC.2015.7224729.
- Li, H., Liu, D., Dai, Y., Luan, T., H., „Engineering searchable encryption of mobile cloud networks: when QoE meets QoP”, in IEEE Wireless Communication vol. 22 issue 4, August 2015, pp. 74 – 80 http://dx.doi.org/10.1109/MWC.2015.7224730.
- Wang, W., Zhang, Q., “Toward long-term quality of pro- tection in mobile networks: a context-aware perspective”, in IEEE Wireless Communications vol. 22 issue 4, August 2015, pp. 34 – 40 http://dx.doi.org/10.1109/MWC.2015.7224725.
- Lorentzen, C.; Fiedler, M.; Johnson, H.; Shaikh, J.; Jrstad, I., “On user perception of web login — A study on QoE in the context of security”, in Telecommunication Networks and Applications Conference (ATNAC), Auckland, Oct. 31 2010-Nov. 3 2010, pp. 84 – 89 http://dx.doi.org/10.1109/ATNAC.2010.5680262
- Lorentzen, Ch., “User Perception and Performance of Authentication Procedures”, Thesis, Blekinge Institute of Technology, School of Computing, 2011.
- Lorentzen, Ch., “On User Perception of Authentication in Networks”, PhD. Thesis, Blekinge Institute of Technology 2014.
- Sepczuk, M., “Security oriented on user's perception in cloud computing”, in Przegląd Telekomunikacyjny, no. 8-9, 2013, pp. 1245 – 1251.
- Crawford, H., Renaud, K., “Understanding user perceptions of transparent authentication on a mobile device”, in Journal of Trust Management vol. 1 issue 1, June 2014 http://dx.doi.org/10.1186/2196-064X-1-7.
- Eliasson; Ch., Fiedler, M.; Jørstad, I., “A Criteria-Based Evaluation Framework for Authentication Schemes in IMS”, ARES '09. International Conference on Availability, Reliability and Security, 2009 http://dx.doi.org/10.1109/ARES.2009.166.
- Kotulski, Z., Sepczuk, M., Sitek, A., Tunia, M. A., „Adaptable Context Management Framework for Secure Network Services”, in Annales UMCS Informatica, vol. 14, no.2, September 2014, pp. 7 – 30 http://dx.doi.org/10.2478/umcsinfo-2014-0013.
- Sepczuk, M., “Authentication Mechanism Based on Adaptable Context Management Framework for Secure Network Services”, in Annales UMCS, Informatica, vol. 14, no.2, September 2014, pp. 31-44 http://dx.doi.org/10.2478/umcsinfo-2014-0010.
- Irvine, C., Levin, T., “Quality of Security Service”, Pro- ceeding NSPW '00 Proceedings of the 2000 workshop on New security paradigms, Pages 91 - 99, http://dx.doi.org/10.1145/366173.366195.
- EL Yamany, H., F., Capretz, M., Allison, D., S., “Quality of Security Services for Web Services within SOA”, in Congress on Services – I, July 2009, pp.: 653 – 660 http://dx.doi.org/10.1109/SERVICES-I.2009.95.