Abstract
In this paper we discuss the possibilities of context-aware systems in providing more secure user authentication. We describe some approaches in using context information in adaptive security systems, especially in adaptive user authentication. In addition, we discuss some recent results in applying the context itself as an authentication factor. Recent advances in cryptographic protocol design and adaptive, context-aware systems enable the linking of the context information to the cryptographic keys and authentication. Furthermore, new protocols make adaptive user authentication easier as it is possible to combine several different factors in a single protocol. We give some examples of this and discuss the further potential of these methods.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
- Context Information
- User Authentication
- Authentication Scheme
- Authentication Protocol
- Pervasive Computing
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Baldauf, M., Dustdar, S., Rosenberg, F.: A survey on context-aware systems. International Journal of Ad Hoc and Ubiquitous Computing 2(4), 263–277 (2007)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Boneh, D., Franklin, M.: Anonymous authentication with subset queries. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 113–119. ACM (1999)
Bonneau, J., Herley, C., van Oorschot, P., Stajano, F.: The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 553–567 (May 2012)
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)
Brainard, J., Juels, A., Rivest, R.L., Szydlo, M., Yung, M.: Fourth-factor authentication: somebody you know. In: Conference on Computer and Communications Security: Proceedings of the 13th ACM Conference on Computer and Communications Security, vol. 30, pp. 168–178 (2006)
Chen, G., Kotz, D.: et al.: A survey of context-aware mobile computing research. Tech. rep., Technical Report TR2000-381, Dept. of Computer Science, Dartmouth College (2000)
Conti, M., Das, S.K., Bisdikian, C., Kumar, M., Ni, L.M., Passarella, A., Roussos, G., Tröster, G., Tsudik, G., Zambonelli, F.: Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber–physical convergence. Pervasive and Mobile Computing 8(1), 2–21 (2012)
Elkhodary, A., Whittle, J.: A survey of approaches to adaptive application security. In: International Workshop on Software Engineering for Adaptive and Self-Managing Systems, ICSE Workshops SEAMS 2007, p. 16. IEEE (2007)
Evesti, A., Pantsar-Syväniemi, S.: Towards micro architecture for security adaptation. In: Proceedings of the Fourth European Conference on Software Architecture: Companion, pp. 181–188. ACM (2010)
Evesti, A., Suomalainen, J., Ovaska, E.: Architecture and knowledge-driven self-adaptive security in smart space. Computers 2(1), 34–66 (2013)
Fleischhacker, N., Manulis, M., Sadr-Azodi, A.: Modular design and analysis framework for multi-factor authentication and key exchange. Cryptology ePrint Archive, Report 2012/181 (2012), http://eprint.iacr.org/
Frankel, A., Maheswaran, M.: Feasibility of a socially aware authentication scheme. In: 6th IEEE Consumer Communications and Networking Conference, CCNC 2009, pp. 1–6 (January 2009)
Gentry, C., Mackenzie, P., Ramzan, Z.: Password authenticated key exchange using hidden smooth subgroups. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 299–309. ACM (2005)
Hao, F.: On robust key agreement based on public key authentication. Security and Communication Networks (2012)
Honkola, J., Laine, H., Brown, R., Tyrkko, O.: Smart-m3 information sharing platform. In: 2010 IEEE Symposium on Computers and Communications (ISCC), pp. 1041–1046. IEEE (2010)
Hulsebosch, R., Bargh, M., Lenzini, G., Ebben, P., Iacob, S.: Context sensitive adaptive authentication. In: Kortuem, G., Finney, J., Lea, R., Sundramoorthy, V. (eds.) EuroSSC 2007. LNCS, vol. 4793, pp. 93–109. Springer, Heidelberg (2007)
Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: Generic compilers for authenticated key exchange. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 232–249. Springer, Heidelberg (2010)
Jiang, X., Landay, J.: Modeling privacy control in context-aware systems. IEEE Pervasive Computing 1(3), 59–63 (2002)
Lee, Y., Kim, S., Won, D.: Enhancement of two-factor authenticated key exchange protocols in public wireless LANs. Computers & Electrical Engineering 36(1), 213–223 (2010)
Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011)
Park, Y.M., Park, S.K.: Two factor authenticated key exchange (take) protocol in public wireless LANs. IEICE Transactions on Communications 87(5), 1382–1385 (2004)
Pointcheval, D., Zimmer, S.: Multi-factor authenticated key exchange. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 277–295. Springer, Heidelberg (2008)
Rathgeb, C., Uhl, A.: A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security 2011(1), 1–25 (2011)
Raychoudhury, V., Cao, J., Kumar, M., Zhang, D.: Middleware for pervasive computing: A survey. In: Pervasive and Mobile Computing (2012)
Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.E.: Adaptive trust negotiation and access control. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 139–146. ACM (2005)
Salehie, M., Tahvildari, L.: Self-adaptive software: Landscape and research challenges. ACM Transactions on Autonomous and Adaptive Systems (TAAS) 4(2), 14 (2009)
Savola, R.M., Abie, H.: Development of measurable security for a distributed messaging system. International Journal on Advances in Security 2(4), 358–380 (2010)
Schechter, S., Egelman, S., Reeder, R.: It’s not what you know, but who you know: a social approach to last-resort authentication. In: Proceedings of the 27th International Conference on Human Factors in Computing Systems, pp. 1983–1992. ACM (2009)
Schläger, C., Sojer, M., Muschall, B., Pernul, G.: Attribute-based authentication and authorisation infrastructures for e-commerce providers. In: Bauknecht, K., Pröll, B., Werthner, H. (eds.) EC-Web 2006. LNCS, vol. 4082, pp. 132–141. Springer, Heidelberg (2006)
Schneier, B.: Liars and outliers: enabling the trust that society needs to thrive. Wiley (2012)
Shah, S., Minhas, A., et al.: New factor of authentication: Something you process. In: International Conference on Future Computer and Communication, ICFCC 2009, pp. 102–106. IEEE (2009)
Sheikh, K., Wegdam, M., Sinderen, M.V.: Quality-of-context and its use for protecting privacy in context aware systems. Journal of Software 3(3), 83–93 (2008)
Tsang, P.P., Au, M.H., Kapadia, A., Smith, S.W.: Perea: Towards practical ttp-free revocation in anonymous authentication. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 333–344. ACM (2008)
Yuan, E., Malek, S.: A taxonomy and survey of self-protecting software systems. In: 2012 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), pp. 109–118. IEEE (2012)
Yung, M.: On the evolution of user authentication: Non-bilateral factors. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 5–10. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing
About this paper
Cite this paper
Halunen, K., Evesti, A. (2013). Context-Aware Systems and Adaptive User Authentication. In: O’Grady, M.J., et al. Evolving Ambient Intelligence. AmI 2013. Communications in Computer and Information Science, vol 413. Springer, Cham. https://doi.org/10.1007/978-3-319-04406-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-04406-4_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04405-7
Online ISBN: 978-3-319-04406-4
eBook Packages: Computer ScienceComputer Science (R0)