Context-Aware Adaptive Multi-Factor Authentication

Authentication and access control are merging in continuous authorization of online resources/services by users and IoTs. In this talk, I will first discuss an adaptive multi-factor authentication (A-MFA) framework (we developed during 2015-16) which uses adaptive selection of multiple modalities at different operating environments so to make authentication strategy unpredictable to hackers. Accordingly, a subset of authentication factors is determined (at triggering events) on the fly thereby leaving no exploitable a priori pattern or clue for adversaries. Such a methodology of adaptive authentication selection can provide legitimacy to user transactions with an added layer of access protection that is not rely on a fixed set of authentication modalities.

I will then introduce an extensible framework of context-aware A-MFA based on real-time contextual risks. Using a SAT solver to find a selection of authentication factors that satisfies domain-specific policies and user-context constraints such as accuracy, invasiveness, and privacy impact. This approach supports both active and passive authentication modalities and produces an aggregate authentication score.  In particular, a Risk Level Assessment (RLA) is defined for trust evaluation that incorporates resource sensitivity, user clearance, historical behavior, and authentication strength, offering broader applicability across heterogeneous environments.

 

References:

• Advances in User Authentication. Dipankar Dasgupta, Arunava Roy, Abhijit Nag. Publisher: Springer-Verlag, Inc., August 2017.

• US Patent #9,912,657: Adaptive Multi-Factor Authentication, Dasgupta, et al., March6, 2018.

• WIPP-Smart Authentication: Contextual Strategies for Dynamic User Verification. J Sharp, A Williams, B Womack, A Roy, D Dasgupta… - IEEE Resilience Week (RWS), pp1-10, 2024

• Williams, A. Roy and D. Dasgupta, "A Distributed Multi-User Access Control Middleware for Critical Applications," 2023 IEEE Symposium Series on Computational Intelligence (SSCI), Mexico City, Mexico, 2023, pp. 1145-1150, doi: 10.1109/SSCI52147.2023.10371790.