Adaptive Multi-Factor Authentication (A-MFA) System · 2018-09-04 · Authentication 3...
Transcript of Adaptive Multi-Factor Authentication (A-MFA) System · 2018-09-04 · Authentication 3...
Adaptive Multi-Factor
Authentication (A-MFA)
System
Prof. Dipankar Dasgupta, IEEE Fellow
A NATIONAL CENTER OF ACADEMIC
EXCELLENCE (CAE-CD / CAE-R)Center website: cfia.memphis.edu
Director: Center for Information Assurance
• Authentication Basics-Single Factor
• Negative Authentication System (NAS)
• Multi-Factor Authentication (MFA)
• Active/Continuous Authentication
• Adaptive Multi-Factor (A-MFA) • Overview: Goal & Objectives
• Design of A-MFA Framework
• A-MFA Prototype System
• Use Cases for A-MFA
• Cyber Identity Ecosystem
• Summary
Agenda
Authentication
3
Authentication is the critical safe guards against illegal access to computing systems.
the process of giving individuals access to system objects based on their identity.
Ensures that the individual is who he or she claims to be.
But says nothing about the access rights of the individual.
Challenges
Correctly identify authorized users in particular Operational Settings.
Take appropriate action on demand basis to prevent un-authorized access.
Password-Based Authentication
4
Single-factor
Username-password. (most widely used as of now!)
Issues
Mostly targeted by the attackers
If this single channel is compromised, the users are
denied of the service until it is restored
Recent advancement of computer processing power,
makes to check all possible cases in a short amount of
time
Difficult to remember for a wide variety of websites
Type of User online Accounts
5
In a survey by Google researchers (2013), found that there exist different type of user accounts and all those accounts may not require strong authentication. For example,
* Users might create throw-away accounts for participating in pseudo-anonymous conversation, doing online survey, or one-time purchase, etc.
* Routine accounts are generally long-lasting which may not be high-valued but use for reading online newspapers, magazines, etc.
* Spokesperson accounts are created to participate in political, social, philosophical, professional discussions, blogging; compromising such accounts may defame the user, spread misinformation, embarrassment to extensive cleanup costs.
* Sensitive accounts include user’s primary email accounts, financial accounts, employment/service accounts, and exposing such accounts may have sever and sometime unforeseen consequences.
* Very high-value transaction accounts are specialized access use for irrevocable actions such as cross-border fund transfer, weapon release, etc.
Single-Factor Authentication : It’s not enough nowadays!
Dell Secure Works Counter Threat Unit (CTU) researchers discovered malware “Skeleton Key” that :
Bypasses authentication on Active Directory (AD) systems
that implement single-factor (password only) authentication
Threat actors can use a password of their choosing to
authenticate as any user
Skeleton Key is deployed as an in-memory patch on a victim’s
AD domain controllers to allow the threat actor to bypass
authentication with physical access to login and unlock systems
Sample Scenario
IARPA Project: Multi-layered Authentication System
Negative Authentication
System (NAS)
Negative Authentication System (NAS)
8
The overall concept of Negative Authentication System (NAS)
Uses complementary information from password dataset.
Security Layer 1 Security Layer 2
(P)
Security Layers of NAS
Password Profile
Negative Authentication System (NAS)
9
Two layers of NAS:
Negative filtering layer and
password checking layer.
There is no direct communication
among the access requests and
the positive authentication server
The communication between the
first server and the second server
is transparent to the users.
Authentication Process Flow
10
End-User
Firewall
NAS Database
NAS L2
Application
Positive
Authentication
System
NAS L1
Application
Administrator
2
1L1
L2
3
2017 SSCI-CICS Tutorial Dasgupta & Nag
Account Creation Process Flow
11 2017 SSCI-CICS Tutorial Dasgupta & Nag
Summary of NAS Approach
12
NAS can detect and filter out most of the invalid requests, and
hence lower the probability of making guessing requests to access
the positive authentication data.
Exposing the negative detectors upfront reduce the overall
password cracking risks.
It also prevent Side channel attacks.
Implemented in collaboration with the Massachusetts Institute of
Technology (MIT) Geospatial Data Center. A conceptual demo
video is available at https://vimeo.com/98054594
Need for Multi-Factor: Sample Scenario
13
Perspective for Multi-factor Authentication
14
What the User knows
Password, PIN, pass phrases
What the User has
Smart card, digital certificate, driver’s license
Who the User is
Fingerprint, iris scan, voice recognition
Where the User is
GPS, IP address of user
Two Factor• Generally Password along with SMS for verification code
Ph.D. Dissertation Defense
Abhijit K Nag
U00366768
Authentication Types
Product- Microsoft Azure
Different MFA products in Market Today
18
Product Name
Vendor Factors Features Source (Website)
SecureAuthIdP
SecureAuth Two factors and SSO ( out of 20)
Mobile, cloud, web or VPN www.secureauth.com
RSA SecureID RSA Two factors Software (smartphones, tabletsand PC) and hardware authenticators
http://www.emc.com/security/rsa-securid.htm
Safenet SafeNet Two factors Cloud, Password + SMS/Hardware Token
www.safenet-inc.com/multi-factor-authentication/?tabnum=2
SecurEnvoy SecurEnvoy Two Factor Tokenless (One-swipe, SMS Preload, Soft Token, Voice Call, Email Preload)
www.securenvoy.com/
Symantec O3 Symantec Cloud identity and access control (Two Factor authentication)
Cloud applications (set policies forgroups, persons, devices) [security control point]
www.symantec.com/page.jsp?id=O3
Microsoft Azure
Microsoft Multi factor (Phone call, SMS and Password)
On premises and cloudauthenticationsMobile Device + user-id and password
azure.microsoft.com/en-us/services/multi-factor-authentication/
DeepnetDualShield
DeepnetSecurity
Two factors out of 10 different methods
SMS, Voice, Mobile App, Face, Keystroke, Smart Cards
www.deepnetsecurity.com/products/dualshield/
Swivel Secure
Swivel Secure
SSO + two factor Mobile App, SMS, tokens, Telephony, Browser
www.swivelsecure.com/
miniOrangeStrong Authenticati
miniOrange SSO + two factor 14 different authentication types miniorange.com/strong_auth
Current MFA trends
– Effectiveness of MFA as a potent tool to tackle BYOD security complexity benefits the market.
– Rise in smartphone thefts spurs use of MFA on mobile devices.
– Cloud services need MFA to establish customer trust and increase cloud adoptability.
http://www.strategyr.com/MarketResearch/Multi_Factor_Authentication_MFA_Market_Trends.asp
• Amazon, Google, Yahoo, Dropbox, Facebook, LinkedIn, Twitter, Microsoft uses two factors to access their online services for authentication.
Why we should care?
Aside from the fact that all companies should take their customer data securityseriously, not having adequate authentication mechanisms in place increases the potential of corporate PII breach risks including:
Legal Liability
Government Enforcement Action Class Actions Individual Actions
ReputationalExposure Business
Consequences
Sec/ShareholderIssues
Employee/CustomerIssues
Typical Breach Costs
Outside Counsel Credit Monitoring Security & Technology upgrades Defence costs Fines Settlements
Use of Multi-factor Authentication (MFA)
• Provide different choices to the user during authentication to verify their identity.• However, all the factors may not be available in all operating conditions.
• Come with a fail-safe feature in case of any authentication factor gets compromised• users should be authenticated utilizing the other non-compromised
modalities.
• Concerns:
21
- How to choose a better set of authentication factors out of all possible choices in any given operating environment.
- The choice of an appropriate set of authentication factor determines the performance of the MFA
23
The selection procedure should not follow (having bias
towards) any pattern that can be used by the attackers.
The process should make the consideration of previous
selection of the authentication factors to avoid repetitive use
of the same factors.
Modes of Auth.
Factor Selection IllustrationStatic A predefined set of modalities for any given
environment.
Dynamic A set of modalities chosen dynamically at different
time triggering event for authentication.
Dynamic Random Modalities are chosen in any random order at the time
of authentication.
Adaptive Modalities are chosen based on current system settings
and previously selected modalities.
How to select Modalities in MFA?
Adaptive Multi-Factor Authentication (A-MFA)
This greatly enhances security without changing the user experience.
However, when an unauthorized user attempts to gain access with stolen credentials and the additional factors and behaviours normally seen don't line up, the login is prevented and challenged.
The selection of multiple authentication factors are conducted adaptively considering
Operating devices
Connected Media
Surrounding Conditions/Environment
Biometric Presentation Attacks
D. Dasgupta25
26
Public Place with shared wifi
10
Mon
10
Mon
10
Mon
10
Mon
Overall Concept of A-MFA
A-MFA: Overall Goal and Objectives
33
Develop Trustworthy Model with Probabilistic
Constraints
Design the Adaptive Selection
Approach of MFA
Cardinality of the Auth.
factors
Previous history of selected factors
Selected Authentication factors in a given environment settings
Error rates of
individual factors
Constraints for the given environment
settings
Implement the
Trustworthy Model
Implement Adaptive Selection Approach
Build users’ profile with
different captured
auth. factors
Implement user
identification Model
Evaluation of the
system with different settings
Design and Implementation of an Adaptive Multi-factor Authentication(A-MFA) Framework
Objective 1 Objective 2 Objective 3
Pairwise Preference
Information on Trustworthiness
Objective 4
Build a Pilot web-service
to authenticate
Implement A-MFA
Run user-study on Pilot
Framework
Version 1: A-MFA Modalities & their features
M1: Face Recognition
It is computed through face geometry features. Features include different
points in Lips, eyes, brow and cheek, Crows-feet wrinkles nasal root
wrinkles.
M2: Finger Print
Three level of features are used for this modality. Level 1 features show
macro details of the ridge flow shape, Level 2 features (minutiae point) are
discriminative enough for recognition, and Level 3 features (pores)
complement the uniqueness of Level 2 features.
M4: CAPTCHA
It is used to prevent automated software to perform actions and can
discriminate between human and bots. a CAPTCHA features an image file
of slightly distorted alphanumeric characters. It also has read out feature
for users with visually impaired.
M3: Password
Password is the most common modality. It can be stored in hashed form
and matched with the input by hashing the given password as string
matching. Password can be made with alpha-numeric characters along
with some special characters.
Modalities & their features
M5: SMS
SMS feature is used to send the pass-code to any phone number and
that code is valid for a short period of time. The phone number
should be registered to the system a-priori basis.
M6:Voice recognitionIt uses pitch and different formant features (F1, F2 and F3). The
pitch of the speech signal contains crucial information about the
intonation pattern. The formants represent the articulators of the
speech signal where the resonant frequencies are generated.
M7: Keystroke pattern
This modality detects the pattern of the keystrokes. The features
used for this techniques are : mean latency and standard deviation of
digraphs [A combination of two letters representing one sound],
mean duration and standard deviation of keystrokes.
Using Biometric Characteristics
In this chart the further away
the characteristic is from the
center, the better is the
biometric technique.
So for instance keystroke scan
and signature scan are low cost,
require very little effort, and are
not intrusive at all, however they
are not distinctive.
On the other end of the
spectrum, retina scan and iris
scan, provide very high
distinctiveness, however they are
both expensive, and intrusive.
Authentication Factors
In this work, an authentication factor is defined as
(i) Single feature of an authentication modality;
(ii) Any combination of features of an authentication
modality;
(iii) Combination of multiple features of different
authentication modalities.
Key Term M𝑘(𝑘 ∈ ℤ
+) be the 𝑘th authentication modality and M𝑘: 𝑓𝑘,𝑖 be its 𝑖th
feature.
M𝑘 : 𝑓𝑘,𝑖 𝑖∈ℤ+𝑘∈ℤ+
:
𝑖th features of different combinations of M𝑘 𝑘∈ℤ+ .
Authentication Factors
The first features of M1and M2: M1: 𝑓1,1 and M2: 𝑓2,1 .
They are considered as two authentication factors (according to (i))
M1: 𝑓1,1, 𝑓1,2 is one authentication factor (according to (ii))
combinations of M1: 𝑓1,1 and M1: 𝑓1,2
M1, M2: 𝑓1,1, 𝑓2,1 is considered as one authentication factor (according to
(iii))
combination of M1: 𝑓1,1 and M2: 𝑓2,1 .
Trustworthy Value of Auth Factors
40
Challenge is to calculate a trustworthy value for an authentication factor
Expressed in terms of numeric values for a given type of device and medium.
Main concept:
Compute using pairwise comparative preference information for different
authentication factor-device-media combinations.
Pairwise trustworthy values for different media using the same device;
Pairwise trustworthy values for different devices using the same medium;
Also incorporate the available error rates for the authentication factors ( for example,
FAR, EER)
These pair-wise decisions are then analyzed and solved through constructing an
optimization problem with probabilistic constraints to get the trustworthy
values.
Details about Trustworthy
Calculations
41
A particular pair-wise comparison involving 𝑖thand 𝑘thdevices for a particular
(𝑗th )media and particular (𝑚th ) modality, the following conditions will occur:
T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 >=< T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘;
As they are equally likely:
𝑃 T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 > T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘 = 𝑃 T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 < T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘 =
𝑃 T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 = T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘 =1
3
random variable T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 𝑖=1
𝑑can be constructed to determine the comparisons of
the trustworthiness of a particular authentication factor (modality with a set of
features) in different devices in a fixed medium.
Details about Trustworthy
Calculations
43
Similarly, the comparison can also be done among the trustworthiness of a
particular authentication modality (with a set of features) in different media,
keeping the device selection fixed.
Based on the above cases, the following non-linear programming problem
with probabilistic constraints (NLPPPC) has been formed to find a set of
T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 values
𝐌𝐚𝐱𝐢𝐦𝐢𝐳𝐞 𝑗 𝑖 𝑘𝑖≠𝑘
T𝑖𝑗 M𝑠;𝑓𝑠,𝑙 − T𝑘𝑗 M𝑠;𝑓𝑠,𝑙
𝜀1+
𝑖 𝑗 𝑘𝑗≠𝑘
T𝑖𝑗 M𝑠;𝑓𝑠,𝑙 − T𝑖𝑘 M𝑠;𝑓𝑠,𝑙
𝜀21
Details about Trustworthy
Calculations
44
An authentication modality (with a set of features), M𝑖; (𝑖 = 1,2… 𝑠) is more
(or less or equally) trusted for a user in a device D𝑗; (𝑗 = 1,2,… , 𝑑) rather
than in device D𝑘; (𝑘 = 1,2,… , 𝑑; 𝑘 ≠ 𝑗) for a particular medium Me𝑙; (𝑙 =
Trustworthy Value of Combined
Factors
46
Calculation of trustworthy values of combined factor from individual
trustworthy values illustrated.
… …
… …
+
Trustworthy value of combined factors in a specific medium
Machine Learning Algorithm
A Framework for A-MFA System
Effect of different medium
Adaptive Selection of multiple authentication factors
VMs stores different authentication factors of users
Validated Users
Not Validated
Au
the
nti
cati
on
fa
cto
rs (
Mo
dal
itie
s w
ith
fea
ture
s)
Vehicle Settings
Application Environment
UI
Driving Environment
Some Details of A-MFA
51
PW
D
M
1
M
2
M
3
M
4
M
5M
6
M
7
Query and Retrieval of
Authentication Factors
Authenticati
on Service Front
End
VMs for
Each
authenticati
on modality
Adaptive
selection of
Auth.
Factors
via Multi-
objective
Optimization
Auth Modality Activation
Pattern
52
PWD
Acti
vate
d M
od
aliti
es
Authentication Triggering Time
T1 T3T2 T4 T5
Media
Chan
ged
Devi
ce C
han
ged
Tim
e E
lapse
d
Media
Chan
ged
Tim
e E
lapse
d
Tim
e E
lapse
d
PWD
T6 T7 T8
Media
Chan
ged
Devi
ce C
han
ged
PWD
PWD
Illustration of Adaptive Selection Algorithm
Sel
ecte
d A
uth
enti
cati
on
Fac
tors
Time of Authentication Triggering Events
T1
T2
T3 T4
T5 T6
T0
FD
,
WI
FD
, W
I
FD
,
WI
FD
,
WI
FD
,
WI
PD
, W
L
FD
, W
I
F1,3
F2,3
F4,2
F1,2
F2,1
F2,2
F3,2
F3,3
F5,2
F3,2
F4,3
F5,3
F2,2
F2,3
F5,2
F3,2
F3,3
F5,3
F4,1
F5,1
F5,2
Initial Experiments
• Dataset is created for 50 users as a test-bed for Adaptive-MFA System– Face Dataset:
• 10 images for registration and 3~5 images for authentication purpose.• Faces94, faces95 dataset [1] are used
– Fingerprint Dataset:• 3 images for registration and 2 images for authentication purpose.• CASIA Fingerprint Image Database Version 5.0 [2]
– Voice Dataset:• 3 voice samples for registration and 1 voice sample for authentication.
– Keystroke Dataset:• 5 keystroke samples for registration and 3 or more keystroke samples for authentication.• CMU dataset [3] is used.
– Non-biometric data are generated programmatically.
– Passwords and pass-phrases are hashed using SHA-512 in client side and B-Crypt [4] in the server side
(data-at-rest).
– The communication between client and server are done through https protocol which is basically an end-
to-end encrypted communication while data-in-motion.
1. Faces 94. The University of Essex. Face Recognition Data Set, Libor Spacek. Url:
http://cswww.essex.ac.uk/mv/allfaces/faces94.html
2. Casia-FingerprintV5, Url: http://biometrics.idealtest.org/3. CMU dataset, Url: http://www.cs.cmu.edu/~keystroke/4. 4. Bcrypt Generator. Date accessed: September 1, 2016. Url:https://www.bcrypt-generator.com/
Customized, 3D-PrintedLight and Noise Sensor Case
User Registration and Authentication GUI• Face Recognition*
– Eigen Face
– Fisher Face
– Local Binary Pattern Histogram
• Fingerprint Recognition*
– JY
– Medina-Perez
– SourceAFIS
• Voice Recognition*
– MFCC
– PLPC
– Prosody
• Keystroke Recognition*
– Manhattan
– Mahalanobis
– K-NN Mahalanobis
*: references are listed at the end of presentation slides
Face Recognition
Fingerprint Analysis
Knowledge-
Based
Modalities
Possession-
Based
Modalities
Biometric
Modalities
Location-Based
Modalities
Password
Pass-phrase
Security
Challenge
Questions
SMS Code
TOTP Code
Face Recognition
Fingerprint
Recognition
Voice
Recognition
Keystroke
Recognition
GPS
IP address
MAC Address
Wi-Fi
Triangulation
Cellular
Triangulation
Authentication modalities incorporated in A-MFA System
User Identification Process
Client Application
Web Page to show
authentication factors
to identify user
Client
Visual C# application
(extracting features
and matching
features)
Database
10
. T
he
req
ues
t fo
r th
e st
ore
d f
eatu
res
to c
om
par
e w
ith
cap
ture
d f
eatu
res
12. The response of User Identification decision to the client
2. JSON object send to the server for surrounding data
13
. T
he
serv
er r
esp
on
se s
ho
wn
to
use
r.
1. S
end
ing t
he
surr
ou
nd
ing c
on
dit
ion
s
to t
he
serv
er
Server
Selection
Procedure
9. JSON object send to the server for feature extraction
6. The response of . selected authentication factors to the client
3. The surrounding
conditions send to
selection algorithm
4. The selected
authentication
factors are
chosen to
verify user’s
identity
11
. T
he
sto
red
fea
ture
s ar
e se
nt
for
com
par
ing t
o g
et a
uth
. d
ecis
ion
7. T
he
sele
cted
au
then
tica
tio
n
fact
ors
are
chal
len
ged
to
th
e u
ser
8. C
aptu
red
au
then
tica
tio
n f
acto
rs
are
sen
d t
o c
reat
e JS
ON
ob
ject
5. The selected authentication
factors are stored in database
Flow Diagram for A-MFA authentication triggering
Selected Authentication Factors
Authentication Triggering?
Yes
NoWait for Certain period
Selection ProcedureSurrounding Conditions
Light, NoisePreviously selected
authentication factors
Face Recognition
Fingerprint Recognition
Speech Recognition
Keystroke Recognition
Passwords SMS…
Choose any combination of the below authentication
factors
Combined Authentication DecisionClient DeviceResponse Back to Client
Wai
t fo
r C
ert
ain
pe
rio
d
Overall Architecture of A-MFA System
Client End Server End
Processing Plane(Data-in-motion)
Data Plane(Data-at-rest)
FingerprintVerification
FaceRecognition
VoiceAnalysis
KeystrokeDynamics
Biometric Modalities
NetworkInformation
Capture
EnvironmentalData Capture
CredentialCollection
BiometricData
Collection
Password
Passphrase
Non-BiometricModalities
AmbientLight
Environmental Sensors
AmbientNoise
Connection Media
Ethernet Wireless Cellular
SMS Code
TOTP Code
Out-of-bandModalities OTP Code
Capture
OTP CodeEntry
Access Attempt Logs
Selection Procedure
Surrounding Conditions
Selection Decision
Store Result
Retrieve PreviousSelection
Captured User Data Feature Templateis Stored
Feature Matching
Target FeaturesMatch Result
Feature Extraction
Query Features
Out-of-Band Request
Registration/AuthenticationRequest DB
GPS
Out-of-band authentication request used to thwart man-in-the-middle attack by using an alternate line of communication
• The selection procedure should not follow (having bias towards) any pattern that can be used by the attackers.
• The process should make the consideration of previous selection of the authentication factors to avoid repetitive use of the same factors.
67
9.5
9.75
10
10.25
10.5
10.75
11
11.25
11.5
11.75
12
12.25
12.5
12.75
FD WI PD WI FD WL PD WL
TRU
SWO
RTH
Y S
CO
RES
Comparison of Adaptive Selection with Random and Only Biometric-based Approaches
Random Biometric Adaptive
Stress Test: System accuracy given valid and imposter data and varying light and noise conditions
A-MFA: Mode of Operations
A-MFA runs in three mode of operations:
Normal mode: trigger auth factors at specified
events (wire-wireless, media change, time threshold).
Vigilant mode: when operating environment
suggests (not to select some active modalities), more
passive and stand by auth factors needed to be
considered.
Surveillance mode: when A-MFA runs in vigilant
mode for a longer time, then the authentication
system goes in high alert mode and activates other
user monitoring security systems.
Video of A-MFA Prototype Demo
A company using a similar Technology:https://www.okta.com/learn/Adaptive-MFA
Auth-Spectra: Important Features
Patent # 9,912,657Issue Date: March 6, 2018
A-MFA Applications:
• Continuous, high-confidence, identity authentication for:
• Banking, including online funds transfer
• Online testing in education and training settings
• Secure access to Electronic Medical Records
• Access to Sensitive sites by government employees and others.
• Internet of Things (IoT) sensory data access.
• Use in Blockchain Technology for access verification to Hyper ledger.
• Specific web services such as PayPal, Netflix and other paid services.
Deployable at different levels of Internet Computing:
• Application level (financial applications, email/business/personal
applications, social applications)
• User level (root user, administrators, guest user)
• Document level (pdf containing application form, document
containing proprietary information, image/video containing
confidential and sensitive footage)
Version 2: A-MFA using additional factors
A-MFA invisibly can integrate hundreds of auth factors.
Including behaviours, as an extra set of "factors“
Evaluates if there is enough of a match with a user's known profile to allow the user to access a site or service without requiring the user to enter any additional factors.
Comparison of Different MFA products
75Source: https://www.g2crowd.com/products/adaptive-multi-factor-authentication/competitors/alternatives?utf8=%E2%9C%93&order=recommended
Product Name Vendor Factors Features
SecureAuth IdP SecureAuth Two factors and SSO (out of 20) Mobile, cloud, web or VPN
RSA SecureID RSA Two factors Software (smartphones, tablets and PC)
and Hardware authenticators
Safenet SafeNet Two factors Cloud, Password + SMS/Hardware Token
SecurEnvoy SecurEnvoy Two Factor Tokenless (One-swipe, SMS Preload, Soft
Token, Voice Call, Email Preload)
Microsoft Azure
MFA
Microsoft Multi factor (Phone call, SMS and
Password)
On premises and Cloud authentications
Mobile Device + User-ID and Password
Deepnet
DualShield
Deepnet
Security
Two factors SMS, Voice, Mobile App, Face,
Keystroke, Smart Cards
Swivel Secure Swivel
Secure
SSO + two factor Mobile App, SMS, Software/Hardware
Tokens, Telephony
Duo Security Duo Security Two factor Duo Push, Mobile Passcode, SMS, Phone
callback, Hardware token
Adaptive MFA Multi factor(Adaptively selected by
sensing the environment conditions and
considering the previous selection
history)
Face, Fingerprint, Voice, Keystroke,
Passwords, SMS, TOTP
A-MFA Related Publications
96
Abhijit Kumar Nag, Dipankar Dasgupta, Kalyanmoy Deb. An Adaptive Approach for Active Multi-Factor Authentication, June 3-4, 2014.
Abhijit Kumar Nag, Dipankar Dasgupta. An Adaptive Approach for Continuous Multi-factor Authentication in an Identity Eco-System. In 2014.
Abhijit Kumar Nag, Arunava Roy and Dipankar Dasgupta. An Adaptive Approach towards the Selection of Multi-factor Authentication. in 2015.
Dipankar Dasgupta, Arunava Roy, and Abhijit Kumar Nag. "Toward the design of adaptive selection strategies for multi-factor authentication.” in 2016.
Dipankar Dasgupta, Arunava Roy and Abhijit Kumar Nag. Advances in User Authentication, Springer in Series “InfoSys Science Foundation Series in Applied Sciences and Engineering” in September 2017.
Dipankar Dasgupta, John Shrein, McKittrick Swindle and Abhijit Kumar Nag. Design and Implementation of Adaptive Multi-Factor Authentication (A-MFA) System. Submitted to a Journal, 2018
Other Recent Publications:• Multi-user permission strategy to access sensitive information by D
Dasgupta, A Roy, D Ghosh, Information Sciences Journal, 423, pp 24-49, January, 2018.
• Design and implementation of Negative Authentication System by D. Dasgupta, A. Nag, D. Ferebee, S. Saha, K. P. Subedi, A. Roy, A. Madero, A. Sanchez, J. R Williams, International Journal of Information Security, pp 1-26, November 2017
• Handling Big Data Using a Data-Aware HDFS and Evolutionary Clustering Technique, by M. Hajeer and D. Dasgupta. In IEEE Transactions on Big Data, Vol. PP, issue 99, December 2017
• Privacy-Preserving Proxy Re-encryption with Fine-Grained Access Control by P Chaudhari, ML Das, D Dasgupta. In the proceedings of International Conference on Information Systems Security, 88-103, Springer, December 2017 (received Best Paper Award).
• Privacy and Security Issues in Mobile Health: Current Research and Future Directions. By S Bhuyan, H Kim, O O Isehunwa, N Kumar, J Bhatt, D Wyant, S Kedia, C F. Chang, D Dasgupta, In the Journal of Health Policy and Technology, 2017.
• D. Dasgupta, A. Roy and A. Nag. A Patent (# 9,912,657) on Adaptive Multi-Factor Authentication System, is approved on March 6, 2018.
• My latest graduate textbook on Advances in User Authentication just published by Springer-Verlag (August 2017 (already having 5730 downloads according to Bookmetrix);
Multidisciplinary research resulted in 250 publications and two textbooks, two edited volumes and several co-edited journals and conference proceedings.
Received Six (6) Best Paper Awards at international conferences (1996, 2006, 2009, 2011, 2013 and 2017)
More than15000 citations with h-index of 56 and g-index of 93.
CoChair, Nature-Inspired Cyber Defense at NCLY summit, 2009.
ACM SIGEVO Impact Award.
ACM Distinguished Speaker and IEEE Fellow
Text Books by Dasgupta
2018 IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2018)
at
2018 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (IEEE SSCI 2018)
November 18- November 21, 2018, Bengaluru, India.
URL: http://ieee-ssci2018.org/cics.html/
DEADLINES:• Special Track/Session Proposal: April 5, 2018• Paper Submission: June 30, 2018
Symposium Chair: Dipankar Dasgupta, IEEE Fellow, The University of Memphis, USA
Co-Chair: Marco Carvalho, Florida Institute of Technology, USA
Co-Chair: Shamik Sural, Indian Institute of Technology, Kharagpur, India
102