Adaptive Multi-Factor

Authentication (A-MFA)

System

Prof. Dipankar Dasgupta, IEEE Fellow

A NATIONAL CENTER OF ACADEMIC

EXCELLENCE (CAE-CD / CAE-R)Center website: cfia.memphis.edu

Director: Center for Information Assurance

• Authentication Basics-Single Factor

• Negative Authentication System (NAS)

• Multi-Factor Authentication (MFA)

• Active/Continuous Authentication

• Adaptive Multi-Factor (A-MFA) • Overview: Goal & Objectives

• Design of A-MFA Framework

• A-MFA Prototype System

• Use Cases for A-MFA

• Cyber Identity Ecosystem

• Summary

Agenda

Authentication

3

Authentication is the critical safe guards against illegal access to computing systems.

the process of giving individuals access to system objects based on their identity.

Ensures that the individual is who he or she claims to be.

But says nothing about the access rights of the individual.

Challenges

Correctly identify authorized users in particular Operational Settings.

Take appropriate action on demand basis to prevent un-authorized access.

Password-Based Authentication

4

Single-factor

Username-password. (most widely used as of now!)

Issues

Mostly targeted by the attackers

If this single channel is compromised, the users are

denied of the service until it is restored

Recent advancement of computer processing power,

makes to check all possible cases in a short amount of

time

Difficult to remember for a wide variety of websites

Type of User online Accounts

5

In a survey by Google researchers (2013), found that there exist different type of user accounts and all those accounts may not require strong authentication. For example,

* Users might create throw-away accounts for participating in pseudo-anonymous conversation, doing online survey, or one-time purchase, etc.

* Routine accounts are generally long-lasting which may not be high-valued but use for reading online newspapers, magazines, etc.

* Spokesperson accounts are created to participate in political, social, philosophical, professional discussions, blogging; compromising such accounts may defame the user, spread misinformation, embarrassment to extensive cleanup costs.

* Sensitive accounts include user’s primary email accounts, financial accounts, employment/service accounts, and exposing such accounts may have sever and sometime unforeseen consequences.

* Very high-value transaction accounts are specialized access use for irrevocable actions such as cross-border fund transfer, weapon release, etc.

Single-Factor Authentication : It’s not enough nowadays!

Dell Secure Works Counter Threat Unit (CTU) researchers discovered malware “Skeleton Key” that :

Bypasses authentication on Active Directory (AD) systems

that implement single-factor (password only) authentication

Threat actors can use a password of their choosing to

authenticate as any user

Skeleton Key is deployed as an in-memory patch on a victim’s

AD domain controllers to allow the threat actor to bypass

authentication with physical access to login and unlock systems

Sample Scenario

IARPA Project: Multi-layered Authentication System

Negative Authentication

System (NAS)

Negative Authentication System (NAS)

8

The overall concept of Negative Authentication System (NAS)

Uses complementary information from password dataset.

Security Layer 1 Security Layer 2

(P)

Security Layers of NAS

Password Profile

Negative Authentication System (NAS)

9

Two layers of NAS:

Negative filtering layer and

password checking layer.

There is no direct communication

among the access requests and

the positive authentication server

The communication between the

first server and the second server

is transparent to the users.

Authentication Process Flow

10

End-User

Firewall

NAS Database

NAS L2

Application

Positive

Authentication

System

NAS L1

Application

Administrator

2

1L1

L2

3

2017 SSCI-CICS Tutorial Dasgupta & Nag

Account Creation Process Flow

11 2017 SSCI-CICS Tutorial Dasgupta & Nag

Summary of NAS Approach

12

NAS can detect and filter out most of the invalid requests, and

hence lower the probability of making guessing requests to access

the positive authentication data.

Exposing the negative detectors upfront reduce the overall

password cracking risks.

It also prevent Side channel attacks.

Implemented in collaboration with the Massachusetts Institute of

Technology (MIT) Geospatial Data Center. A conceptual demo

video is available at https://vimeo.com/98054594

Need for Multi-Factor: Sample Scenario

13

Perspective for Multi-factor Authentication

14

What the User knows

Password, PIN, pass phrases

What the User has

Smart card, digital certificate, driver’s license

Who the User is

Fingerprint, iris scan, voice recognition

Where the User is

GPS, IP address of user

Two Factor• Generally Password along with SMS for verification code

Ph.D. Dissertation Defense

Abhijit K Nag

U00366768

Authentication Types

Product- Microsoft Azure

Different MFA products in Market Today

18

Product Name

Vendor Factors Features Source (Website)

SecureAuthIdP

SecureAuth Two factors and SSO ( out of 20)

Mobile, cloud, web or VPN www.secureauth.com

RSA SecureID RSA Two factors Software (smartphones, tabletsand PC) and hardware authenticators

http://www.emc.com/security/rsa-securid.htm

Safenet SafeNet Two factors Cloud, Password + SMS/Hardware Token

www.safenet-inc.com/multi-factor-authentication/?tabnum=2

SecurEnvoy SecurEnvoy Two Factor Tokenless (One-swipe, SMS Preload, Soft Token, Voice Call, Email Preload)

www.securenvoy.com/

Symantec O3 Symantec Cloud identity and access control (Two Factor authentication)

Cloud applications (set policies forgroups, persons, devices) [security control point]

www.symantec.com/page.jsp?id=O3

Microsoft Azure

Microsoft Multi factor (Phone call, SMS and Password)

On premises and cloudauthenticationsMobile Device + user-id and password

azure.microsoft.com/en-us/services/multi-factor-authentication/

DeepnetDualShield

DeepnetSecurity

Two factors out of 10 different methods

SMS, Voice, Mobile App, Face, Keystroke, Smart Cards

www.deepnetsecurity.com/products/dualshield/

Swivel Secure

Swivel Secure

SSO + two factor Mobile App, SMS, tokens, Telephony, Browser

www.swivelsecure.com/

miniOrangeStrong Authenticati

miniOrange SSO + two factor 14 different authentication types miniorange.com/strong_auth

Current MFA trends

– Effectiveness of MFA as a potent tool to tackle BYOD security complexity benefits the market.

– Rise in smartphone thefts spurs use of MFA on mobile devices.

– Cloud services need MFA to establish customer trust and increase cloud adoptability.

http://www.strategyr.com/MarketResearch/Multi_Factor_Authentication_MFA_Market_Trends.asp

• Amazon, Google, Yahoo, Dropbox, Facebook, LinkedIn, Twitter, Microsoft uses two factors to access their online services for authentication.

Why we should care?

Aside from the fact that all companies should take their customer data securityseriously, not having adequate authentication mechanisms in place increases the potential of corporate PII breach risks including:

Legal Liability

Government Enforcement Action Class Actions Individual Actions

ReputationalExposure Business

Consequences

Sec/ShareholderIssues

Employee/CustomerIssues

Typical Breach Costs

Outside Counsel Credit Monitoring Security & Technology upgrades Defence costs Fines Settlements

Use of Multi-factor Authentication (MFA)

• Provide different choices to the user during authentication to verify their identity.• However, all the factors may not be available in all operating conditions.

• Come with a fail-safe feature in case of any authentication factor gets compromised• users should be authenticated utilizing the other non-compromised

modalities.

• Concerns:

21

- How to choose a better set of authentication factors out of all possible choices in any given operating environment.

- The choice of an appropriate set of authentication factor determines the performance of the MFA

23

The selection procedure should not follow (having bias

towards) any pattern that can be used by the attackers.

The process should make the consideration of previous

selection of the authentication factors to avoid repetitive use

of the same factors.

Modes of Auth.

Factor Selection IllustrationStatic A predefined set of modalities for any given

environment.

Dynamic A set of modalities chosen dynamically at different

time triggering event for authentication.

Dynamic Random Modalities are chosen in any random order at the time

of authentication.

Adaptive Modalities are chosen based on current system settings

and previously selected modalities.

How to select Modalities in MFA?

Adaptive Multi-Factor Authentication (A-MFA)

This greatly enhances security without changing the user experience.

However, when an unauthorized user attempts to gain access with stolen credentials and the additional factors and behaviours normally seen don't line up, the login is prevented and challenged.

The selection of multiple authentication factors are conducted adaptively considering

Operating devices

Connected Media

Surrounding Conditions/Environment

Biometric Presentation Attacks

D. Dasgupta25

26

Public Place with shared wifi

10

Mon

10

Mon

10

Mon

10

Mon

Overall Concept of A-MFA

A-MFA: Overall Goal and Objectives

33

Develop Trustworthy Model with Probabilistic

Constraints

Design the Adaptive Selection

Approach of MFA

Cardinality of the Auth.

factors

Previous history of selected factors

Selected Authentication factors in a given environment settings

Error rates of

individual factors

Constraints for the given environment

settings

Implement the

Trustworthy Model

Implement Adaptive Selection Approach

Build users’ profile with

different captured

auth. factors

Implement user

identification Model

Evaluation of the

system with different settings

Design and Implementation of an Adaptive Multi-factor Authentication(A-MFA) Framework

Objective 1 Objective 2 Objective 3

Pairwise Preference

Information on Trustworthiness

Objective 4

Build a Pilot web-service

to authenticate

Implement A-MFA

Run user-study on Pilot

Framework

Version 1: A-MFA Modalities & their features

M1: Face Recognition

It is computed through face geometry features. Features include different

points in Lips, eyes, brow and cheek, Crows-feet wrinkles nasal root

wrinkles.

M2: Finger Print

Three level of features are used for this modality. Level 1 features show

macro details of the ridge flow shape, Level 2 features (minutiae point) are

discriminative enough for recognition, and Level 3 features (pores)

complement the uniqueness of Level 2 features.

M4: CAPTCHA

It is used to prevent automated software to perform actions and can

discriminate between human and bots. a CAPTCHA features an image file

of slightly distorted alphanumeric characters. It also has read out feature

for users with visually impaired.

M3: Password

Password is the most common modality. It can be stored in hashed form

and matched with the input by hashing the given password as string

matching. Password can be made with alpha-numeric characters along

with some special characters.

Modalities & their features

M5: SMS

SMS feature is used to send the pass-code to any phone number and

that code is valid for a short period of time. The phone number

should be registered to the system a-priori basis.

M6:Voice recognitionIt uses pitch and different formant features (F1, F2 and F3). The

pitch of the speech signal contains crucial information about the

intonation pattern. The formants represent the articulators of the

speech signal where the resonant frequencies are generated.

M7: Keystroke pattern

This modality detects the pattern of the keystrokes. The features

used for this techniques are : mean latency and standard deviation of

digraphs [A combination of two letters representing one sound],

mean duration and standard deviation of keystrokes.

Using Biometric Characteristics

In this chart the further away

the characteristic is from the

center, the better is the

biometric technique.

So for instance keystroke scan

and signature scan are low cost,

require very little effort, and are

not intrusive at all, however they

are not distinctive.

On the other end of the

spectrum, retina scan and iris

scan, provide very high

distinctiveness, however they are

both expensive, and intrusive.

Authentication Factors

In this work, an authentication factor is defined as

(i) Single feature of an authentication modality;

(ii) Any combination of features of an authentication

modality;

(iii) Combination of multiple features of different

authentication modalities.

Key Term M𝑘(𝑘 ∈ ℤ

+) be the 𝑘th authentication modality and M𝑘: 𝑓𝑘,𝑖 be its 𝑖th

feature.

M𝑘 : 𝑓𝑘,𝑖 𝑖∈ℤ+𝑘∈ℤ+

:

𝑖th features of different combinations of M𝑘 𝑘∈ℤ+ .

Authentication Factors

The first features of M1and M2: M1: 𝑓1,1 and M2: 𝑓2,1 .

They are considered as two authentication factors (according to (i))

M1: 𝑓1,1, 𝑓1,2 is one authentication factor (according to (ii))

combinations of M1: 𝑓1,1 and M1: 𝑓1,2

M1, M2: 𝑓1,1, 𝑓2,1 is considered as one authentication factor (according to

(iii))

combination of M1: 𝑓1,1 and M2: 𝑓2,1 .

Trustworthy Value of Auth Factors

40

Challenge is to calculate a trustworthy value for an authentication factor

Expressed in terms of numeric values for a given type of device and medium.

Main concept:

Compute using pairwise comparative preference information for different

authentication factor-device-media combinations.

Pairwise trustworthy values for different media using the same device;

Pairwise trustworthy values for different devices using the same medium;

Also incorporate the available error rates for the authentication factors ( for example,

FAR, EER)

These pair-wise decisions are then analyzed and solved through constructing an

optimization problem with probabilistic constraints to get the trustworthy

values.

Details about Trustworthy

Calculations

41

A particular pair-wise comparison involving 𝑖thand 𝑘thdevices for a particular

(𝑗th )media and particular (𝑚th ) modality, the following conditions will occur:

T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 >=< T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘;

As they are equally likely:

𝑃 T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 > T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘 = 𝑃 T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 < T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘 =

𝑃 T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 = T𝑘𝑗 M𝑠; 𝑓𝑠,𝑙 ; 𝑖 ≠ 𝑘 =1

3

random variable T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 𝑖=1

𝑑can be constructed to determine the comparisons of

the trustworthiness of a particular authentication factor (modality with a set of

features) in different devices in a fixed medium.

Details about Trustworthy

Calculations

43

Similarly, the comparison can also be done among the trustworthiness of a

particular authentication modality (with a set of features) in different media,

keeping the device selection fixed.

Based on the above cases, the following non-linear programming problem

with probabilistic constraints (NLPPPC) has been formed to find a set of

T𝑖𝑗 M𝑠; 𝑓𝑠,𝑙 values

𝐌𝐚𝐱𝐢𝐦𝐢𝐳𝐞 𝑗 𝑖 𝑘𝑖≠𝑘

T𝑖𝑗 M𝑠;𝑓𝑠,𝑙 − T𝑘𝑗 M𝑠;𝑓𝑠,𝑙

𝜀1+

𝑖 𝑗 𝑘𝑗≠𝑘

T𝑖𝑗 M𝑠;𝑓𝑠,𝑙 − T𝑖𝑘 M𝑠;𝑓𝑠,𝑙

𝜀21

Details about Trustworthy

Calculations

44

An authentication modality (with a set of features), M𝑖; (𝑖 = 1,2… 𝑠) is more

(or less or equally) trusted for a user in a device D𝑗; (𝑗 = 1,2,… , 𝑑) rather

than in device D𝑘; (𝑘 = 1,2,… , 𝑑; 𝑘 ≠ 𝑗) for a particular medium Me𝑙; (𝑙 =

Trustworthy Value of Combined

Factors

46

Calculation of trustworthy values of combined factor from individual

trustworthy values illustrated.

… …

… …

+

Trustworthy value of combined factors in a specific medium

Machine Learning Algorithm

A Framework for A-MFA System

Effect of different medium

Adaptive Selection of multiple authentication factors

VMs stores different authentication factors of users

Validated Users

Not Validated

Au

the

nti

cati

on

fa

cto

rs (

Mo

dal

itie

s w

ith

fea

ture

s)

Vehicle Settings

Application Environment

UI

Driving Environment

Some Details of A-MFA

51

PW

D

M

1

M

2

M

3

M

4

M

5M

6

M

7

Query and Retrieval of

Authentication Factors

Authenticati

on Service Front

End

VMs for

Each

authenticati

on modality

Adaptive

selection of

Auth.

Factors

via Multi-

objective

Optimization

Auth Modality Activation

Pattern

52

PWD

Acti

vate

d M

od

aliti

es

Authentication Triggering Time

T1 T3T2 T4 T5

Media

Chan

ged

Devi

ce C

han

ged

Tim

e E

lapse

d

Media

Chan

ged

Tim

e E

lapse

d

Tim

e E

lapse

d

PWD

T6 T7 T8

Media

Chan

ged

Devi

ce C

han

ged

PWD

PWD

Illustration of Adaptive Selection Algorithm

Sel

ecte

d A

uth

enti

cati

on

Fac

tors

Time of Authentication Triggering Events

T1

T2

T3 T4

T5 T6

T0

FD

,

WI

FD

, W

I

FD

,

WI

FD

,

WI

FD

,

WI

PD

, W

L

FD

, W

I

F1,3

F2,3

F4,2

F1,2

F2,1

F2,2

F3,2

F3,3

F5,2

F3,2

F4,3

F5,3

F2,2

F2,3

F5,2

F3,2

F3,3

F5,3

F4,1

F5,1

F5,2

Initial Experiments

• Dataset is created for 50 users as a test-bed for Adaptive-MFA System– Face Dataset:

• 10 images for registration and 3~5 images for authentication purpose.• Faces94, faces95 dataset [1] are used

– Fingerprint Dataset:• 3 images for registration and 2 images for authentication purpose.• CASIA Fingerprint Image Database Version 5.0 [2]

– Voice Dataset:• 3 voice samples for registration and 1 voice sample for authentication.

– Keystroke Dataset:• 5 keystroke samples for registration and 3 or more keystroke samples for authentication.• CMU dataset [3] is used.

– Non-biometric data are generated programmatically.

– Passwords and pass-phrases are hashed using SHA-512 in client side and B-Crypt [4] in the server side

(data-at-rest).

– The communication between client and server are done through https protocol which is basically an end-

to-end encrypted communication while data-in-motion.

1. Faces 94. The University of Essex. Face Recognition Data Set, Libor Spacek. Url:

http://cswww.essex.ac.uk/mv/allfaces/faces94.html

2. Casia-FingerprintV5, Url: http://biometrics.idealtest.org/3. CMU dataset, Url: http://www.cs.cmu.edu/~keystroke/4. 4. Bcrypt Generator. Date accessed: September 1, 2016. Url:https://www.bcrypt-generator.com/

Customized, 3D-PrintedLight and Noise Sensor Case

User Registration and Authentication GUI• Face Recognition*

– Eigen Face

– Fisher Face

– Local Binary Pattern Histogram

• Fingerprint Recognition*

– JY

– Medina-Perez

– SourceAFIS

• Voice Recognition*

– MFCC

– PLPC

– Prosody

• Keystroke Recognition*

– Manhattan

– Mahalanobis

– K-NN Mahalanobis

*: references are listed at the end of presentation slides

Face Recognition

Fingerprint Analysis

Knowledge-

Based

Modalities

Possession-

Based

Modalities

Biometric

Modalities

Location-Based

Modalities

Password

Pass-phrase

Security

Challenge

Questions

SMS Code

TOTP Code

Face Recognition

Fingerprint

Recognition

Voice

Recognition

Keystroke

Recognition

GPS

IP address

MAC Address

Wi-Fi

Triangulation

Cellular

Triangulation

Authentication modalities incorporated in A-MFA System

User Identification Process

Client Application

Web Page to show

authentication factors

to identify user

Client

Visual C# application

(extracting features

and matching

features)

Database

10

. T

he

req

ues

t fo

r th

e st

ore

d f

eatu

res

to c

om

par

e w

ith

cap

ture

d f

eatu

res

12. The response of User Identification decision to the client

2. JSON object send to the server for surrounding data

13

. T

he

serv

er r

esp

on

se s

ho

wn

to

use

r.

1. S

end

ing t

he

surr

ou

nd

ing c

on

dit

ion

s

to t

he

serv

er

Server

Selection

Procedure

9. JSON object send to the server for feature extraction

6. The response of . selected authentication factors to the client

3. The surrounding

conditions send to

selection algorithm

4. The selected

authentication

factors are

chosen to

verify user’s

identity

11

. T

he

sto

red

fea

ture

s ar

e se

nt

for

com

par

ing t

o g

et a

uth

. d

ecis

ion

7. T

he

sele

cted

au

then

tica

tio

n

fact

ors

are

chal

len

ged

to

th

e u

ser

8. C

aptu

red

au

then

tica

tio

n f

acto

rs

are

sen

d t

o c

reat

e JS

ON

ob

ject

5. The selected authentication

factors are stored in database

Flow Diagram for A-MFA authentication triggering

Selected Authentication Factors

Authentication Triggering?

Yes

NoWait for Certain period

Selection ProcedureSurrounding Conditions

Light, NoisePreviously selected

authentication factors

Face Recognition

Fingerprint Recognition

Speech Recognition

Keystroke Recognition

Passwords SMS…

Choose any combination of the below authentication

factors

Combined Authentication DecisionClient DeviceResponse Back to Client

Wai

t fo

r C

ert

ain

pe

rio

d

Overall Architecture of A-MFA System

Client End Server End

Processing Plane(Data-in-motion)

Data Plane(Data-at-rest)

FingerprintVerification

FaceRecognition

VoiceAnalysis

KeystrokeDynamics

Biometric Modalities

NetworkInformation

Capture

EnvironmentalData Capture

CredentialCollection

BiometricData

Collection

Password

Passphrase

Non-BiometricModalities

AmbientLight

Environmental Sensors

AmbientNoise

Connection Media

Ethernet Wireless Cellular

SMS Code

TOTP Code

Out-of-bandModalities OTP Code

Capture

OTP CodeEntry

Access Attempt Logs

Selection Procedure

Surrounding Conditions

Selection Decision

Store Result

Retrieve PreviousSelection

Captured User Data Feature Templateis Stored

Feature Matching

Target FeaturesMatch Result

Feature Extraction

Query Features

Out-of-Band Request

Registration/AuthenticationRequest DB

GPS

Out-of-band authentication request used to thwart man-in-the-middle attack by using an alternate line of communication

• The selection procedure should not follow (having bias towards) any pattern that can be used by the attackers.

• The process should make the consideration of previous selection of the authentication factors to avoid repetitive use of the same factors.

67

9.5

9.75

10

10.25

10.5

10.75

11

11.25

11.5

11.75

12

12.25

12.5

12.75

FD WI PD WI FD WL PD WL

TRU

SWO

RTH

Y S

CO

RES

Comparison of Adaptive Selection with Random and Only Biometric-based Approaches

Random Biometric Adaptive

Stress Test: System accuracy given valid and imposter data and varying light and noise conditions

A-MFA: Mode of Operations

A-MFA runs in three mode of operations:

Normal mode: trigger auth factors at specified

events (wire-wireless, media change, time threshold).

Vigilant mode: when operating environment

suggests (not to select some active modalities), more

passive and stand by auth factors needed to be

considered.

Surveillance mode: when A-MFA runs in vigilant

mode for a longer time, then the authentication

system goes in high alert mode and activates other

user monitoring security systems.

Video of A-MFA Prototype Demo

A company using a similar Technology:https://www.okta.com/learn/Adaptive-MFA

Auth-Spectra: Important Features

Patent # 9,912,657Issue Date: March 6, 2018

A-MFA Applications:

• Continuous, high-confidence, identity authentication for:

• Banking, including online funds transfer

• Online testing in education and training settings

• Secure access to Electronic Medical Records

• Access to Sensitive sites by government employees and others.

• Internet of Things (IoT) sensory data access.

• Use in Blockchain Technology for access verification to Hyper ledger.

• Specific web services such as PayPal, Netflix and other paid services.

Deployable at different levels of Internet Computing:

• Application level (financial applications, email/business/personal

applications, social applications)

• User level (root user, administrators, guest user)

• Document level (pdf containing application form, document

containing proprietary information, image/video containing

confidential and sensitive footage)

Version 2: A-MFA using additional factors

A-MFA invisibly can integrate hundreds of auth factors.

Including behaviours, as an extra set of "factors“

Evaluates if there is enough of a match with a user's known profile to allow the user to access a site or service without requiring the user to enter any additional factors.

Comparison of Different MFA products

75Source: https://www.g2crowd.com/products/adaptive-multi-factor-authentication/competitors/alternatives?utf8=%E2%9C%93&order=recommended

Product Name Vendor Factors Features

SecureAuth IdP SecureAuth Two factors and SSO (out of 20) Mobile, cloud, web or VPN

RSA SecureID RSA Two factors Software (smartphones, tablets and PC)

and Hardware authenticators

Safenet SafeNet Two factors Cloud, Password + SMS/Hardware Token

SecurEnvoy SecurEnvoy Two Factor Tokenless (One-swipe, SMS Preload, Soft

Token, Voice Call, Email Preload)

Microsoft Azure

MFA

Microsoft Multi factor (Phone call, SMS and

Password)

On premises and Cloud authentications

Mobile Device + User-ID and Password

Deepnet

DualShield

Deepnet

Security

Two factors SMS, Voice, Mobile App, Face,

Keystroke, Smart Cards

Swivel Secure Swivel

Secure

SSO + two factor Mobile App, SMS, Software/Hardware

Tokens, Telephony

Duo Security Duo Security Two factor Duo Push, Mobile Passcode, SMS, Phone

callback, Hardware token

Adaptive MFA Multi factor(Adaptively selected by

sensing the environment conditions and

considering the previous selection

history)

Face, Fingerprint, Voice, Keystroke,

Passwords, SMS, TOTP

A-MFA Related Publications

96

Abhijit Kumar Nag, Dipankar Dasgupta, Kalyanmoy Deb. An Adaptive Approach for Active Multi-Factor Authentication, June 3-4, 2014.

Abhijit Kumar Nag, Dipankar Dasgupta. An Adaptive Approach for Continuous Multi-factor Authentication in an Identity Eco-System. In 2014.

Abhijit Kumar Nag, Arunava Roy and Dipankar Dasgupta. An Adaptive Approach towards the Selection of Multi-factor Authentication. in 2015.

Dipankar Dasgupta, Arunava Roy, and Abhijit Kumar Nag. "Toward the design of adaptive selection strategies for multi-factor authentication.” in 2016.

Dipankar Dasgupta, Arunava Roy and Abhijit Kumar Nag. Advances in User Authentication, Springer in Series “InfoSys Science Foundation Series in Applied Sciences and Engineering” in September 2017.

Dipankar Dasgupta, John Shrein, McKittrick Swindle and Abhijit Kumar Nag. Design and Implementation of Adaptive Multi-Factor Authentication (A-MFA) System. Submitted to a Journal, 2018

Other Recent Publications:• Multi-user permission strategy to access sensitive information by D

Dasgupta, A Roy, D Ghosh, Information Sciences Journal, 423, pp 24-49, January, 2018.

• Design and implementation of Negative Authentication System by D. Dasgupta, A. Nag, D. Ferebee, S. Saha, K. P. Subedi, A. Roy, A. Madero, A. Sanchez, J. R Williams, International Journal of Information Security, pp 1-26, November 2017

• Handling Big Data Using a Data-Aware HDFS and Evolutionary Clustering Technique, by M. Hajeer and D. Dasgupta. In IEEE Transactions on Big Data, Vol. PP, issue 99, December 2017

• Privacy-Preserving Proxy Re-encryption with Fine-Grained Access Control by P Chaudhari, ML Das, D Dasgupta. In the proceedings of International Conference on Information Systems Security, 88-103, Springer, December 2017 (received Best Paper Award).

• Privacy and Security Issues in Mobile Health: Current Research and Future Directions. By S Bhuyan, H Kim, O O Isehunwa, N Kumar, J Bhatt, D Wyant, S Kedia, C F. Chang, D Dasgupta, In the Journal of Health Policy and Technology, 2017.

• D. Dasgupta, A. Roy and A. Nag. A Patent (# 9,912,657) on Adaptive Multi-Factor Authentication System, is approved on March 6, 2018.

• My latest graduate textbook on Advances in User Authentication just published by Springer-Verlag (August 2017 (already having 5730 downloads according to Bookmetrix);

Multidisciplinary research resulted in 250 publications and two textbooks, two edited volumes and several co-edited journals and conference proceedings.

Received Six (6) Best Paper Awards at international conferences (1996, 2006, 2009, 2011, 2013 and 2017)

More than15000 citations with h-index of 56 and g-index of 93.

CoChair, Nature-Inspired Cyber Defense at NCLY summit, 2009.

ACM SIGEVO Impact Award.

ACM Distinguished Speaker and IEEE Fellow

Text Books by Dasgupta

2018 IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2018)

at

2018 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (IEEE SSCI 2018)

November 18- November 21, 2018, Bengaluru, India.

URL: http://ieee-ssci2018.org/cics.html/

DEADLINES:• Special Track/Session Proposal: April 5, 2018• Paper Submission: June 30, 2018

Symposium Chair: Dipankar Dasgupta, IEEE Fellow, The University of Memphis, USA

Co-Chair: Marco Carvalho, Florida Institute of Technology, USA

Co-Chair: Shamik Sural, Indian Institute of Technology, Kharagpur, India

102