This chapter presented a policy-based framework that allows individuals to express data protection requirements in terms privacy and security properties, and to express constraints on how their data propagates once disclosed to the data controller. The proposed policy framework is flexible enough to be used at different levels of abstraction in a business process
117
to express typical privacy and access control requirements, while providing also a way to express information-flow control constraints.
The concept of a form was introduced and it uses aspects of static information-flow analysis to control the data output of activities and to semantically encapsulate it.
Finally, it was taken into account the relationship that exists between category, activity and purpose to characterise personal data and hence define appropriate security measures to be enforced by the data controller.
As further work, one could investigate ways to allow the PSB to calculate data sensitivity in an automated or semi-automated manner.
118
Context-Aware Multifactor Authentication Scheme Based
On Dynamic Pin
This work proposes an innovative context-aware multi-factor authentication scheme based on a dynamic PIN. The contribution is two-fold. First, an authentication scheme based on graphical passwords where a challenge is dynamically produced based on contextual factors and client device constraints while balancing security assurance and usability. Second, the approach proposed utilises a new methodology for Dynamic PIN-based authentication where not only a new Dynamic PIN is produced in every user authentication attempt, but also the cryptographic transformation used to produce the Dynamic PIN changes dynamically based on the user input, history of authentications, and available authentication factors at the client device.
6.1 Introduction
In the digital space, identity refers to a set of data or identifiers used to describe a human or a digital entity. In the case of humans, managing identity has become an integral and unavoidable part of daily life. Both individuals and organisations routinely use identities for all kind of different purposes, be it social, work, or personal, in order to assert trust and be able to interact. As a result of this situation, identity and authentication-related issues, such as identity theft and fraud, abound and will remain prevalent in the next decades.
User authentication is a means of identifying a user and verifying his identity. There are three main types of methods to achieve user authentication: token-based, biometric-based, and knowledge-based. Token-based methods refer to “what the user has” such as bank cards and
119
smart cards [107]; biometric-based methods refer to “what the user is” such as iris scans or fingerprints; and knowledge-based methods refer to “what the user knows” such as passwords and PINs. Each type of method has its own characteristics, properties, (dis)advantages, applications, and can be vulnerable to specific types of attacks. Currently, text-based passwords are the most widely used authentication method because of its convenience and usability. However, this type of password is not considered secure enough for certain sensitive or critical transactions and is susceptible to diverse types of attacks including key logging, shoulder-surfing, dictionary attacks, and social engineering, among others.
More recently, graphical-based passwords have been proposed as an alternative to text-based passwords as their characteristics can eliminate or mitigate the abovementioned attacks (if properly designed). Graphical-based passwords require more memory space, and take longer to register and to log-in; but at the same time they are more human-friendly, inexpensive to create, less likely to be written down, have the potential to provide richer symbol space than text passwords[108], and harder to guess. Several studies indicate that graphical-based passwords can be easier to remember [109]. Usability strongly depends on several factors including the expertise and requirements of the target user, the frequency of use, the size and resolution of the screen, and the level of security required[110]. From the security perspective, attacks on graphical-based passwords can be classified as guessing or capture attacks. Guessing attacks include brute-force, dictionary attacks, and attacks on specific graphical password schemes. Capture attacks include malware, phishing, pharming, and social engineering. The same types of attacks apply to text passwords but it has been proved that they are more expensive and require more sophisticated mechanisms to perform them on graphical passwords[110].
One approach to increase the assurance of the authentication process is multi-factor authentication, which consists in combining different authentication methods. For instance, a bank card uses two factors of authentication: a PIN and the card itself used as a token. However, not all transactions require the same level of assurance and choosing the correct authentication factor(s) depends on the nature and criticality of the authentication transaction, its context, and the resources being protected, whether it is the protection of a digital identity itself from abuse or misuse, or controlling access to the usage of restricted information and services, as well as the levels of risk and trust involved. Additionally, as in other areas of security, there are trade-offs among variables such as assurance, performance, and usability that should be balanced for an authentication mechanism to operate optimally.
This work proposes an innovative context-aware multi-factor authentication system based on a dynamic PIN. The contribution of this work is two-fold.
120
First, traditional password- and PIN-based authentication systems are based on the knowledge of a fixed short sequence of digits or characters. At each authentication attempt the user provides always the same information. In this way the method is exposed to different attacks which leverage on the static feature of the secret. An authentication scheme of the family challenge/response based on graphical-based passwords is presented where a new challenge is dynamically produced based on contextual information (e.g. location), client device constraints, and the risk associated for a given authentication transaction while balancing assurance and usability.
Second, the approach proposed utilises a new methodology for Dynamic PIN-based authentication where not only a new Dynamic PIN is produced in every user authentication attempt but also the cryptographic transformation used to produce the Dynamic PIN changes dynamically, for example, depending on the user input (i.e. response to the challenge), the history of authentication attempts, or authentication factors available on a client device. A new PIN is generated for each authentication attempt without any predictable backward and forward correlation making practically infeasible for a “man-in-the-middle” who manages to intercept content of interactions to predict the next Dynamic PIN given a set of valid Dynamic PIN already used.
The proposed approach leverages on the fact that users commonly use various types of client devices such as smartphones, laptops, tablets, etc., 1) that already incorporate authentication factors (e.g. SIM cards, biometric readers, etc.) that can be integrated in the Dynamic PIN authentication process in order to increase the level of authentication assurance if necessary; 2) that already incorporate sensors and API interfaces that allow obtaining contextual information in order to drive the authentication process; and 3) that provide device-specific information that can be used to optimise the way the user interacts with the device during authentication (e.g. by presenting a customised challenge that takes into account usability and security trade-offs given certain display constraints).
This chapter is organised as follows. Section 6.2 presents the related work. Section 6.3 provides an overview of the proposed authentication mechanism. Sections 6.4, 6.5, and 6.6 present in detail the three main functional phases the authentication system consists of, that is, registration, session key setup, and Dynamic PIN generation, respectively. Section 6.7 describes an innovative use case variant of the proposed authentication scheme. Section 6.8 presents the conclusions.
121