Affiliation:
1. CHRIST University (Deemed), India
Abstract
The rapid internet adoption has heralded the era of connected devices and services. Applications and systems are now internet-centric. The bulk of transactions, communications, and even healthcare data are transmitted online. Internet of things (IoT) are being used extensively across domains. With the increasing digital and online traffic, the risk window grows as well. Evolving threat vectors have prompted the need for multi-factor authentication (MFA) systems that utilize multiple modalities to strengthen security. With enterprises opting for bring-your-own-device (BYOD), static MFA proves insufficient. This brought about risk-based authentication (RBA) that follows an adaptive and continuous authentication strategy. With contextual attributes of the user factored in, RBA is more robust and can withstand multiple attacks. NIST, US and NCSC, UK have recommended RBA. This chapter covers authentication methodologies and their evolution. The need for risk-based authentication, with an analysis of current RBA methodologies, their future outlook, and challenges are covered.