A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones-Reference-Cited by-同舟云学术

A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones

Published:2023-03-09 Issue:6 Volume:23 Page:2979
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Papaioannou Maria¹²^ORCID,Pelekoudas-Oikonomou Filippos²³,Mantas Georgios¹²,Serrelis Emmanouil⁴,Rodriguez Jonathan¹⁵,Fengou Maria-Anna⁴

Affiliation:

1. Instituto de Telecommunicaçoes, 3810-193 Aveiro, Portugal

2. Faculty of Engineering and Science, University of Greenwich, Chatham Maritime, Kent ME4 4TB, UK

3. Evotel Informática S.A., 27400 Lugo, Spain

4. Netcompany-Intrasoft, 19002 Athens, Greece

5. Faculty of Computing, Engineering and Science, University of South Wales, Pontypridd CF37 1DL, UK

Abstract

Mobile user authentication acts as the first line of defense, establishing confidence in the claimed identity of a mobile user, which it typically does as a precondition to allowing access to resources in a mobile device. NIST states that password schemes and/or biometrics comprise the most conventional user authentication mechanisms for mobile devices. Nevertheless, recent studies point out that nowadays password-based user authentication is imposing several limitations in terms of security and usability; thus, it is no longer considered secure and convenient for the mobile users. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Alternatively, biometric-based user authentication has gained attention as a promising solution for enhancing mobile security without sacrificing usability. This category encompasses methods that utilize human physical traits (physiological biometrics) or unconscious behaviors (behavioral biometrics). In particular, risk-based continuous user authentication, relying on behavioral biometrics, appears to have the potential to increase the reliability of authentication without sacrificing usability. In this context, we firstly present fundamentals on risk-based continuous user authentication, relying on behavioral biometrics on mobile devices. Additionally, we present an extensive overview of existing quantitative risk estimation approaches (QREA) found in the literature. We do so not only for risk-based user authentication on mobile devices, but also for other security applications such as user authentication in web/cloud services, intrusion detection systems, etc., that could be possibly adopted in risk-based continuous user authentication solutions for smartphones. The target of this study is to provide a foundation for organizing research efforts toward the design and development of proper quantitative risk estimation approaches for the development of risk-based continuous user authentication solutions for smartphones. The reviewed quantitative risk estimation approaches have been divided into the following five main categories: (i) probabilistic approaches, (ii) machine learning-based approaches, (iii) fuzzy logic models, (iv) non-graph-based models, and (v) Monte Carlo simulation models. Our main findings are summarized in the table in the end of the manuscript.

Funder

European Union’s Horizon 2020 Research and Innovation programme

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/6/2979/pdf

Reference81 articles.

1. Bubukayr, M.A.S., and Almaiah, M.A. (2021, January 14–15). Cybersecurity Concerns in Smart-phones and applications: A survey. Proceedings of the 2021 International Conference on Information Technology (ICIT), Amman, Jordan.

2. Classification of Cyber Security Threats on Mobile Devices and Applications;Almaiah;Artificial Intelligence and Blockchain for Future Cybersecurity Applications,2021

3. Beier, G., Hoffman, P., and Shorter, S. (2023, January 07). Information System Security Best Practices for UOCAVA-Supporting Systems (NISTIR 7682). Natl. Inst. Stand. Technol. (NIST), NIST Special Publication, Report NISTIR 7682, Available online: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7682.pdf.

4. A survey on security threats and countermeasures in Internet of Medical Things (IoMT);Papaioannou;Trans. Emerg. Telecommun. Technol.,2020

5. Pelekoudas-Oikonomou, F., Zachos, G., Papaioannou, M., de Ree, M., Ribeiro, J.C., Mantas, G., and Rodriguez, J. (2022). Blockchain-Based Security Mechanisms for IoMT Edge Networks in IoMT-Based Healthcare Monitoring Systems. Sensors, 22.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Detecting Risky Authentication Using the OpenID Connect Token Exchange Time;Sensors;2023-10-05

2. Behavioral Biometrics for Mobile User Authentication: Benefits and Limitations;2023 IFIP Networking Conference (IFIP Networking);2023-06-12

3. Identifying the Mutual Correlations and Evaluating the Weights of Factors and Consequences of Mobile Application Insecurity;Systems;2023-05-12