{"id":3094,"date":"2022-04-12T16:23:13","date_gmt":"2022-04-12T22:23:13","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=3094"},"modified":"2022-04-12T16:23:17","modified_gmt":"2022-04-12T22:23:17","slug":"adaptive-authentication-benefits-and-opportunities-in-security","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/04\/12\/adaptive-authentication-benefits-and-opportunities-in-security\/","title":{"rendered":"Adaptive Authentication: Benefits and Opportunities in Security"},"content":{"rendered":"\n
\"Adaptive<\/figure>\n\n\n\n

Security has become a crucial part of the digital era and organizations are moving towards advanced techniques to keep their networks secure from malicious threats. With new advancements in security technology, there is always a level of uncertainty about its efficacy and whether there exist loopholes in its design for exploitation. Authentication mechanisms using single or multiple factors, such as password protection, certificate validation, and bio metrics, are still vulnerable when they are static. Contextual knowledge, an essential aspect of adaptive authentication, plays a key role to dynamically validate users while minimizing risk in real time. In this way, adaptive authentication is an ideal solution for modern network security. Although many organizations are quite skeptical about this innovative technology, numerous examples, theoretical systems, industrial systems, and academic surveys shed light on the benefits of adaptive authentication.<\/p>\n\n\n\n

What is Adaptive Authentication?<\/h2>\n\n\n\n
\"What<\/figure>\n\n\n\n

Adaptive authentication is a form of multi-factor authentication wherein it selects only a specific set of authentication factors based on user profiles that depend on several contextual aspects, such as Geo location, proximity to devices, and bio metrics. To achieve this, adaptive authentication deploys an ML (machine learning) algorithm to maintain and dynamically update these authentication factors based on predefined criteria and real time information during each interaction with the user. Such information used may include history of authentication, access failure\/success rate, the device used to access, and more.<\/p>\n\n\n\n

On a broad level, authentication factors can be categorized into three areas: knowledge-based, location-based, and behavior<\/a>-based. Knowledge-based factors include methods such as user passwords and pins; location-based factors may include the Geo-location of the user; and behavior<\/a>-based factors can include using sensors for bio metrics, such as touch id and a retinal scan, and subjective information like patterns of device usage. On the other hand, single factor authentication, although faster, does not provide the highest security.<\/p>\n\n\n\n

Adapting to Adaptive Authentication<\/h2>\n\n\n\n

Many companies are hesitant to adopt adaptive authentication in favor<\/a> of a fixed security mechanism that provides transparency for monitoring and evaluation. However, these traditional security mechanisms can be exploited when sensitive information is leaked, such as passwords, key pins, and key cards. Adaptive authentication can ensure more reliability as it strategize responses based on an estimated risk derived from user profiles and maintains risk scores from user transactions over time. An entity is deemed risky when abnormalities begin to emerge in authentication; an adaptive authentication model would select the most suitable factors for assessment and can deny access due to these abnormalities. Based on context and requirements, they can be classified as,<\/p>\n\n\n\n

Trust-Based Authentication<\/strong>: To overcome the contradiction between privacy and security by enabling trust with selective authentication schemes to prevent sensitive data leakage.<\/p>\n\n\n\n

Risk-Based Authentication<\/strong>: To identify the threat before performing evaluation which ensures reliability and effectiveness.<\/p>\n\n\n\n

Context-Based Continuous Authentication<\/strong>: Contextual verification of users throughout sessions by monitoring for service usage behavior even after initial authentication.<\/p>\n\n\n\n

\"RSA<\/figure>\n\n\n\n

Industrial Applications<\/h2>\n\n\n\n

Although there are challenges and uncertainties with theoretical proposals and prototypes, there are companies who are currently implementing adaptive authentication for their products with more adaptive authentication technologies to be released in the near future. As the value for security keeps increasing, organizations are moving towards AI solutions and dynamic security protocols.<\/p>\n\n\n\n

Silent Authentication for e-Commerce<\/strong><\/h3>\n\n\n\n
\n