دانلود رایگان مقاله انگلیسی احراز هویت ضمنی با حفظ حریم خصوصی کارآمد - الزویر 2018

ABSTRACT

The number of online service accounts per person has rapidly increased over the last years. Currently, people have tens to hundreds of online accounts on average, and it is clear that users do not choose new, different, and strong passwords for each of these accounts. On the other hand, it is quite inconvenient for the user to be forced to explicitly authenticate each time she wants to use one of her many accounts; this is especially true with small user devices like smartphones. Implicit authentication is a way to mitigate the preceding problems by authenticating individuals based not only on their identity and credentials, but on how they interact with a device, i.e. their behavior. User behavior can be characterized by collecting keystroke patterns, browser history and configuration, IP addresses and location, among other characteristics of the user. However, keeping the user’s behavior profile in authentication servers can be viewed as privacy-invasive. Privacy-preserving implicit authentication has been recently introduced to protect the privacy of the users’ profiles, specifically against the party performing the authentication, which we call the server in the sequel. Yet, the privacy-preserving implicit authentication schemes proposed so far involve substantial computation both by the user and the server. We propose here a practical mechanism based on comparing behavior feature sets encoded as Bloom filters. The new mechanism entails much less computation and can accommodate much more comprehensive sets of features than previous alternatives.

9. Conclusions and future work

We have proposed a computationally efficient privacy-preserving implicit authentication protocol. Our protocol builds on the work in [6], but avoids the high complexity of that proposal that limited the size of user profiles that could be managed. To make the computation lighter, we have used the properties of Bloom filters to calculate the sizes of the union and intersection of encoded sets. Our protocol is simple and fast, and therefore ready to be implemented in production systems. Additionally, the privacy of the user profiles is protected because the profiles cannot be recovered from their Bloom filter encodings.

Our efficiency improvement, however, comes at the cost of losing the semantic security provided by the aforementioned protocol. In an extreme scenario, such a loss might impact on the privacy of our solution. We plan to solve this problem in future work, by considering the use of oblivious transfer protocols and homomorphic encryption (such as Goldwasser–Micali).

Another line of future research relates to finding ways of using Bloom filters to deal with correlated features in profiles, that is, features that are not independent of each other (for example, if the feature values are the IDs of cell towers or Internet access points seen by the device, nearby cell towers/access points are more similar to each other than distant cell towers/access points).