Research Article
How to Delegate Authentication
@INPROCEEDINGS{10.1007/978-3-319-28865-9_26, author={Mohsen Alimomeni and Reihaneh Safavi-Naini}, title={How to Delegate Authentication}, proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers}, proceedings_a={SECURECOMM}, year={2016}, month={2}, keywords={}, doi={10.1007/978-3-319-28865-9_26} }- Mohsen Alimomeni
Reihaneh Safavi-Naini
Year: 2016
How to Delegate Authentication
SECURECOMM
Springer
DOI: 10.1007/978-3-319-28865-9_26
Abstract
We consider in authentication systems in which a credential holder shares their credentials with a third party that we call , to allow them to use their account. We motivate this problem and propose a model for non-delegatable authentication and a novel authentication system, based on behavioural biometrics, that achieves non-delegatability. Our main observation is that a user’s behaviour in complex activities such as playing a computer game, provides an imprint of many of their personal traits in the form of measurable features, that can be used to identify them. Carefully selected features will be “hard” to pass on to others, hence providing non-delegatability. As a proof of concept we designed and implemented a computer game (a complex activity), and used the feature points in the game play to construct a user model for authentication. We describe our implementation and experiments to evaluate correctness, security and non-delegatability. Compared to using traditional biometrics, the system enhances user privacy because the user model is with respect to an activity and do not have direct relation to the user’s identifying information. We discuss our results and deployment of the system in practice, and propose directions for future research.