Fuzzy Authentication Using Interaction Provenance in Service Oriented Computing

In service oriented computing, authentication factors have their vulnerabilities when considered exclusively. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a bin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2015 IEEE International Conference on Services Computing S. 170 - 177
Hauptverfasser: Khan, Rasib, Hasan, Ragib
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 01.06.2015
Schlagworte:
Access control
Authentication
Computational modeling
Events
Fuzzy
Interaction Provenance
IP networks
Persona
Pragmatics
Protocols
Security
Servers
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In service oriented computing, authentication factors have their vulnerabilities when considered exclusively. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management. In contrast, social authentication is based on the nature, quality, and length of previous encounters with each other. We posit that human-to-machine authentication is a similar causal effect of an earlier interaction with the verifying party. We use this notion to propose interaction provenance as the only unified representation model for all authentication factors in service oriented computing. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We extend our model with fuzzy authentication using past interactions and linguistic policies. The paper presents an interaction provenance recording and authentication protocol and a proof-of-concept implementation with extensive experimental evaluation.
DOI:10.1109/SCC.2015.32