Dynamic Two-factor Authentication Based On Context Reasoning

In recent years,with the popularity of smart device and fast development of mobile internet,more and more online services transfer from PC to mobile devices.Services on mobile devices are able to bring much benefits to our people.On mobile application,identification is an necessary step during using of services.Thus,user authentication on mobile application is of great significance.Two-factor authentication methods have been applied in various applications to improve the security by integrating two security factors.Among them,SMS-based authentication is popular for its good usability,while certificate-based authentication is considered as one of the securest methods for its cryptographic scheme.However,SMSbased authentication is one-way authentication,which means only authentication on user side is employed while authentication on service provider side is ignored.Thus,it allows hacker to enforce man-in-the-middle attack.Certificate-based authentication are most applied on PC rather than on mobile.And most popular authentication methods are fixed,thus dynamic adaptive authentication scheme is needed.For example,if the environment is very secure,user can access service without authentication step,otherwise,user has to take corresponding authentication according to safe level.In this paper,we attempt to make research on context reasoning of location information,and propose a context-based scheme of dynamic authentication.We also propose a new protocol to improve traditional SMS-based authentication,and a certificate-based method applicable to mobile.Specifically,our work can be divided into three parts.In the first part,context reasoning model is proposed.We employ machine learning tool to train the location data,which is collected manually for total 4364 pieces,and then find out the principle of one location's neighborhood.Finally,we make concrete analysis on the experiment results.In the second part,a dynamic authentication scheme based on context is proposed.This scheme is introduced in detail by making definition,describing the process flow and giving examples.In the third part,two new two-factor authentication methods are proposed.A mutual authentication protocol named SMSMAP is proposed to remedy the deficiency of traditional SMS-based authentication.Besides,CSP is employed to prove its validity in a formal method.The other method coupled with customized hardware called Mobikey is proposed to use certificate-based authentication on mobile,and its SDK is also released.