Title

A Composite User Authentication Architecture for Mobile Devices

Document Type

Journal Article

Publisher

School of Computer and Information Science

Faculty

Computing, Health and Science

School

Computer and Information Science, Centre for Security Research

RAS ID

5161

Comments

This article was originally published as: Clarke, N. L. (2006). A composite user authentication architecture for mobile devices. In Journal of Information Warfare 5(2)11-29. Original available here

Abstract

As the functionality and services provided by mobile devices increases, the need to provide effective user authentication against misuse and abuse becomes ever more imperative. With traditional secret knowledge based techniques having been proven weak, a requirement exists for authentication techniques to provide stronger protection. This paper proposes the use of a portfolio of authentication techniques to provide a robust, accurate and transparent authentication mechanism for mobile devices, extending security beyond point-of-entry into a continuous and user convenient approach. An Intelligent Authentication Management System (IAMS) is described that provides a continuous confidence level in the identity of the user, removing access to sensitivity services and information with low confidence levels and providing automatic access with higher confidence levels. The theoretical level of system performance is examined on a range of mobile devices, suggesting that it should be possible to achieve acceptably low levels of false acceptance and false rejection error in practical application.