| Summary: | Despite being the most widely used authentication mechanism, password-based authentication is not very secure, being easily guessed or brute-forced. To address this, many systems which especially value security adopt Multi-Factor Authentication (MFA), in which multiple different authentication mechanisms are used concurrently. JitHDA (Just-in-time human dynamics based authentication engine) is a new authentication mechanism which can add another option to MFA capabilities. JitHDA observes human behaviour and human dynamics to gather up to date information on the user from which authentication questions can be dynamically generated. This paper proposes a system that implements JitHDA, which we call Autonomous Inquiry-based Authentication Chatbot (AIAC). AIAC uses anomalous events gathered from a user’s recent activity to create personalized questions for the user to answer, and is designed to improve its own capabilities over time using neural networks trained on data gathered during authentication sessions. Due to using the user’s recent activity, they will be easy for the authentic user to answer and hard for a fraudulent user to guess, and as the user’s recent history updates between authentication sessions new questions will be dynamically generated to replace old ones. We intend to show in this paper that AIAC is a viable implementation of JitHDA.
|
|---|