AuthDNA: An Adaptive Authentication Service for any Identity Server

Abstract

Adaptive authentication refers to the way that configures two factors or multi-factor authentication, based on the user’s risk profile. One of the most pressing concerns in modern days is the security of credentials. As a solution, developers have introduced the multifactor authentication. The multi-factor authentication has an adverse effect on user experience. This paper proposes a novel adaptive authentication mechanism which tries to eradicate the negative user experience of the traditional multi factor authentication systems. Adaptive authentication gathers information about each user and prevents fraudulent attempts by validating them against the created profiles. This approach will increase the usability, user-friendliness by introducing multi-factor authentication only when its necessary using a risk based adaptive approach. Furthermore, the solution ensures security by authenticating the legitimate user through collectively analyzing the properties, behavior, device and network related information. In the creation of the user profile, the adaptive authentication system will gather and analyze the user typing behaviors using a unique recurrent neural network algorithm named LSTMs with 95.55% accuracy and mouse behaviors using SVMs with 95.48% accuracy. In device-based authentication, a fingerprint is generated to the browser and to the mobile device which is utilized in the analysis of the accuracy rate of the authentication. Blacklisting and whitelisting of the networks and geo velocity of the authentication request are captured under the geolocation and network-based authentication. All the accuracy rates are fed to the risk-based authentication which helps the decision of re-authentication or in the grant of access to the system by analyzing the risk score generated for the authentication request.