Home > Published Issues > 2015 > Volume 10, No. 6, June 2015 >

VFA: A Variable-Factor Authentication Framework for Mobile Users

Kai Chen1,2, Weifeng Chen3, Zhen Xu1 , Dongdai Lin1, and Yazhe Wang1
1.State Key Laboratory of Information Security, Institute of Information Engineering Chinese Academy of Sciences, Beijing 100093, China
2.University of Chinese Academy of Science, Beijing 100049, China
3.Department of Math, Computer Science and Information Systems, California University of Pennsylvania, 250 University Ave, California, PA 15419

Abstract—Multi-factor authentication (MFA) has been widely used in various scenarios. By combining multiple forms of authentication, MFA effectively provides security assurance. Due to the rapid developments of mobile devices, especially smart phones, more and more sensitive information is now stored or accessible on smart phones. How to protect smart phones' security is now more important than ever. Unfortunately, because of the special features of smart phones such as computational limitations and input constraints, existing MFA schemes could not be directly used on smart phones. In this paper, we propose a new concept of Variable-Factor Authentication (VFA) for smart phones. VFA dynamically adjusts the number of authentication factors based on whether a user is suspicious or not. We implement a prototype to exam the performance. The experiment results show that, compared to MFA, VFA provides significant convenience to legitimate users whereas maintain the security protection to suspicious users.

Index Terms—Multi-factor authentication, variable authentication factors, local outlier probabilities

Cite: Kai Chen, Weifeng Chen, Zhen Xu, Dongdai Lin, and Yazhe Wang, "VFA: A Variable-Factor Authentication Framework for Mobile Users," Journal of Communications, vol. 10, no. 6, pp. 366-379, 2015. Doi: 10.12720/jcm.10.6.366-379