Parameterized authentication

Abstract

We describe an approach to sensor-based authentication that can adapt to accommodate incomplete, unreliable, or inaccurate input provided to the system. Parameterized Authentication moves beyond the traditional approach to security by acknowledging that identity verification cannot always produce perfect results. Our model addresses such inherent imperfections by introducing a metric, the Authentication Parameter, that captures the overall "quality" of authentication. We define authentication "quality" in terms of sensor trustworthiness and the accuracy of sensor measurements. Using the Authentication Parameter, we are able to enforce and enhance the principle of least privilege by ensuring that the authentication process provides credentials that are sufficient but not stronger than the access level required by the requested operation. This approach is particularly well-suited to meet the demands of a context-aware and pervasive computing environment in which authentication may be performed using passive and non-intrusive techniques. Our model supports the transparent capture of authentication-relevant information from the environment and provides a foundation for generating dynamic credentials for sources of requests. We present our model, discuss its contributions, and illustrate how it can be used to support rich access control policies. © Springer-Verlag Berlin Heidelberg 2004.