احراز هویت مبتنی بر عوامل شناختی و طرح حریم خصوصی برای انجام معاملات تلفن همراه (CABAPS)

Maintaining anonymity during authentication has become challenging research issue in the field of mobile security. The application level authentication schemes have seriously affected by the absence of effective mechanisms to protect the privacy of a client transactions. We propose a novel Cognitive Agents Based Authentication and Privacy Scheme (CABAPS) for mobile transactions, which integrates procedure of authentication with privacy protection. The authentication challenges and privacy measures are dynamically deployed by cognitive agents based on transaction sensitivity and users behaviors. The method has been successfully simulated using the Agent Factory framework for cognitive agents generation and communication.

Mobile communication and services over emerging wireless technologies provide anyone, anytime and anywhere access. Increased importance in mobile telecommunication and dominance of data communication promoted large segment of users to accept the mobile data communication as a part of their day-to-day activities. However, the wireless medium has certain limitations over the wired medium such as: open access, bandwidth insufficiency, computational restrictions, complex system functioning, power confinement, and relatively unreliable network connectivity. These limitations make it difficult to design efficient security schemes for authentication, integrity and confidentiality. Introduction of many value added services in mobile world, has triggered exorbitant growth of mobile users population, and many of these services demands a stringent authentication and privacy requirements to ensure that legitimate users are using the services with their privacy protected.Authentication is a process to identify a mobile user (MU), in order to authorize him/her to use system resources for specified purposes, it involves negotiating secret credentials between prover and verifier for protecting communications. Privacy is a multifaceted term with many contextually dependent meanings, one aspect of the right to privacy is the right of an individual to decide for himself or herself when and on what terms his/her attributes should be revealed [1]. The cost cutting motive of the businesses in order to streamline the customer interactions, has increased the collection of personal information cheaply and unobtrusively. This will lead to situations where in which authentication systems increase requests for identification, facilitating record linkages and behavior profiling, which ends with invasion of privacy. The way authentication systems collect, retain, and reuse personal information might affect privacy interests of the users. Following are some of the scenarios of privacy invasion during authentication: Demanding personal facts during establishing initial identifier. The records of individual actions (such as individual habits, timings, relationships, etc.) would be created without the notice of the user during execution of the authentication procedure. Personal information is exposed at multiple points and to multiple entities during the operation of an authentication system. Variety of individuals are allowed within one or more institutions to access the users identity and other authentication related data depending on where and how they are stored. The disclosure of a mobile users identity during the authentication process will make an unauthorized third-party to track the mobile user’s movements and whereabouts, a powerful intruder may extend this to include a time-sequence to track a user over time. While authentication systems can cripple privacy in some of the above mentioned ways, they can also be used in privacy-enhancing or privacy-preserving ways, primarily by securing personal data and preventing unauthorized access to the data. In this direction, it is advantageous to combine authentication and privacy with transactions. The behaviors exhibited by the users during transactions, and transaction sensitivity levels can be used to implement an efficient authentication and privacy scheme for mobile communications.

The CABAPS using cognitive agents is the new thinking towards authenticating the MU keeping the transactions privacy protected during authentication using trsuted SCA’s and MCA’s. The scheme is intelligent due to employing cognitive science approach, dynamic using changing authentication requirements based on the sensitivity of transactions and quick in identifying the transaction based attacks. We strongly feel that the rational approach towards authentication will address many existing weaknesses of conventional approaches of authentication and privacy management. The CABAPS scheme could be further extended by incorporating in various handoff scenarios during mobile communications.