Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic Review
Alomar, Noura . 2017
The ever-increasing volumes of social knowledge shared in OSNs, the establishment of trustworthy social relationships over these platforms, and the emergence of technologies that allow friendship networks to be inferred from data exchanged in communication networks have motivated researchers to build socially-aware authentication schemes. We conduct the first study that surveys the literature related to social authentication. In this study, we not only created a taxonomy for classifying all social authentication schemes deployed in online or physical social contexts and extensively analyzed their authentication features, but also built a novel framework for evaluating the effectiveness of all social authentication schemes, identified all the practical and theoretical attacks that may be mounted against such schemes, addressed possible defense strategies, and identified challenges, open questions, and future research opportunities. To measure their accuracy, strengths, weaknesses, and limitations, as well as to identify the potential of knowledge-based and trustbased social authentication schemes, a comprehensive comparative assessment of the security, usability, and deployability was conducted. We hope, by providing a solid foundation for gaining sufficient understanding of the manners in which users’ social interactions have been utilized in user authentication schemes and their corresponding security implications, we will guide future research in this domain.
The invention provides a method and system for dynamically generating a hint to recall a password for a user account of a user.
The present disclosure generally relates to information security and, more particularly, to systems and methods implementing color image ray transform (IRT) for detecting phishing web pages. A…
The invention provides a method and system for managing a gamified trustee based social authentication to recover an account of a user. The method for managing the gamified trustee based social…