This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Bayesian Networks for Knowledge-Based Authentication
May 2007 (vol. 19 no. 5)
pp. 695-710
Knowledge-based authentication (KBA) has gained prominence as a user authentication method for electronic transactions. This paper presents a Bayesian network model of KBA grounded in probabilistic reasoning and information theory. The probabilistic semantics of the model parameters naturally lead to the definitions of two key KBA metrics—guessability and memorability. The statistical modeling approach allows parameter estimation using methods such as the maximum likelihood estimator (MLE). The information-theoretic view helps to derive the closed-form solutions to estimating the guessability and guessing entropy metrics. The results related to KBA metrics and the models under different attacking strategies and factoid distributions are unified under a game-theoretic framework that yields lower and upper bounds of optimal guessability. The paper also proposes a methodology for implementing a Bayesian network-based KBA system. Further, an empirical evaluation of the relative merits of two Bayesian network structures for KBA, the Naive Bayes (NB) and the Tree Augmented Naive Bayes (TAN), confirms the hypothesis that the TAN structure is superior in terms of authentication accuracy and error rates. The results of the theoretical analysis and the empirical study provide insights into the KBA design problem and establish a foundation for future research in the KBA area.
Index Terms:
Security, knowledge-based authentication, metrics, Bayesian networks, information theory, entropy, simulation.
Citation:
Ye Chen, Divakaran Liginlal, "Bayesian Networks for Knowledge-Based Authentication," IEEE Transactions on Knowledge and Data Engineering, vol. 19, no. 5, pp. 695-710, May 2007, doi:10.1109/TKDE.2007.1024
Usage of this product signifies your acceptance of the Terms of Use.