Issue No.05 - May (2007 vol.19)
Knowledge-based authentication (KBA) has gained prominence as a user authentication method for electronic transactions. This paper presents a Bayesian network model of KBA grounded in probabilistic reasoning and information theory. The probabilistic semantics of the model parameters naturally lead to the definitions of two key KBA metrics—guessability and memorability. The statistical modeling approach allows parameter estimation using methods such as the maximum likelihood estimator (MLE). The information-theoretic view helps to derive the closed-form solutions to estimating the guessability and guessing entropy metrics. The results related to KBA metrics and the models under different attacking strategies and factoid distributions are unified under a game-theoretic framework that yields lower and upper bounds of optimal guessability. The paper also proposes a methodology for implementing a Bayesian network-based KBA system. Further, an empirical evaluation of the relative merits of two Bayesian network structures for KBA, the Naive Bayes (NB) and the Tree Augmented Naive Bayes (TAN), confirms the hypothesis that the TAN structure is superior in terms of authentication accuracy and error rates. The results of the theoretical analysis and the empirical study provide insights into the KBA design problem and establish a foundation for future research in the KBA area.
Security, knowledge-based authentication, metrics, Bayesian networks, information theory, entropy, simulation.
Ye Chen, "Bayesian Networks for Knowledge-Based Authentication", IEEE Transactions on Knowledge & Data Engineering, vol.19, no. 5, pp. 695-710, May 2007, doi:10.1109/TKDE.2007.1024