A new risk-based authentication management model oriented on user's experience

With the increasing role of numerous Internet services, more and more private data must be protected. One of the mechanisms which is used to ensure data security is user authentication. A reliable authentication mechanism is a foundation of security of a remote service but, on the other hand, it is also a source of user frustration because of fear of losing access in case of three failures. A remedy to this problem could be contextual secure authentication. Such a protocol should provide multi-level authentication mechanism which increases user satisfaction without decreasing a protection level. In this paper we propose a risk analysis procedure of a new authentication management model using contextual data and oriented on user experience. We describe an approach to risk assessment of the mechanism, which supports a process of choosing the proper multi-step authentication procedure. On this basis, it is possible to provide a security solution which keeps balance between user satisfaction (related to QoE) and the obtained Level of Security (related to QoP).