Abstract— Authenticating users connecting to online ser-
vices, social networks or m-banking became an indispensa-
ble element of our everyday life. Reliable authentication is
a foundation of security of Internet services but, on the
other hand, also a source of users’ frustration due to possi-
ble account blocking in case of three fails. In this paper we
propose a model of authentication service management
which helps in keeping a balance between the authentica-
tion security level and positive users’ perception of this pro-
cedure. The proposed procedure allows a user more than
three attempts of authentication by switching after two fail-
ures to a more secure authentication protocol keeping a bal-
ance between QoP and QoE measures. Finally, the proce-
dure determines an optimal path of authentication using a
decision tree algorithm.
Index Terms— authentication, Quality of Experience,
Quality of Protection.
I. INTRODUCTION
Diversity of Internet services at the present time grows faster
and faster. In particular, the variety of manners in which the
services are provided, from a wired environment (e.g., LAN) to
a wireless environment (e.g. WiFi, mobile environment), is ob-
served. Many users become more and more demanding about
services’ usability. Thus, any services, especially newly de-
signed, should be developed taking into account users’ satisfac-
tion factor.
One of the main issues in all Internet services is security pro-
tection. Nowadays, there are few user- friendly and at the same
time secure services. It is well known that for most services the
high level of protection makes their usability is declined. So, it
is important to find a balance between security and usability of
a service. Of course, that idea depends on kind of a protection
mechanism which is considered. Examples of such security
mechanisms are authentication solutions. The authentication is
an act of reliable entity identification. Within this process two
problems can be considered: a choice of the specific authenti-
cation solution and its influence on user’s behavior. The choice
of the proper identification mechanism isnot a simple problem,
because many factors can have a significant impact on it. Even
if such a mechanism is selected, in most cases it is not consid-
ered how a person feels using it. Therefore, an appropriate au-
thentication solution should provide both an adequate security
level and sufficient users’ satisfaction.
In this paper we propose a service model which can be used
to proper management of the authentication mechanisms based
on users’ satisfaction.
The rest of the paper is organized as follows: Section 2 pre-
sents a connection between QoP and QoE measures character-
izing Internet services. Section 3 briefly discuses an impact of
security context and contextual data on security management
while Section 4 presents basic known results on contextual se-
curity and user-friendly authentication mechanisms. .Section 5
contains main theoretical result of the paper which is an authen-
tication management model oriented on user’s experience. Fi-
nally, Section 6 presents results of a simulation which confirms
correctness of a created model and Section 7 concludes the pa-
per and outlines the future work.
II. RELATION BETWEEN QOS, QOE AND QOP
In Internet services, to measure Quality of Service (QoS) [1]
many parameters like jitter, network latency, throughput, etc.
are used. Based on their value a service and a network parame-
ters should be correctly modify to ensure the best quality. How-
ever, not always changing a QoS parameter is enough to pro-
vide a good quality service. Sometimes to provide high quality
of a service not all parameters should have the best values. In
most cases it is expensive to set the best values of QoS param-
eters. Thus, investigations concerning users’ experience were
conducted. As a result of the research a Quality of Experience
(QoE) factor was designed [2, 3]. This implies that QoS param-
eters should be set based on a users’ QoE value [4, 5].
In the area of security the Quality of Protection (QoP) meas-
ure is a counterpart of QoS [6, 7]. The term defines a minimum
protection level that should be provided to a secure Internet ser-
vice. For example, it is obvious that different level of protection
ensures an authentication mechanism which used a hash func-
tion SHA-1 than those with a hash function SHA-2/256 [8]. So,
it is natural to measure a level of protection which is required.
But, as it is for QoS, not always a security mechanism applied
meets users’ requirements. Sometimes the mechanism is too
A new authentication management
model oriented on user’s experience
Mariusz Sepczuk , Zbigniew Kotulski,
Institute of Telecommunications
Warsaw University of Technology
Warsaw, Poland
Email: {msepczuk, zkotulsk} @tele.pw.edu.pl
Proceedings of the Federated Conference on Computer Science
and Information Systems pp. 1021–1030
DOI: 10.15439/2016F219
ACSIS, Vol. 8. ISSN 2300-5963
978-83-60810-90-3/$25.00
c
2016, IEEE 1021
difficult to use (e.g., a multi-factor authentication can be a bar-
rier for elder people), sometimes it is too annoying (e.g., a con-
tinuous request for fingerprinting due to a device read/scan
problems).
To summarize above considerations, the relationship be-
tween QoS, QoP and QoE can be presented in a form of the
graph (see Fig 1). The QoS parameter has an impact on security
services (a security level) and at the same time on users’ satis-
faction. Once again, a proper security mechanism should be
provided with respect to a user’s expectations.
Figure 1. Relationship between QoS, QoP and QoE
An open problem is to answer a question which mechanism
should be provided in particular conditions. For this issue the
solution can be the idea of context-based systems in which a
state of the system is dynamically changed with respect of en-
vironmental conditions.
III. SECURITY CONTEXT
The term “context” concerns all data which can be used to
adapt state of a system to particular conditions. They come from
many sources [9].There are many descriptions about context.
In [10] Schilit et. al. show context-aware systems as systems
able to adapt to dynamically and continuously changing GPS
coordinates , type of devices, people relations and time. The au-
thor describes three features of context data: where you are?,
with whom you are?, what is your neighborhood? Furthermore,
he emphases that contextual information is not only a localiza-
tion, but also other useful information. Recently this definition
had been used by many authors. In general they claim that con-
textual data are data which are answers on a question that starts
with: Who?, Where?, What?, When?. Beside context-aware
system, description of the context-aware application can be
found in [11]. More universal definition was proposed by
Wrona and Gomez [12]. According to them the contextual data
are information which can describe a state of an entity. This
definition is better than the previous one because it includes all
data which can be contextual information.
Some contextual data have common features. For example,
day, part of a year and day of birth apply to determine the time
while GPS coordinates, the UK and the Earth describe a locali-
zation. For this reason it is naturally to divide contextual data
into categories. Two context categories were are already de-
fined: time and position. Beside these, many more exist like:
access device, operating systems, environment, neighborhood,
etc.
All contextual information can be divided in three classifica-
tion groups: storage of context, retrieval of context and its dy-
namism. First group includes all aspects of store data (in data-
base, in Hidden Markov Model, in file, etc.). Second group de-
scribe different aspects of data retrieval like its history, presen-
tation, the way in which was gathered, etc. The last third group
consists data connected with a specific environment- some en-
vironment could be dynamically changed over time and some
could be more static- every information changed very rarely or
not changed at all.
As it was shown in the literature (see e.g., [13, 14, 15]) con-
textual information can be used to improve Internet systems
work. Using contextual data, QoP and QoE measures combina-
tion cause that a model of providing the best authentication
mechanism adequate for specific requirements can be created.
IV. USER AUTHENTICATION AND QUALITY OF EXPERIENCE:
RELATED WORKS
As mentioned earlier, not many works apply to problem of
providing an appropriate authentication mechanism based on
user’s context and respecting the user’s QoE. Security solu-
tions which include contextual data aspects are more common.
Several approaches for the context security have been described
in [16, 17, 18, 19]. The authors in their papers present an idea
how contextual information can be used in an authentication
mechanism, but they do not consider user’s Quality of Experi-
ence. Another example of using contextual data in security is
access control approach. Based on sensitivity or importance of
data (e.g. patient health history, personal data, etc.), proper ac-
cess to them should be provided to avoid information leakage.
This idea is shown in [20, 21, 22, 23]. However, the aspects of
security should be considered as well as user’s satisfaction. In
most cases it is difficult to obtain an answer to the question
which security features have impact on user’s experience. In
[24] the authors present the results of a survey of over 300 users
to determine their understanding of the security feature in se-
lected applications. The experiment includes some areas of dif-
ficulty with many security features showing usability chal-
lenges for users. Similar considerations includes the paper [25].
Based on conclusions from [24, 25] was created a few papers
which apply to experiments of balancing QoE and QoP. In [26,
27] is described provisioning of QoE and QoP in Mobile Net-
works and Wireless Networks. Authors focus on ensuring an
appropriate level of QoE and QoE of cryptographic algorithms
used in a mobile environment. The paper [28] shows long –
term QoP in mobile networks with QoE aspects, too. More ex-
perimental results can be found in [29]. The paper contains re-
search about impact of an authentications mechanism on users
perceive logins. Computed exponential QoE-QoP relationship
can be served to assessing used identification mechanism in the
domain of user acceptability. The extension of these research
and more detailed description can be found in [30, 31]. Based
on [29] was created an experiment shown in [32]. The author
tries to find QoE – QoP dependence in popular SaaS cloud
products. A similar approach, but with mobile devices, is shown
in [33], where security barriers survey was described.
Other, more holistic idea of connection security and user ex-
perience can be found in [34]. The paper shows a framework of
1022 PROCEEDINGS OF THE FEDCSIS. GDA
´
NSK, 2016
criteria for the evaluation of authentication schemes in IMS, fo-
cus on security, user-friendliness and simplicity. Very interest-
ing description contains [35] where authors explain how con-
textual information can be used to provide secure and user ori-
ented mechanisms. The paper [36] is an example of using the
framework from the paper [35] for constructing an adaptable
authentication protocol.
V. AUTHENTICATION MODEL USING USER’S CONTEXT AND
QOE
A described solution is an example of a model which helps
in authentication mechanisms management. The model was
created to provide a correct authentication mechanism based on
user’s context (e.g. position, time, neighborhood, etc.) and on
the knowledge about user’s experience in using a particular au-
thentication service. One of the most important elements of the
model is a table which contains a list of authentication mecha-
nisms (A
1
,A
2
,…,A
n
) and their QoP (QoP
1
,QoP
2
,…
,
QoP
n
) and
QoE (QoE
1
,QoE
2
,…,QoE
n
) measures (see TABLE I). The values
of such parameters (measures) are usually based on experts’
knowledge and data obtained from experiments. The table is
used to select the best authentication mechanism from many
possible choices.
TABLE I
ASSIGNMENT OF AUTHENTICATION MECHANISMS AND THEIR
QOP AND QOE VALUES
A user who wants to use a service at first must authenticate him-
self. Based on current user’s context the required minimal value
of Quality of Protection level is calculated according to formula
(1):
cm
QoPccccf ),...,,,(
321
(1)
where c
1
,c
2
,…,c
m
are context factors.
Having the boundary QoP
c
value it is possible to select some
authentication mechanisms for which the QoP value is greater
than or equal to QoP
c
. The best authentication mechanism can
be chosen using a decision tree structure (see Fig. 2). The tree
is spanned on j states. Each state represents a situation in which
a user tries to authenticate himself with a particular authentica-
tion protocol. In every state the user has two trials to identify
himself with a selected protocol (of course, twice means that
first trial was failed and now is a second trial). In the third trial,
when the first and second trials were incorrect, he or she can
still use the same protocol or, if it is possible, change an authen-
tication protocol to some more convenient in a specific situa-
tion. If he or she decides to change the protocol, the new one is
with a higher value of OoP. The required higher value of QoP
implicates less probability of a successful attack in three trials
of the new protocol than in a case of a single try in the previous
one. A user can choose a new authentication protocol option
until the cumulative value of QoP in a current state does not
achieve the boundary value QoP
c
.
The main goal of created model is to choose the best path of
the tree. The best path means a scenario where a user uses the
last authentication protocol in the state j and he finally authen-
ticates correctly with the highest probability. Moreover, the
path should contain the authentication protocols which are rel-
atively simple, secure and at the same time with the high value
of the QoE measure. A choice of this path could be made by
calculations based on a decision tree algorithm. In the next par-
agraph we will describe the probability of a successful authen-
tication in every branch of the decision tree.
As it shown in Figure2, in an authentication decision tree
there are two types of states: state 1 without changing an au-
thentication protocol (but with three possible trials of the same
protocol) and the states from 2 to n where a user changes this
protocol (after two trials of the same protocol he or she tries
with a new one in the third trial). Furthermore, every trial of an
authentication protocol can be successful; the event R
ij
means
that in state i (i=β…n), in its step j (j=1,β,γ) an authentication
is right or successful , the event F
ij
means that in state i, in its
step j the authentication fails.
Moreover, the event B
i
was de-
fined as correct authentication in state i after using all options
of a path. So, for state 1 the probability of correct authentica-
tion according to (2) is equal:
)()|(
)()|()()(
1211121113
111112111
FFPFFRP
FPFRPRPBP
(2)
The state 2 and next states are different from state 1, thus, for
state 2 the probability of correct authentication according to (3)
is equal:
)
22211211
()
22211211
|
23
(
)
211211
()
211211
|
22
(
)
1211
()
1211
|
21
()
2
(
FFFFPFFFFRP
FFFPFFFRP
FFPFFRPBP
(3)
Analogously, it is possible to calculate the probability of correct
authentication formula for each states from 2 to n. A general
formula for the states from 2 to n is equal:
21
1
1
2121
1
1
212
1
1
1
211
1
1
212
1
1
21
1
1
211
|
|
|)(
nn
n
j
jjnn
n
j
jjn
n
n
j
jjn
n
j
jjn
n
j
jj
n
j
jjnn
FFFFPFFFFRP
FFFPFFFRP
FFPFFRPBP
(4)
Finally, a formula for the probability of correct authentication
in a decision tree is equal according to (5):
LP
Kind of mechanism
QoP
QoE
1
A
1
QoP
1
QoE
1
2
A
2
QoP
2
QoE
2
3
A
3
QoP
3
QoE
3
…
…
…
…
n
A
n
QoP
n
QoE
n
MARIUSZ SEPCZUK, ZBIGNIEW KOTULSKI: A NEW AUTHENTICATION MANAGEMENT MODEL 1023
nnforFFFFPFFFFRPFFFP
FFFRPFFPFFRP
nforFFPFFRPFPFRPRP
BP
nn
n
j
jjnn
n
j
jjnn
n
j
jj
n
n
j
jjn
n
j
jj
n
j
jjnn
,...,2,|
||
1,)()|()()|()(
)(
21
1
1
2121
1
1
2131
1
1
21
1
1
1
212
1
1
21
1
1
211
121112111311111211
(5)
TABLE II
EVENTS AND THEIR IMPACT ON QOE AND QOP MEASURES
To obtain the best authentication path it is necessary to cal-
culate the probability of correct authentication for every branch
of the tree in a state number n (we denote it as P(B
nm
) where m
means a number of the branch). From the set of received prob-
abilities the maximal value is selected ( max{P(B
n1
), P(B
n2
),
P(B
n3
),…, P(B
nm
)} ) and this value indicates a path with authen-
tication mechanisms which should be used to deliver proper
levels of protection (QoP) and user’s satisfaction (QoE).
Beside the probability of a successful authentication, the
level of QoP and QoE measures for every branch of the tree
should be calculated. These two values define together a new
parameter called Quality of User Security Service (QoUSS).
Usually in literature information about parameter QoSS (Qual-
ity of Security Services) can be found. This factor describes se-
curity based on QoS of an Internet service [37, 38]. The QoUSS
measure includes information about both the security level and,
what is important, the satisfaction level of a used service; it is
defined by a function:
QoUSSQoEQoPf ),(
(6)
The argument QoE in that formula means final user satisfaction
after correct authentication in a last state and QoP means the
resultant level of protection in the final state.
Before we define the expressions for calculating QoE and
QoP measures suitable in our model, let us describe example
cases which can have impact on these two values. The TABLE
II includes events which affect increase or decrease of the
QoUSS arguments.
We postulate that the values of parameters moderating QoP
and QoE included in TABLE II should be small, because they
must not impact a resultant value of the measures. They are con-
sidered as correction parameters, so we assume
1,0,,
.
In TABLE II we proposed some intuitively assumed values of
these parameters to reflect users’ emotions connected with suc-
cesses and fails of their authentication. More realistic parame-
ters should be dedicated to specific authentication mechanisms
and they must be obtained from gathering experimental data.
Moreover, the value QoP
j
is a minimal protection level of a new
authentication protocol and |t
j
| is the number of all possible tri-
als of the authentication protocol in step number j.
Thus, we propose the QoP formula as:
1
1
1
j
jFIN
t
QoPQoP
.
(7)
The proposed formula for QoE is more complicated, so it will
be briefly described.
Again, like in the case of calculating the probability of a
successful authentication, all states can be divided on two
QoE types:
The first state when an user authenticates himself,
The second and next states when an user authenticates
himself.
We propose a general formula of MOS dependency in an expo-
nential form:
ZAQoE exp
(8)
where A is a constant value allowing tune the model to users’
behavior, e.g., AЄ(0,01;1).
Such a shape of this function is to provide adequate sensitivity
of the measure in critical areas of minimal and maximal scor-
ings. The argument Z depends on a state in a decision tree, and
the scaling constant A is determined by the MOS scale (which
is from 1 to 5). Each authentication protocol has a particular
QoE value. For the first failed try a user can be a little confused
that he does not authenticate himself (the QoE decreases with
1
) and at the same time the user feels good that he or she can
still try with next attempt (the QoE value increases with
1
).
For the second failed try user is more confused (decrease with
QoE
QoP
Increase
Description
Parame-
ter
Value
Description
Parame-
ter
A user has
still possibil-
ity of authen-
tication using
the same or a
new mecha-
nism
α
≈0,15
An authenti-
cation mech-
anism was
changed
QoP
j
A user finally
authenticate
himself
≈0,β5
Decrease
With every
user try his or
her satisfac-
tion is lower
≈0,1
First or sec-
ond trial was
failed
1024 PROCEEDINGS OF THE FEDCSIS. GDA
´
NSK, 2016
2
) but still can try authenticate himself (increase with
2
).
Finally, a user authenticates himself so his satisfaction increases
with the value ().
In most cases MOS dependency has an exponential distribution,
so in the first state final QoE value is equal:
5exp,5
5exp1,exp
1exp,1
1
ZAif
ZAifZA
ZAif
QoE
jFIN
(9)
where
21211
QoEZ
For the second state (and each next one) the value of QoE de-
pends on QoE value from the previous state. QoE value on the
beginning of a new state, which is connected with the previous
is equal:
5exp,5
5exp1,exp
1exp,1
1
ZAif
ZAifZA
ZAif
QoE
FINj
(10)
where
321211
QoEZ
The value of α
3
is reflects the result of changing the authentica-
tion protocol. Basically founding connection between two val-
ues of QoE and calculation one average value is a difficult is-
sue. Thus, reasonable is to assume the worst case in which
choosing value is lesser. In presented case the lesser value is
chosen between a value from the previous state and the QoE
value for the present authentication protocol (for the present
state):
jFINFINjj
QoEQoEQoE ,min
1
(11)
For such a value of QoE calculations are performed based on
formula (8) in case of an authentication. When the user finally
do not authenticate correctly, his/her QoE decrees to 0 (but with
flow of time this value can grow because the user thinks about
this situation and agrees that this mechanism is secure and pro-
tects him against crackers ).
Finally, for each branch of the tree the following 3-tuple was
calculated: (P(B
n
),QoE
FINpath
,QoP
FINpath
). Probability of
choosing particular path includes QoE and QoP values. But it
may be that paths have values like in TABLE II.
TABLE III
EXAMPLE OF RESULTS OF THE DECISION TREE ALGORITHM
Path number
1
2
3
4
QoE
3
3,5
4,5
3
QoP
3
4,5
3,5
4
Probability
0,5
0.9
0,7
0,6
It would seem that the path number 2 is the best one when con-
sidering the probability. However it is not so obvious. The path
number 3 has a higher value of QoE, but a lesser value of QoP.
Due to this fact there is need to use multi-objective optimization
to choose the best path.
Let us assume that all results from the decision tree algorithm
are in TABLE IV.
TABLE IV
ALL RESULTS FROM THE DECISION TREE ALGORITHM
Path
number
1
2
3
4
…
n
Weight
QoE
qoe
1
qoe
2
qoe
3
qoe
4
…
qoe
n
w
1
QoP
qop
1
qop
2
qop
3
qop
4
…
qop
n
w
2
Proba-
bility
p
1
p
2
p
3
p
4
…
p
n
w
3
To choose which path is the best weight sum method should
be used. In general below conditions must met:
Maximize:
n
i
ij
uKwuf
1
)()(
Subject to:
,Uu
where the weights w
i
, i=1,…,n corresponding to objective
function satisfy the following conditions:
n
i
i
niww
1
1
,...,1,0,1
,
and K
i
(u) is the objective function and U is feasible design
space.
In general the maximized formula must be satisfied:
n
i
lii
n
i
kiilk
uKwuKwuu
11
)()(
It means that decision u
k
is better than decision u
l
when sum of
multiplications of weight and objective function of decision u
k
is greater than for the decision u
l
.
In presented case the function f(u) for each path is presented
in TABLE V
TABLE V
VALUE OF FUNCTION F(U) IN MULTI –OBJECTIVE OPTIMIZATION
Path
num-
ber
1
2
3
4
…
n
Weight
QoE
qoe
1
qoe
2
qoe
3
qoe
4
…
qoe
n
w
1
QoP
qop
1
qop
2
qop
3
qop
4
…
qop
n
w
2
Proba-
bility
p
1
p
2
p
3
p
4
…
p
n
w
3
f(u)
qoe
1
∙
w
1
+
qop
1
∙
w
2
+
p
1
∙w
3
qoe
2
∙ w
2
+
qop
2
∙w
2
+
p
2
∙w
3
qoe
3
∙
w
1
+
qop
3
∙
w
2
+
p
3
∙ w
3
qoe
4
∙
w
1
+
qop
4
∙
w
2
+
p
4
∙ w
3
qoe
n
∙
w
1
+
qop
n
∙
w
2
+
p
n
∙ w
3
Of course to perform optimization values of should be normal-
ized. What is also important that calculation are made with as-
sumption that the most important should be path with the high-
est QoE value than path with QoP value and a finally probabil-
ity of path. It means that w
1
> w
2
> w
3
.
In considered example f(u) has the following values (see
TABLE VI):
MARIUSZ SEPCZUK, ZBIGNIEW KOTULSKI: A NEW AUTHENTICATION MANAGEMENT MODEL 1025