PRAN: A Provenance Based Model and Prototype to Strengthen Authentication

  • Rajidi Satish Chandra ReddyEmail author
  • Srinivas Reddy Gopu
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 927)


In this paper, we present the provenance based authentication (PRAN) model, and prototype that aims to strengthen password-based authentication of a system—ensuring legitimacy of a user’s identity by detecting anomalous user logins without the need for other obtrusive authentication factors. The PRAN model utilizes authentication provenance along with traditional methods. We evaluate the prototype with password stealing/sharing use cases. We observe that the PRAN prototype detects anomalous logins, and also legitimate logins thereby preventing applications from allowing anomalous user logins’.


  1. 1.
    Groth, P., Moreau, L.: PROV-overview. An overview of the PROV family of documents (2013)Google Scholar
  2. 2.
    Braun, U., Shinnar, A.: A security model for provenance (2006)Google Scholar
  3. 3.
    Hasan, R., Sion, R., Winslett, M.: The case of the fake Picasso: preventing history forgery with secure provenance. In: FAST, vol. 9, pp. 1–14 (2009)Google Scholar
  4. 4.
    Syalim, A., Nishide, T., Sakurai, K.: Preserving integrity and confidentiality of a directed acyclic graph model of provenance. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 311–318. Springer, Heidelberg (2010)Google Scholar
  5. 5.
    Park, J., Nguyen, D., Sandhu, R.: A provenance-based access control model. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 137–144. IEEE (2012)Google Scholar
  6. 6.
    Nguyen, D., Park, J., Sandhu, R.: Dependency path patterns as the foundation of access control in provenance-aware systems. In: TaPP (2012)Google Scholar
  7. 7.
    Sun, L., Park, J., Sandhu, R.: Engineering access control policies for provenance-aware systems. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 285–292. ACM (2013)Google Scholar
  8. 8.
    Nguyen, D., Park, J., Sandhu, R.: A provenance-based access control model for dynamic separation of duties. In: 2013 Eleventh Annual International Conference on Privacy, Security and Trust (PST), pp. 247–256. IEEE (2013)Google Scholar
  9. 9.
    Sun, L., Park, J., Nguyen, D., Sandhu, R.: A provenance-aware access control framework with typed provenance. IEEE Trans. Dependable Secur. Comput. 13(4), 411–423 (2016)CrossRefGoogle Scholar
  10. 10.
    Khan, H.Z.U., Zahid, H.: Comparative study of authentication techniques. Int. J. Video Image Process. Netw. Secur. (IJVIPNS) 10(4), 9–13 (2010)Google Scholar
  11. 11.
    Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and Privacy, pp. 553–567. IEEE (2012)Google Scholar
  12. 12.
    Cadenhead, T., Khadilkar, V., Kantarcioglu, M., Thuraisingham, B.: A language for provenance access control. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, pp. 133–144. ACM (2011)Google Scholar
  13. 13.
    Miles, S., Groth, P., Munroe, S., Moreau, L.: PrIMe: a methodology for developing provenance-aware applications. ACM Trans. Softw. Eng. Methodol. (TOSEM) 20(3), 8 (2011)CrossRefGoogle Scholar
  14. 14.
    Al-Karkhi, A., Al-Yasiri, A., Linge, N.: Discreet verification of user identity in pervasive computing environments using a non-intrusive technique. Comput. Electr. Eng. 41, 102–114 (2015)CrossRefGoogle Scholar
  15. 15.
    Yampolskiy, R.V., Govindaraju, V.: Behavioural biometrics: a survey and classification. Int. J. Biom. 1(1), 81–113 (2008)CrossRefGoogle Scholar
  16. 16.
    Prud, E., Seaborne, A.: SPARQL query language for RDF (2006)Google Scholar
  17. 17.
    Buriro, A.: Behavioral biometrics for smartphone user authentication. Ph.D. diss., University of Trento (2017)Google Scholar
  18. 18.
    Extensible Access Control Markup Language (XACML), version 3.0. Oasis Standard, 22 January 2013Google Scholar
  19. 19.
    Carroll, J.J., Klyne, G.: Resource Description Framework ({RDF}): Concepts and Abstract Syntax (2004)Google Scholar
  20. 20.
    Khan, W.Z., Aalsalem, M.Y., Xiang, Y.: A graphical password based system for small mobile devices (2011). arXiv preprint: arXiv:1110.3844
  21. 21.
    Ruoti, S., Andersen, J., Seamons, K.E.: Strengthening password-based authentication. In: Way@ Soups (2016)Google Scholar
  22. 22.
    Sun, H.-M., Chen, Y.-H., Lin, Y.-H.: oPass: a user authentication protocol resistant to password stealing and password reuse attacks. IEEE Trans. Inf. Forensics Secur. 7(2), 651–663 (2012)CrossRefGoogle Scholar
  23. 23.
    Reddy, R.S.C., Gopu, S.R.: A dynamic delegation model and prototype for an enterprise context. In: 2017 IEEE Conference on Open Systems (ICOS), pp. 71–76. IEEE (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Rajidi Satish Chandra Reddy
    • 1
    Email author
  • Srinivas Reddy Gopu
    • 1
  1. 1.Tata Consultancy ServicesHyderabadIndia

Personalised recommendations