A Survey on Quantitative Risk Estimation Approaches for Secure and Usable User Authentication on Smartphones.

Mobile user authentication acts as the first line of defense, establishing confidence in the claimed identity of a mobile user, which it typically does as a precondition to allowing access to resources in a mobile device. NIST states that password schemes and/or biometrics comprise the most conventional user authentication mechanisms for mobile devices. Nevertheless, recent studies point out that nowadays password-based user authentication is imposing several limitations in terms of security and usability; thus, it is no longer considered secure and convenient for the mobile users. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Alternatively, biometric-based user authentication has gained attention as a promising solution for enhancing mobile security without sacrificing usability. This category encompasses methods that utilize human physical traits (physiological biometrics) or unconscious behaviors (behavioral biometrics). In particular, risk-based continuous user authentication, relying on behavioral biometrics, appears to have the potential to increase the reliability of authentication without sacrificing usability. In this context, we firstly present fundamentals on risk-based continuous user authentication, relying on behavioral biometrics on mobile devices. Additionally, we present an extensive overview of existing quantitative risk estimation approaches (QREA) found in the literature. We do so not only for risk-based user authentication on mobile devices, but also for other security applications such as user authentication in web/cloud services, intrusion detection systems, etc., that could be possibly adopted in risk-based continuous user authentication solutions for smartphones. The target of this study is to provide a foundation for organizing research efforts toward the design and development of proper quantitative risk estimation approaches for the development of risk-based continuous user authentication solutions for smartphones. The reviewed quantitative risk estimation approaches have been divided into the following five main categories: (i) probabilistic approaches, (ii) machine learning-based approaches, (iii) fuzzy logic models, (iv) non-graph-based models, and (v) Monte Carlo simulation models. Our main findings are summarized in the table in the end of the manuscript.

Blockchain-Based Security Mechanisms for IoMT Edge Networks in IoMT-Based Healthcare Monitoring Systems.

Despite the significant benefits that the rise of Internet of Medical Things (IoMT) can bring into citizens' quality of life by enabling IoMT-based healthcare monitoring systems, there is an urgent need for novel security mechanisms to address the pressing security challenges of IoMT edge networks in an effective and efficient manner before they gain the trust of all involved stakeholders and reach their full potential in the market of next generation IoMT-based healthcare monitoring systems. In this context, blockchain technology has been foreseen by the industry and research community as a disruptive technology that can be integrated into novel security solutions for IoMT edge networks, as it can play a significant role in securing IoMT devices and resisting unauthorized access during data transmission (i.e., tamper-proof transmission of medical data). However, despite the fact that several blockchain-based security mechanisms have already been proposed in the literature for different types of IoT edge networks, there is a lack of blockchain-based security mechanisms for IoMT edge networks, and thus more effort is required to be put on the design and development of security mechanisms relying on blockchain technology for such networks. Towards this direction, the first step is the comprehensive understanding of the following two types of blockchain-based security mechanisms: (a) the very few existing ones specifically designed for IoMT edge networks, and (b) those designed for other types of IoT networks but could be possibly adopted in IoMT edge networks due to similar capabilities and technical characteristics. Therefore, in this paper, we review the state-of-the-art of the above two types of blockchain-based security mechanisms in order to provide a foundation for organizing research efforts towards the design and development of reliable blockchain-based countermeasures, addressing the pressing security challenges of IoMT edge networks in an effective and efficient manner.