CERIAS Security Seminar: Adaptive Multi-Factor Authentication & Cyber Identity

The Center for Education and Research in Information Assurance and Security
September 28, 2022
4:30 PM - 5:30 PM


Dipankar Dasgupta
The University of Memphis

Abstract: Authentication is a critical part to ensure the identity of a legitimate user. During authentication, an individual’s credential is validated with a specific computational technique to determine the association of the user with his/her claimed identity.

In this talk, I will discuss an adaptive multi-factor authentication (A-MFA) framework which uses adaptive selection of multiple modalities at different operating environment so to make authentication strategy unpredictable to hackers. This methodology incorporates a novel approach of calculating trustworthy values of different authentication factors while the computing device being used under different environmental settings. Accordingly, a subset of authentication factors is determined (at triggering events) on the fly thereby leaving no exploitable a priori pattern or clue for adversaries. Such a methodology of adaptive authentication selection can provide legitimacy to user transactions with an added layer of access protection that is not rely on a fixed set of authentication modalities. Robustness of the system is assured by designing the framework in such a way that if any modality data get compromised, the system can still perform flawlessly using other non-compromised modalities. Scalability can also be achieved by adding new and/or improved modalities with existing set of modalities and integrating the operating/configuration parameters for the added modality.

I will highlight what type of evaluation be required for such identity management software to detect possible deep fakes and other forms of faking biometrics. Other attacks on current means of identity validation may become possible. What would be what good figures of merit to be used as response variables? What are good factors over which we would need to test for next-generation identity eco-systems.


· Advances in User Authentication. Dipankar Dasgupta,Arunava Roy, Abhijit Nag. Publisher: Springer-Verlag, Inc., August 2017.

· US Patent #9,912,657: Adaptive Multi-Factor Authentication, Dasgupta, et al., March6, 2018.

About: Dipankar Dasgupta is a Full Professor of Computer Science at the University of Memphis and has been in different faculty positions since 1997. He is at the forefront in applying bio-inspired approaches to cyber defense, served as a program co-chair at the National Cyber Leap Year Summit organized at the request of the White House Office of Science and Technology Directorate (2009). Some of his groundbreaking works, like digital immunity, negative authentication, and cloud insurance model, put his name in Computer World Magazine and other News media.Dr. Dasgupta received external funding from different federal agencies including NSF, DARPA, IARPA, NSA, NAVY, ONR DoD and DHS/FEMA.

  Dr. Dasgupta has more than 300 publications with about 20,000 citations and having h-index of 62 as per Google scholar. Prof. Dasgupta received the 2014ACM SIGEVO Impact Award, became Fellow of IEEE in 2015, ACM Distinguished Speaker from 2015-2020, and currently IEEE Distinguished Lecturer.

    In addition to Prof. Dasgupta’s research and creative activities, he also spearheads the University of Memphis’s education, training and outreach activities on Information Assurance (IA). He is the founding Director of the Center for Information Assurance (CfIA) which is a National Center for Academic Excellence in Information Assurance Education (CAE-IAE) and in Research(CAE-R). Because of the center’s wide range of activities, the University of Memphis is in the forefront of information security research, education, and outreach in the state as well as in the region.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info

Contact Details

Event Website


Add to calendar