Privacy-centered authentication: a new framework and analysis

© 2023 Elsevier. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/The usage of authentication schemes is increasing in our daily life with the ubiquitous spreading Internet services. The verification of user’s identity is still predominantly password-based, despite of being susceptible to various attacks and openly hated by users. Bonneau et al. presented a framework, based on Usability, Deployability, and Security criteria (UDS), to evaluate authentication schemes and find a replacement for passwords. Although the UDS framework is a mature and comprehensive evaluation framework and has been extended by other authors, it does not analyse privacy aspects in the usage of authentication schemes. In the present work, we extend the UDS framework with a privacy category to allow a more comprehensive evaluation, becoming an UDSP framework. We provide a thorough, rigorous assessment of sample authentication schemes, including analyse novel behavioural biometrics. Our work also discusses implementation aspects regarding the new privacy dimension and sketches the prospect of future authentication schemes.Javier Parra-Arnau is the recipient of a “Ramón y Cajal” fellowship (ref. RYC2021–034256-I) funded by the Spanish Ministry of Science and Innovation and the European Union – “NextGenerationEU”/PRTR (Plan de Recuperación, Transformación y Resiliencia). This work was also supported by the Spanish Government under the project “Enhancing Communication Protocols with Machine Learning while Protecting Sensitive Data (COMPROMISE)” PID2020–113795RB-C31, funded by MCIN/AEI/10.13039/501100011033, and through the project “MOBILYTICS” (TED2021–129782B-I00), funded by MCIN/AEI/10.13039/501100011033 and the European Union “NextGenerationEU”/PRTR.Peer ReviewedPostprint (published version