Authentication is crucial to confirm that an individual or entity trying to perform an action is actually who or what they claim to be. In dynamic environments such as the Internet of Things (IoT), Internet of Vehicles (IoV), healthcare, and smart cities, security risks can change depending on varying contextual factors (e.g., user attempting to authenticate, location, device type). Thus, authentication methods must adapt to mitigate changing security risks while meeting usability and performance requirements. However, existing adaptive authentication systems provide limited guidance on (a) representing contextual factors, requirements, and authentication methods (b) understanding the influence of contextual factors and authentication methods on the fulfilment of requirements, and (c) selecting effective authentication methods that reduce security risks while maximizing the satisfaction of the requirements. This paper proposes a framework for engineering adaptive authentication systems that dynamically select effective authentication methods to address changes in contextual factors and security risks. The framework leverages a contextual goal model to represent requirements and the influence of contextual factors on security risks and requirement priorities. It uses an extended feature model to represent potential authentication methods and their impacts on mitigating security risks and satisfying requirements. At runtime, when contextual factors change, the framework employs a Fuzzy Causal network encoded using the Z3 SMT solver to analyze the goal and feature models, enabling the selection of effective authentication methods. We demonstrate and evaluate our framework through its application to real-world authentication scenarios in the IoV and the healthcare domains.

翻译：认证对于确认试图执行操作的个体或实体是否确为其声称的身份至关重要。在物联网、车联网、医疗保健和智慧城市等动态环境中，安全风险可能随不同的情境因素（例如尝试认证的用户、位置、设备类型）而变化。因此，认证方法必须适应变化以缓解不断演变的安全风险，同时满足可用性和性能要求。然而，现有的适应性认证系统在以下方面提供的指导有限：(a) 如何表示情境因素、需求及认证方法；(b) 如何理解情境因素和认证方法对需求满足的影响；(c) 如何选择能降低安全风险并最大化满足需求的有效认证方法。本文提出了一种用于工程化适应性认证系统的框架，该框架能动态选择有效的认证方法以应对情境因素和安全风险的变化。该框架利用情境目标模型来表示需求，以及情境因素对安全风险和需求优先级的影响。它采用扩展特征模型来表示潜在的认证方法及其对缓解安全风险和满足需求的影响。在运行时，当情境因素发生变化时，该框架利用通过Z3 SMT求解器编码的模糊因果网络来分析目标和特征模型，从而实现有效认证方法的选择。我们通过在车联网和医疗保健领域的实际认证场景中的应用，对该框架进行了演示和评估。