CAA-MFA: Context Aware And Adaptive Multifactor Authentication

Thursday, July 9, 2026 - 09:00 am
online

DISSERTATION DEFENSE

Author :  Jonathan Sharp
Advisors: Dr. Csilla Farkas
Date: July 09, 2026
Time: 09:00 Am
Location:  Virtual
Link:  https://teams.microsoft.com/meet/22071693515848?p=LRAW7BhvdNDjot6moR


Abstract
In this dissertation, we studied how to improve multi-factor authentication using context-aware and adaptive authentication methods. We developed the ContextAware Adaptive Multi-factor Authentication (CAA-MFA) framework to enhance the usability and security of authentication systems in dynamic environments. Traditional multi-factor authentication (MFA) systems often rely on static combinations of factors regardless of contextual risk. This limits their effectiveness against evolving threats such as phishing, social engineering, credential compromise, and MFA
fatigue attacks (1). CAA-MFA addresses these challenges by adjusting authentication requirements based on real-time context, trust, policy constraints, and access risk.
The proposed framework treats authentication as a decision-making problem shaped by dynamic risk and policy compliance. It models user and environmental context semantically, evaluates the trustworthiness of available authentication factors, selects
authentication factors through constraint solving, and quantifies access risk using a Risk Level Assessment (RLA) model. By modeling context through ontologies and enforcing factor-selection constraints formally, CAA-MFA supports structured adaptation and scalable policy enforcement across heterogeneous environments (2). The framework also builds on trust-based reasoning for adaptive authentication by assigning trust scores to authentication factor-source pairs and selecting factors that satisfy constraints related to trustworthiness, privacy, usability, and required security level
(3).
The framework was evaluated using 12,000 labeled login attempts, including
iii
10,000 legitimate login attempts and 2,000 attacker attempts. The evaluation measured authentication performance, computational overhead, runtime cost, and the contribution of SAT-based factor selection and RLA. The strongest configuration,using both SAT-based selection and RLA with an SVM classifier, achieved an Equal Error Rate (EER) of 0.0102, Area Under the Curve (AUC) of 0.9965, and F1-score of 0.9852. These results show that CAA-MFA can distinguish legitimate and adversarial login attempts with strong performance while providing a structured method
for adjusting authentication strength according to contextual risk. The main research questions in this dissertation are as follows:


1. How can we model user and environmental context to support adaptive multi-factor authentication?
 

We proposed a semantic context model that captures relevant features from users, devices, behavior, history, and the surrounding environment. These features include user roles, device attributes, network conditions, location, time, behavioral indicators, and privacy requirements. The model uses ontologies to support structured reasoning about contextual conditions, enabling the authentication system to interpret contextual changes and supply meaningful inputs to downstream trust evaluation and factor selection.


2. How can we dynamically select authentication factors using constraintsolving based on contextual trust?
 

We proposed a formal mechanism for selecting authentication factors using trust evaluation and constraint satisfaction. The framework supports both passive and active authentication factors. Passive factors include device identifiers, location data, application history, and other contextual signals, while active factors include biometric input, typing behavior, user-entered PINs, and other explicit verification methods. Each factor-source pair is assigned a trust score iv reflecting reliability, source integrity, and contextual relevance. The selection of factors is modeled as a constraint satisfaction problem, and a SAT solver is used to enforce policy requirements such as minimum trust thresholds, usability constraints, and privacy constraints. This approach enables dynamic adaptation to changing contexts without relying on static authentication workflows.
 

3. How can we quantify the cost versus benefit of utilizing CAA-MFA over traditional MFA?
 

We evaluated the practical trade-offs introduced by deploying CAA-MFA compared to static MFA systems. The evaluation considers usability, computational overhead, implementation complexity, and security effectiveness. The results show that CAA-MFA introduces additional operational cost through context modeling, SAT-based factor selection, RLA computation, and classifier evaluation. However, these costs are justified in environments where authentication risk varies across users, devices, networks, and resources because the adaptive model provides measurable improvement in authentication performance and policy-aware factor selection.
 

4. How can we quantify access risk and use it to adjust authentication strength in real time?


We developed an access-risk model that incorporates contextual factors, authentication strength, historical user behavior, user clearance, and resource sensitivity. The model generates a continuous Risk Level Assessment (RLA) score that supports real-time adjustment of authentication strength. This score helps determine when to escalate verification requirements in high-risk contexts and when to reduce unnecessary authentication burden in low-risk contexts. The RLA model is integrated with the context-aware factor selection framework and evaluated through the authentication performance and ablation studies.

Time Series Segmentation and Dense Human Activity Recognition for Puff Detection

Friday, July 10, 2026 - 10:00 am
online

 THESIS DEFENSE

Author :  Jakub Jerzmanowski
Advisors: Dr. Homayoun Valafar
Date: July 10, 2026
Time: 10:00 Am
Location:  Room 2265, Storey Innovation building

Link:  https://teams.microsoft.com/l/meetup-join/19%3ameeting_NWQzZDZhOTItMjNi…

Abstract
Cigarette smoking remains the leading cause of preventable death in the United States, claiming approximately 480,000 lives annually. Clinicians who tailor cessation interventions are limited by their data: knowing that a person smoked is far less useful than knowing when each puff began and ended, information from which count, duration, and inter-puff interval follow. Wrist-worn inertial measurement unit (IMU) systems can sense smoking unobtrusively, but existing methods classify coarse fixed-length windows rather than the puffs themselves, and so cannot recover this structure. We frame puff detection as dense, per-timestep segmentation, labeling every IMU sample and evaluating at the event level. To our knowledge, this is the first treatment of smoking-puff detection as a segmentation task. Using leave-one-subject-out cross validation, we show that window classifiers, run densely, collapse under strict overlap (event F1 at IoU 0.75 near 0.05), placing predictions in the right neighborhood but the wrong shape, whereas a 1D U-Net adapted to the time domain reaches 0.714 on our 1,500-hour, six-participant in-situ dataset. Decomposing the residual error shows that localization is essentially solved (matched-puff IoU of 0.93 to 0.99); the entire remainder is missed detections, concentrated in one hard participant who drives a pooled miss rate of 0.101. Because the bottleneck is per-person recall, we close it with personalization: warm restarting on as few as ten of a participant’s own puffs cuts the hard subject’s miss rate from 0.38 to 0.05 while boundary quality holds, reframing the problem as one of data and personalization rather than architecture.