Question-based authentication using context data

In everyday life there are low risk situations where resources normally need to be protected and thus access to them controlled, but at the same time the implications of occasional unauthorized access are not severe. In these situations using an authentication technique that is expensive or requires significant effort from the user may not be justified. In this paper, we introduce a question- based authentication scheme appropriate for low risk situations. The scheme utilizes the context data already collected within a smart environment to generate the questions. Despite, the limited capabilities of the smart environment used in this experiment our preliminary study shows that using simple questions based on workplace events it is possible to discriminate between genuine users and impostors.