Federated Trust-Based Authentication for Secure Mobile Cloud Access
DOI:
https://doi.org/10.54654/isj.v1i24.1113Keywords:
Federated learning, trusted computing, mobile cloud computing, risk-based authenticationTóm tắt
The proliferation of mobile cloud services significantly increases the complexity and risks associated with user authentication. Traditional password-based authentication methods are vulnerable to credential theft and account takeover attacks. Although centralized Risk-Based Authentication (RBA) methods enhance security by evaluating login attempt risks, they often compromise user privacy by aggregating sensitive authentication data. To overcome these challenges, this paper proposes a federated trust-based authentication framework utilizing federated learning (FL) integrated with an Artificial Neural Network enhanced by Batch Normalization (ANN-BN). Specifically, our framework calculates a trust score for each login attempt based on user behavior patterns and contextual threat indicators. This trust-based approach enables accurate detection of malicious login attempts while preserving user privacy by performing decentralized model training across multiple client devices. Experiments conducted on a real-world login dataset demonstrate that the proposed federated ANN-BN approach achieves high detection accuracy with a low false-alarm rate, effectively balancing security enhancement and privacy preservation. Our results confirm the effectiveness and practicality of federated learning for secure authentication in mobile cloud environments, highlighting its potential for real-world deployment and motivating future research directions.
Downloads
References
. T. G. Tan, P. Szalachowski, and J. Zhou, “Securing Password Authentication for Web-based Applications”, in 2022 IEEE Conference on Dependable and Secure Computing (DSC), Edinburgh, United Kingdom: IEEE, Jun. 2022, pp. 1–10. doi: 10.1109/DSC54232.2022.9888923.
. S. Wiefling, P. R. Jørgensen, S. Thunem, and L. L. Iacono, “Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service”, ACM Trans. Priv. Secur., vol. 26, no. 1, pp. 1–36, Feb. 2023, doi: 10.1145/3546069.
. H. Tabrizchi and A. Aghasi, “Introduction to Federated Learning,” in Federated Cyber Intelligence, in SpringerBriefs in Computer Science. , Cham: Springer Nature Switzerland, 2025, pp. 1–11. doi: 10.1007/978-3-031-86592-3_1.
. E. Akhmetshin et al., “An intelligent federated learning boosted cyberattack detection system for Denial-Of-Wallet attack using advanced heuristic search with multimodal approaches”, Sci. Rep., vol. 15, no. 1, p. 14265, Apr. 2025, doi: 10.1038/s41598-025-96986-5.
. P. A. Grassi et al., “Digital identity guidelines: authentication and lifecycle management”, National Institute of Standards and Technology, Gaithersburg, MD, NIST SP 800-63b, Jun. 2017. doi: 10.6028/NIST.SP.800-63b.
. S. Wiefling, M. Durmuth, and L. Lo Iacono, “Verify It’s You: How Users Perceive Risk-Based Authentication”, IEEE Secur. Priv., vol. 19, no. 6, pp. 47–57, Nov. 2021, doi: 10.1109/MSEC.2021.3077954.
. P. Qi, D. Chiaro, and F. Piccialli, “Small models, big impact: A review on the power of lightweight Federated Learning”, Future Gener. Comput. Syst., vol. 162, p. 107484, Jan. 2025, doi: 10.1016/j.future.2024.107484.
. Y. Zhang et al., “A Survey of Trustworthy Federated Learning: Issues, Solutions, and Challenges”, ACM Trans. Intell. Syst. Technol., vol. 15, no. 6, pp. 1–47, Dec. 2024, doi: 10.1145/3678181.
. H. B. McMahan, E. Moore, D. Ramage, and S. Hampson, “Communication-Efficient Learning of Deep Networks from Decentralized Data”, Int. Conf. Artif. Intell. Stat., pp. 1273–1282.
. J. Sen, Ed., Data Privacy - Techniques, Applications, and Standards. IntechOpen, 2025. doi: 10.5772/intechopen.1003421.
. W. Liu et al., “Privacy Preservation for Federated Learning With Robust Aggregation in Edge Computing”, IEEE Internet Things J., vol. 10, no. 8, pp. 7343–7355, Apr. 2023, doi: 10.1109/JIOT.2022.3229122.
. T. Liu, X. Hu, H. Xu, T. Shu, and D. N. Nguyen, “High-accuracy low-cost privacy-preserving federated learning in IoT systems via adaptive perturbation”, J. Inf. Secur. Appl., vol. 70, p. 103309, Nov. 2022, doi: 10.1016/j.jisa.2022.103309.
. C. Mazzocca, N. Romandini, M. Colajanni, and R. Montanari, “FRAMH: A Federated Learning Risk-Based Authorization Middleware for Healthcare,” IEEE Trans. Comput. Soc. Syst., vol. 10, no. 4, pp. 1679–1690, Aug. 2023, doi: 10.1109/TCSS.2022.3210372.
. X. Li, M. Jiang, X. Zhang, M. Kamp, and Q. Dou, “Fedbn: Federated Learning On Non-Iid Features Via Local Batch Normalization,” ICLR 2021, 2021, [Online]. Available: https://iclr.cc/virtual/2021/poster/2846
. Y. Wang, Q. Shi, and T.-H. Chang, “Batch Normalization Damages Federated Learning on NON-IID Data: Analysis and Remedy,” in ICASSP 2023 - 2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Rhodes Island, Greece: IEEE, Jun. 2023, pp. 1–5. doi: 10.1109/ICASSP49357.2023.10095399.
. J. Zhong, H.-Y. Chen, and W.-L. Chao, “Making Batch Normalization Great in Federated Deep Learning,” 2023, International Workshop on Federated Learning in the Age of Foundation Models in Conjunction with NeurIPS 2023. Accessed: May 16, 2025. [Online]. Available: https://openreview.net/forum?id=iKQC652XIk
. D. Freeman, S. Jain, M. Duermuth, B. Biggio, and G. Giacinto, “Who Are You? A Statistical Approach to Measuring User Authenticity,” in Proceedings 2016 Network and Distributed System Security Symposium, San Diego, CA: Internet Society, 2016. doi: 10.14722/ndss.2016.23240.
. S. Wiefling, M. Dürmuth, and L. Lo Iacono, “What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics”, in Financial Cryptography and Data Security, vol. 12675, N. Borisov and C. Diaz, Eds., in Lecture Notes in Computer Science, vol. 12675. , Berlin, Heidelberg: Springer Berlin Heidelberg, 2021, pp. 361–381. doi: 10.1007/978-3-662-64331-0_19.
. S. Wiefling, P. R. Jørgensen, S. Thunem, and L. Lo Iacono, “Login Data Set for Risk-Based Authentication”, Zenodo, Jun. 30, 2022. doi: 10.5281/ZENODO.6782155.
. P. M. Sánchez Sánchez, A. Huertas Celdrán, N. Xie, G. Bovet, G. Martínez Pérez, and B. Stiller, “FederatedTrust: A solution for trustworthy federated learning”, Future Gener. Comput. Syst., vol. 152, pp. 83–98, Mar. 2024, doi: 10.1016/j.future.2023.10.013.
. M. S. Jere, T. Farnan, and F. Koushanfar, “A Taxonomy of Attacks on Federated Learning”, IEEE Secur. Priv., vol. 19, no. 2, pp. 20–28, Mar. 2021, doi: 10.1109/MSEC.2020.3039941.
. R. Aziz, S. Banerjee, S. Bouzefrane, and T. Le Vinh, “Exploring Homomorphic Encryption and Differential Privacy Techniques towards Secure Federated Learning Paradigm”, Future Internet, vol. 15, no. 9, p. 310, Sep. 2023, doi: 10.3390/fi15090310.
. M. Firdaus, H. T. Larasati, and K.-H. Rhee, “A Secure Federated Learning Framework using Blockchain and Differential Privacy”, in 2022 IEEE 9th International Conference on Cyber Security and Cloud Computing (CSCloud)/2022 IEEE 8th International Conference on Edge Computing and Scalable Cloud (EdgeCom), Xi’an, China: IEEE, Jun. 2022, pp. 18–23. doi: 10.1109/CSCloud-EdgeCom54986.2022.00013.
. O. Ibrahim Khalaf et al., “Federated learning with hybrid differential privacy for secure and reliable”, Secur. Priv., vol. 7, no. 3, p. e374, May 2024, doi: 10.1002/spy2.374.
. T. Li, A. K. Sahu, M. Zaheer, M. Sanjabi, A. Talwalkar, and V. Smith, “Federated Optimization in Heterogeneous Networks”, Proc. Mach. Learn. Syst., vol. 2, pp. 429–450, 2022.
. Y. Khazaeni, “Federated Learning With Matched Averaging”, Sep. 18, 2023. doi: 10.1287/fa7d97f0-ba96-4959-a51b-cf12b34c6d20.
. J. Li, “Exploration and Analysis of FedAvg, FedProx, FedMA, MOON, and FedProc Algorithms in Federated Learning”, in Proceedings of the 1st International Conference on Data Science and Engineering, Singapore, Singapore: SCITEPRESS - Science and Technology Publications, 2024, pp. 172–176. doi: 10.5220/0012836400004547.
. M. Cheng et al., “MFTE: Multifactor and fuzzy trust evaluation for federated learning in mobile edge computing”, Comput. Netw., vol. 265, p. 111340, Jun. 2025, doi: 10.1016/j.comnet.2025.111340.
. W. Jiang et al., “Fuzzy ensemble-based federated learning for EEG-based emotion recognition in Internet of Medical Things”, J. Ind. Inf. Integr., vol. 44, p. 100789, Mar. 2025, doi: 10.1016/j.jii.2025.100789.
. A. Mabrouk, R. P. Díaz Redondo, M. Abd Elaziz, and M. Kayed, “Ensemble Federated Learning: An approach for collaborative pneumonia diagnosis”, Appl. Soft Comput., vol. 144, p. 110500, Sep. 2023, doi: 10.1016/j.asoc.2023.110500.
. P. Oza and V. M. Patel, “Federated Learning-based Active Authentication on Mobile Devices”, in 2021 IEEE International Joint Conference on Biometrics (IJCB), Shenzhen, China: IEEE, Aug. 2021, pp. 1–8. doi: 10.1109/IJCB52358.2021.9484338.
. M. Wazzeh et al., “CRSFL: Cluster-based Resource-aware Split Federated Learning for Continuous Authentication”, J. Netw. Comput. Appl., vol. 231, p. 103987, Nov. 2024, doi: 10.1016/j.jnca.2024.103987.
. V. V. Thang, D. V. Pantiukhin, B. T. T. Quyen, and V. V. Vu, “A review of neural networks for rare intrusions detection in wireless networks”, J. Sci. Technol. Inf. Secur., vol. 3, no. 20, pp. 23–34, Dec. 2023, doi: 10.54654/isj.v3i20.984.
. Y. Chen, Y. Gui, H. Lin, W. Gan, and Y. Wu, “Federated Learning Attacks and Defenses: A Survey”, in 2022 IEEE International Conference on Big Data (Big Data), Osaka, Japan: IEEE, Dec. 2022, pp. 4256–4265. doi: 10.1109/BigData55660.2022.10020431.
. D. Chen, X. Jiang, H. Zhong, and J. Cui, “Building Trusted Federated Learning: Key Technologies and Challenges”, J. Sens. Actuator Netw., vol. 12, no. 1, p. 13, Feb. 2023, doi: 10.3390/jsan12010013.
. H. Fereidouni, “Enhancing Risk-Based Authentication with Federated Learning: Introducing the F-RBA Framework”, Univ. Montr., vol. abs/2412.12324, 2024, [Online]. Available: https://umontreal.scholaris.ca/items/589a3192-6edf-4566-95ea-45cc3d8f2235.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
