Dynamic control of complex authentication systems

Abstract

Consider a centralized system where requests for authentication arrive from different users. The system has multiple authentication methods available and a controller must decide how to assign a method to each request. We analyze the system dynamics using queueing models and propose a stochastic dynamic control methodology to assigning authentication methods to incoming tasks. We consider three different performance measures: usability, operating cost, and security. We model the trade-offs between these performance measures using a cost-based approach and a constraints-based approach, and derive structural and computational results on the optimal control strategies. We also provide a numerical example to illustrate the trade-offs between the three performance metrics, and show how to use our models to build an efficient frontier.