Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic Review

Abstract

The ever-increasing volumes of social knowledge shared in online social networks, the establishment of trustworthy social relationships over these platforms, and the emergence of technologies that allow friendship networks to be inferred from data exchanged in communication networks have motivated researchers to build socially aware authentication schemes. We conduct the first study that surveys the literature related to social authentication. In this paper, we not only created a taxonomy for classifying all social authentication schemes deployed in online or physical social contexts and extensively analyzed their authentication features, but also built a novel framework for evaluating the effectiveness of all social authentication schemes, identified all the practical and theoretical attacks that may be mounted against such schemes, addressed possible defense strategies, and identified challenges, open questions, and future research opportunities. To measure their accuracy, strengths, weaknesses, and limitations, as well as to identify the potential of knowledge-based and trust-based social authentication schemes, a comprehensive comparative assessment of the security, usability, and deployability was conducted. We hope, by providing a solid foundation for gaining sufficient understanding of the manners in which users' social interactions have been utilized in user authentication schemes and their corresponding security implications, we will guide future research in this domain.