This work addresses the limitations of existing adaptive authentication systems in dynamic environments such as the Internet of Things, vehicular networks, and healthcare, where inadequate modeling of the interplay among context, security requirements, and authentication mechanisms hinders the simultaneous optimization of security, usability, and performance. To overcome this, the authors propose a requirement-driven adaptive authentication framework that captures security needs and contextual risks through a contextual goal model, represents authentication methods and their efficacy via an extended feature model, and dynamically selects optimal strategies at runtime using a fuzzy causal network integrated with the Z3 SMT solver. This approach uniquely combines contextual goal modeling with formal decision-making, and experimental evaluations in vehicular and healthcare scenarios demonstrate its effectiveness in adapting to environmental changes while achieving coordinated optimization across security and multidimensional system requirements.

Authentication is crucial to confirm that an individual or entity trying to perform an action is actually who or what they claim to be. In dynamic environments such as the Internet of Things (IoT), Internet of Vehicles (IoV), healthcare, and smart cities, security risks can change depending on varying contextual factors (e.g., user attempting to authenticate, location, device type). Thus, authentication methods must adapt to mitigate changing security risks while meeting usability and performance requirements. However, existing adaptive authentication systems provide limited guidance on (a) representing contextual factors, requirements, and authentication methods (b) understanding the influence of contextual factors and authentication methods on the fulfilment of requirements, and (c) selecting effective authentication methods that reduce security risks while maximizing the satisfaction of the requirements. This paper proposes a framework for engineering adaptive authentication systems that dynamically select effective authentication methods to address changes in contextual factors and security risks. The framework leverages a contextual goal model to represent requirements and the influence of contextual factors on security risks and requirement priorities. It uses an extended feature model to represent potential authentication methods and their impacts on mitigating security risks and satisfying requirements. At runtime, when contextual factors change, the framework employs a Fuzzy Causal network encoded using the Z3 SMT solver to analyze the goal and feature models, enabling the selection of effective authentication methods. We demonstrate and evaluate our framework through its application to real-world authentication scenarios in the IoV and the healthcare domains.