An Intelligent Role-Based Access Control Model Enhanced with Risk-Based Multi-Factor Authentication

Abstract

This study presents an Intelligent Role-Based Access Control model enhanced with Risk-Based Multi-Factor Authentication (R-MFA) to overcome the limitations of traditional Role-Based Access Control (RBAC) and standard role-based access control with Multi-Factor Authentication (MFA) approaches. The model combines structured authorization with adaptive, context-aware authentication to achieve a better balance between security and system performance. Its effectiveness was assessed by comparing it with traditional role-based access control and role-based access control integrated with multi-factor authentication using key performance metrics such as authentication time, access success rate, false acceptance rate (FAR), system throughput, and security strength index. The findings reveal that traditional role-based access control offers the fastest authentication time (1.2 seconds) and highest throughput (120 requests per second), but suffers from weaker security, with a 6.5% FAR and a security strength index of 68.0%. The introduction of standard multi-factor authentication improves security, increasing the success rate to 96.2% and reducing FAR to 3.1%, although it leads to higher authentication time (3.8 seconds) and lower throughput (95 requests per second). In contrast, the Intelligent role-based access control model enhanced with risk-based multi-factor authentication achieves a more balanced outcome, delivering a 97.8% success rate, a low FAR of 1.2%, moderate authentication time of 2.4 seconds, throughput of 110 requests per second, and the highest security strength index of 94.2%. Overall, the results highlight the model’s ability to enhance security without significantly compromising system efficiency.