We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication (e.g., typing a PIN) based on the combination of multiple passive factors (e.g., a user’s current location) for authentication. We provide a probabilistic framework for dynamically selecting an active authentication scheme that satisfies a specified security requirement given passive factors. We also present the results of three user studies evaluating the feasibility and users’ receptiveness of our concept. Our results suggest that location data has good potential as a passive factor, and that users can reduce up to 68% of active authentications when using an implementation of CASA, compared to always using fixed active authentication. Furthermore, our participants, including those who do not using any security mechanisms on their phones, were very positive about CASA and amenable to using it on their phones.
3. If Cost Too Much
Stop using authentication system
4. A Few Could Fit All
How can we choose security lock
system for different situations?
Do they provide better security and
usability from users’ perspectives?
33. Quotes
P3 said, “I don't normally use a security
lock, but I would be much more inclined to
use one if it didn't require constant
unlocking.”
34. Quotes
P5 said, “I like the system. It’s a great pain
to type pin at home, because the nature of
the phone, it goes to sleep quickly, then I
have to type pin again, which is super
annoying.”
51. Result: User Feedback
Feature
Easy to
understand
Useful Secure
Prefer to
use
Location-
based
5 4.5 4 4
Comp-
based
4.5 4 3.5 3.5
Notification - 4 - 4
52. Quote
• P17 said, “It is annoying to use security
locks all the time, but whereas if I had
such a system which requires pin only
at unsecure places its usefulness adds
more value when compared to the
annoyance caused by it. So, I will
definitely use it.”
53. Conclusion
• Proposed a Naive Bayes framework to
combine multiple factors to adjust active
authentication schemes
• The framework allowed us to choose
active factor in a quantitative way
• Field studies indicated that users
preferred the proposed system
56. Location as a Signal
• People have their own mobility patterns
• Random people don’t have access to
certain places
57. Field Study #1
• Where do people log in to their phones?
• 32 participants
• 7 to 140 days
PlacePlace Mean Time [%]Mean Time [%] Mean Activation [%]Mean Activation [%]
1 (Home) 38.9 31.9
2 (Workplace) 18.7 28.9
Others 42.4 39.2
Today, devices require the same authentication regardless of the contexts. for instance, when a phone is at user ’ s home and in a foreign country which the user has never been to, the phone always require a PIN to unlock. Because of this, we need to design authentication system to be secure even in the most risky case.
However, if security system costs too much, users simply stop using it. In the case of mobile phones, people stop using security lock. Actually, many existing work reported that about half of the users do not use security lock.
This clearly shows that the concept of one fits all does not work well. Then, a question is, do a few fit all? If we have a few security lock system, do they cover all situations? More specifically, How can we choose security lock system for different situations? Do they provide better security and usability for users? These are questions that we investigated in this work.
So, we propose context-aware scalable authentication In
And we tested the framework through filed studies with two rather simple implementations of the framework
I will come back to this term later in this presentation. Now, we can compare confidence levels given by different sets of signals. The next questions is what signal we should combine ----- Meeting Notes (7/9/13 13:09) ----- explain sign
In the second field study, we developed a authentication system that changes authentication schemes based on users ’ locations. Then, we tested the system using users ’ own phones for two weeks
Now, the question is what authentication schemes we have to use for different locations. For simplicity, we used three locations in our system. Home. workplace ad others. Also, we used three different authentication scheme, None, PIN and password. Finally, we used authentication at workplace as a standard.
Now, we come back to this equation.
We can compare confidence levels from different sets of signals. As an example, let ’ s compare a scenario where a person types correct PIN at workplace and a scenario where a person types correct PIN at other places.
the first terms in these equation denotes the confidence given by typing a correct PIN. These values can be calculated using entropies of PIN. The second term denotes the confidence given by being at certain locations these values were obtain in the first field study.
When we compare these two, the confidence in the second scenario is smaller than the first one. Intuitively, being at other place provide smaller confidence than being at workplace.
So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
it can provide higher confidence than the first scenario ----- Meeting Notes (7/9/13 13:09) ----- entropy
by repeating the process, we came up with the two sets of configurations.
by repeating the process, we came up with the two sets of configurations.
----- Meeting Notes (7/9/13 13:09) ----- comparison between the first study
----- Meeting Notes (7/9/13 13:09) ----- add take aways
Qualitative feedback? 10
----- Meeting Notes (7/25/13 07:30) ----- fix
So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
We decided to start from a very simple and effective signal. That is location. Because people have their own mobility patterns, and random people don ’ t have access to users ’ home or workplaces. We thought that location can provide strong confidence about a person ’ s identity
We conducted two field study to investigate our idea. In the first study, we investigated how much we could improve the usability of user authentication in our system. The results were very positive. 60% of the time, people log into their phones at home or workplace. ----- Meeting Notes (7/9/13 13:09) ----- definition of other places