CASA: Context Aware Scalable Authentication, at SOUPS 2013
Upcoming SlideShare
Loading in...5
×
 

CASA: Context Aware Scalable Authentication, at SOUPS 2013

on

  • 158 views

We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication ...

We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication (e.g., typing a PIN) based on the combination of multiple passive factors (e.g., a user’s current location) for authentication. We provide a probabilistic framework for dynamically selecting an active authentication scheme that satisfies a specified security requirement given passive factors. We also present the results of three user studies evaluating the feasibility and users’ receptiveness of our concept. Our results suggest that location data has good potential as a passive factor, and that users can reduce up to 68% of active authentications when using an implementation of CASA, compared to always using fixed active authentication. Furthermore, our participants, including those who do not using any security mechanisms on their phones, were very positive about CASA and amenable to using it on their phones.

Statistics

Views

Total Views
158
Views on SlideShare
158
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Today, devices require the same authentication regardless of the contexts. for instance, when a phone is at user ’ s home and in a foreign country which the user has never been to, the phone always require a PIN to unlock. Because of this, we need to design authentication system to be secure even in the most risky case.
  • However, if security system costs too much, users simply stop using it. In the case of mobile phones, people stop using security lock. Actually, many existing work reported that about half of the users do not use security lock.
  • This clearly shows that the concept of one fits all does not work well. Then, a question is, do a few fit all? If we have a few security lock system, do they cover all situations? More specifically, How can we choose security lock system for different situations? Do they provide better security and usability for users? These are questions that we investigated in this work.
  • So, we propose context-aware scalable authentication In
  • And we tested the framework through filed studies with two rather simple implementations of the framework
  • I will come back to this term later in this presentation. Now, we can compare confidence levels given by different sets of signals. The next questions is what signal we should combine ----- Meeting Notes (7/9/13 13:09) ----- explain sign
  • In the second field study, we developed a authentication system that changes authentication schemes based on users ’ locations. Then, we tested the system using users ’ own phones for two weeks
  • Now, the question is what authentication schemes we have to use for different locations. For simplicity, we used three locations in our system. Home. workplace ad others. Also, we used three different authentication scheme, None, PIN and password. Finally, we used authentication at workplace as a standard.
  • Now, we come back to this equation.
  • We can compare confidence levels from different sets of signals. As an example, let ’ s compare a scenario where a person types correct PIN at workplace and a scenario where a person types correct PIN at other places.
  • the first terms in these equation denotes the confidence given by typing a correct PIN. These values can be calculated using entropies of PIN. The second term denotes the confidence given by being at certain locations these values were obtain in the first field study.
  • When we compare these two, the confidence in the second scenario is smaller than the first one. Intuitively, being at other place provide smaller confidence than being at workplace.
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • it can provide higher confidence than the first scenario ----- Meeting Notes (7/9/13 13:09) ----- entropy
  • by repeating the process, we came up with the two sets of configurations.
  • by repeating the process, we came up with the two sets of configurations.
  • ----- Meeting Notes (7/9/13 13:09) ----- comparison between the first study
  • ----- Meeting Notes (7/9/13 13:09) ----- add take aways
  • Qualitative feedback? 10
  • ----- Meeting Notes (7/25/13 07:30) ----- fix
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • ----- Meeting Notes (7/25/13 00:46) ----- laptop
  • ----- Meeting Notes (7/9/13 12:34) ----- location identification
  • We decided to start from a very simple and effective signal. That is location. Because people have their own mobility patterns, and random people don ’ t have access to users ’ home or workplaces. We thought that location can provide strong confidence about a person ’ s identity
  • We conducted two field study to investigate our idea. In the first study, we investigated how much we could improve the usability of user authentication in our system. The results were very positive. 60% of the time, people log into their phones at home or workplace. ----- Meeting Notes (7/9/13 13:09) ----- definition of other places
  • We categorized attackers in a 2x2 grid.
  • \log\frac{P(PIN|u=1)}{P(PIN|u=-1)}+\log\frac{P(W|u=1)}{P(W|u=-1)}\\ \log\frac{P(A|u=1)}{P(A|u=-1)}+\log\frac{P(H|u=1)}{P(H|u=-1)}
  • \log\frac{P(PIN|u=1)}{P(PIN|u=-1)}+\log\frac{P(W|u=1)}{P(W|u=-1)}\\ \log\frac{P(A|u=1)}{P(A|u=-1)}+\log\frac{P(H|u=1)}{P(H|u=-1)}

CASA: Context Aware Scalable Authentication, at SOUPS 2013 CASA: Context Aware Scalable Authentication, at SOUPS 2013 Presentation Transcript

  • CASA: Context-Aware Scalable Authentication Eiji Hayashi, Sauvik Das, Shahriyar Amini Jason Hong, Ian Oakery Human-Computer Interaction Institute Carnegie Mellon University
  • One Fits All? Devices require the same user authentication regardless of contexts
  • If Cost Too Much Stop using authentication system
  • A Few Could Fit All How can we choose security lock system for different situations? Do they provide better security and usability from users’ perspectives?
  • Context-Aware Scalable Authentication •Authenticate users using active factors and passive factors •Adjust an active factor based on passive factors •Quantitative way to choose an active factor
  • Prototype
  • Outline • Underlying Model • Feasibility Analysis (Field Study #1) • Prototype Evaluation (Field Study #2) • Security Analysis • Design Iteration (Field Study #3) • Conclusion
  • Outline • CASA Framework • Feasibility Analysis (Field Study #1) • Prototype Evaluation (Field Study #2) • Security Analysis • Design Iteration (Field Study #3) • Conclusion
  • CASA Framework
  • Combining Multiple Factors
  • Combining Multiple Factors The probability that a person is a legitimate user given a set of signals
  • Combining Multiple Factors The probability that a person is NOT a legitimate user given a set of signals
  • Combining Multiple Factors Weight that balances false positives and false negatives
  • Combining Multiple Factors Authenticate: A user is more likely to be a legitimate user
  • Combining Multiple Factors Reject: A user is less likely to be a legitimate user
  • Naive Bayes Model
  • Prototype Evaluation (Field Study #2)
  • Field Study #2 Test system that changes authentication schemes based on location
  • Choosing an Authentication Scheme Location Active Factor Home ? Workplace PIN Other Places ?
  • Naive Bayes Model
  • Compare Confidence Type PIN Be at workplace Type PIN Be at other place
  • Compare Confidence
  • Compare Confidence
  • Compare Confidence Type PIN Be at workplace Type Password Be at other place
  • Compare Confidence
  • Chosen Authentication Scheme Location Active Factor Home ? Workplace PIN Other Places Password
  • Two Conditions Location w/ PIN w/o PIN Home PIN None Workplace PIN None Other Places Password PIN
  • Screenshots
  • Field Study #2 • 32 participants • 18 to 40 years old (mean=24) • On their phones • For 2 weeks
  • Result: # of Activations Condition Home Workplace Other Places w/o PIN None 13.1 (1.4) None 2.5 (0.4) PIN 8.1 (1.1) w/ PIN PIN 24.5 (3.2) PIN 7.1 (1.0) Password 15.7 (2.0)
  • Result: # of Activations Condition Home Workplace Other Places w/o PIN 65.8% 34.2% w/ PIN 66.8% 33.2%
  • Result: User Feedback Condition Easy to understand Secure Prefer to use w/o PIN 5 4 3.5 w/ PIN 4 4 3
  • Quotes P3 said, “I don't normally use a security lock, but I would be much more inclined to use one if it didn't require constant unlocking.”
  • Quotes P5 said, “I like the system. It’s a great pain to type pin at home, because the nature of the phone, it goes to sleep quickly, then I have to type pin again, which is super annoying.”
  • Quotes P12 said, “Typing passwords to check text was annoying. I don't think I will use it.”
  • Appropriate Security Level Location Using PIN No Security Locks Home None Workplace Other Places PIN
  • Appropriate Security Level Location Using PIN No Security Locks Home PIN Workplace PIN Other Places PIN
  • Appropriate Security Level Location Using PIN No Security Locks Home PIN None Workplace PIN Other Places PIN
  • Appropriate Security Level Location Using PIN No Security Locks Home PIN None Workplace PIN None Other Places PIN None
  • Design Iteration (Field Study #3)
  • Design Iteration • Appropriate security level • Workplace is not as safe as home
  • Appropriate Security Level Location Active Factor Home None Workplace Other Places
  • Appropriate Security Level Location Active Factor Home None Workplace Other Places PIN
  • Workplace is not safe No Active Factor Be at Home No Active Factor Be at Workplace + +
  • Workplace is not safe No Active Factor Be at Home Type PIN Be at Workplace + +
  • Workplace is not safe No Active Factor Be at Home Using Computer Be at Workplace + +No Active Factor +
  • Active Factor Selection Location Active Factor Home None Workplace when using computers None Workplace when not using computers PIN Others PIN
  • Notification
  • Field Study #3 • 18 participants • 21 to 40 years old (mean=26.3) • On their phones and laptops • For 10 to 14 days
  • Result: At Workplace Grey: Computer not used Black: Computer used
  • Result: User Feedback Feature Easy to understand Useful Secure Prefer to use Location- based 5 4.5 4 4 Comp- based 4.5 4 3.5 3.5 Notification - 4 - 4
  • Quote • P17 said, “It is annoying to use security locks all the time, but whereas if I had such a system which requires pin only at unsecure places its usefulness adds more value when compared to the annoyance caused by it. So, I will definitely use it.”
  • Conclusion • Proposed a Naive Bayes framework to combine multiple factors to adjust active authentication schemes • The framework allowed us to choose active factor in a quantitative way • Field studies indicated that users preferred the proposed system
  • Backup
  • Feasibility Analysis (Field Study #1)
  • Location as a Signal • People have their own mobility patterns • Random people don’t have access to certain places
  • Field Study #1 • Where do people log in to their phones? • 32 participants • 7 to 140 days PlacePlace Mean Time [%]Mean Time [%] Mean Activation [%]Mean Activation [%] 1 (Home) 38.9 31.9 2 (Workplace) 18.7 28.9 Others 42.4 39.2
  • Security Analysis
  • Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert
  • Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert Strangers •CASA is as strong as PIN/password
  • Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert Family members, Friends, Co-workers •Trusted people •However, users trust co-workers less
  • Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert Dedicated attackers •Rare, but difficult to prevent •Detection rather than prevention
  • Adjusting Security Levels
  • Results: # of Activations Gray: w/ PIN Black: w/o PIN
  • Compare Confidence
  • Result: User Feedback Condition Easy to understand Secure Prefer to use w/o PIN 5 4 3.5 w/ PIN 4 4 3 3 4
  • Compare Confidence