CASA: Context-Aware
Scalable Authentication
Eiji Hayashi, Sauvik Das, Shahriyar Amini
Jason Hong, Ian Oakery
Human-Compute...
One Fits All?
Devices require the same user
authentication regardless of contexts
If Cost Too Much
Stop using authentication system
A Few Could Fit All
How can we choose security lock
system for different situations?
Do they provide better security and
u...
Context-Aware
Scalable Authentication
•Authenticate users using active factors
and passive factors
•Adjust an active facto...
Prototype
Outline
• Underlying Model
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Anal...
Outline
• CASA Framework
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Analys...
CASA Framework
Combining Multiple Factors
Combining Multiple Factors
The probability that a person is a
legitimate user given a set of signals
Combining Multiple Factors
The probability that a person is NOT a
legitimate user given a set of signals
Combining Multiple Factors
Weight that balances false positives
and false negatives
Combining Multiple Factors
Authenticate: A user is more likely to
be a legitimate user
Combining Multiple Factors
Reject: A user is less likely to be a
legitimate user
Naive Bayes Model
Prototype Evaluation
(Field Study #2)
Field Study #2
Test system that changes authentication
schemes based on location
Choosing an Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places ?
Naive Bayes Model
Compare Confidence
Type PIN Be at workplace
Type PIN Be at other place
Compare Confidence
Compare Confidence
Compare Confidence
Type PIN Be at workplace
Type Password Be at other place
Compare Confidence
Chosen Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places Password
Two Conditions
Location w/ PIN w/o PIN
Home PIN None
Workplace PIN None
Other Places Password PIN
Screenshots
Field Study #2
• 32 participants
• 18 to 40 years old (mean=24)
• On their phones
• For 2 weeks
Result: # of Activations
Condition Home Workplace Other Places
w/o PIN
None
13.1 (1.4)
None
2.5 (0.4)
PIN
8.1 (1.1)
w/ PIN...
Result: # of Activations
Condition Home Workplace Other Places
w/o PIN 65.8% 34.2%
w/ PIN 66.8% 33.2%
Result: User Feedback
Condition
Easy to
understand
Secure Prefer to use
w/o PIN 5 4 3.5
w/ PIN 4 4 3
Quotes
P3 said, “I don't normally use a security
lock, but I would be much more inclined to
use one if it didn't require c...
Quotes
P5 said, “I like the system. It’s a great pain
to type pin at home, because the nature of
the phone, it goes to sle...
Quotes
P12 said, “Typing passwords to check text
was annoying. I don't think I will use it.”
Appropriate Security Level
Location Using PIN No Security Locks
Home None
Workplace
Other Places PIN
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN
Workplace PIN
Other Places PIN
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN
Other Places PIN
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN None
Other Places PIN None
Design Iteration
(Field Study #3)
Design Iteration
• Appropriate security level
• Workplace is not as safe as home
Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places
Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places PIN
Workplace is not safe
No Active Factor Be at Home
No Active Factor Be at Workplace
+
+
Workplace is not safe
No Active Factor Be at Home
Type PIN Be at Workplace
+
+
Workplace is not safe
No Active Factor Be at Home
Using Computer Be at Workplace
+
+No Active Factor +
Active Factor Selection
Location Active Factor
Home None
Workplace when using computers None
Workplace when not using comp...
Notification
Field Study #3
• 18 participants
• 21 to 40 years old (mean=26.3)
• On their phones and laptops
• For 10 to 14 days
Result: At Workplace
Grey: Computer not used
Black: Computer used
Result: User Feedback
Feature
Easy to
understand
Useful Secure
Prefer to
use
Location-
based
5 4.5 4 4
Comp-
based
4.5 4 3...
Quote
• P17 said, “It is annoying to use security
locks all the time, but whereas if I had
such a system which requires pi...
Conclusion
• Proposed a Naive Bayes framework to
combine multiple factors to adjust active
authentication schemes
• The fr...
Backup
Feasibility Analysis
(Field Study #1)
Location as a Signal
• People have their own mobility patterns
• Random people don’t have access to
certain places
Field Study #1
• Where do people log in to their phones?
• 32 participants
• 7 to 140 days
PlacePlace Mean Time [%]Mean Ti...
Security Analysis
Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice ...
Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice ...
Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice ...
Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice ...
Adjusting Security Levels
Results: # of Activations
Gray: w/ PIN
Black: w/o PIN
Compare Confidence
Result: User Feedback
Condition
Easy to
understand
Secure Prefer to use
w/o PIN 5 4 3.5
w/ PIN
4 4 3
3 4
Compare Confidence
Upcoming SlideShare
Loading in...5
×

CASA: Context Aware Scalable Authentication, at SOUPS 2013

143

Published on

We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication (e.g., typing a PIN) based on the combination of multiple passive factors (e.g., a user’s current location) for authentication. We provide a probabilistic framework for dynamically selecting an active authentication scheme that satisfies a specified security requirement given passive factors. We also present the results of three user studies evaluating the feasibility and users’ receptiveness of our concept. Our results suggest that location data has good potential as a passive factor, and that users can reduce up to 68% of active authentications when using an implementation of CASA, compared to always using fixed active authentication. Furthermore, our participants, including those who do not using any security mechanisms on their phones, were very positive about CASA and amenable to using it on their phones.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
143
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Today, devices require the same authentication regardless of the contexts. for instance, when a phone is at user ’ s home and in a foreign country which the user has never been to, the phone always require a PIN to unlock. Because of this, we need to design authentication system to be secure even in the most risky case.
  • However, if security system costs too much, users simply stop using it. In the case of mobile phones, people stop using security lock. Actually, many existing work reported that about half of the users do not use security lock.
  • This clearly shows that the concept of one fits all does not work well. Then, a question is, do a few fit all? If we have a few security lock system, do they cover all situations? More specifically, How can we choose security lock system for different situations? Do they provide better security and usability for users? These are questions that we investigated in this work.
  • So, we propose context-aware scalable authentication In
  • And we tested the framework through filed studies with two rather simple implementations of the framework
  • I will come back to this term later in this presentation. Now, we can compare confidence levels given by different sets of signals. The next questions is what signal we should combine ----- Meeting Notes (7/9/13 13:09) ----- explain sign
  • In the second field study, we developed a authentication system that changes authentication schemes based on users ’ locations. Then, we tested the system using users ’ own phones for two weeks
  • Now, the question is what authentication schemes we have to use for different locations. For simplicity, we used three locations in our system. Home. workplace ad others. Also, we used three different authentication scheme, None, PIN and password. Finally, we used authentication at workplace as a standard.
  • Now, we come back to this equation.
  • We can compare confidence levels from different sets of signals. As an example, let ’ s compare a scenario where a person types correct PIN at workplace and a scenario where a person types correct PIN at other places.
  • the first terms in these equation denotes the confidence given by typing a correct PIN. These values can be calculated using entropies of PIN. The second term denotes the confidence given by being at certain locations these values were obtain in the first field study.
  • When we compare these two, the confidence in the second scenario is smaller than the first one. Intuitively, being at other place provide smaller confidence than being at workplace.
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • it can provide higher confidence than the first scenario ----- Meeting Notes (7/9/13 13:09) ----- entropy
  • by repeating the process, we came up with the two sets of configurations.
  • by repeating the process, we came up with the two sets of configurations.
  • ----- Meeting Notes (7/9/13 13:09) ----- comparison between the first study
  • ----- Meeting Notes (7/9/13 13:09) ----- add take aways
  • Qualitative feedback? 10
  • ----- Meeting Notes (7/25/13 07:30) ----- fix
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • So, if we want the confidence level in the second scenario as high as the one in the first scenario, we have to change the authentication scheme. If a person types a correct password at other places,
  • ----- Meeting Notes (7/25/13 00:46) ----- laptop
  • ----- Meeting Notes (7/9/13 12:34) ----- location identification
  • We decided to start from a very simple and effective signal. That is location. Because people have their own mobility patterns, and random people don ’ t have access to users ’ home or workplaces. We thought that location can provide strong confidence about a person ’ s identity
  • We conducted two field study to investigate our idea. In the first study, we investigated how much we could improve the usability of user authentication in our system. The results were very positive. 60% of the time, people log into their phones at home or workplace. ----- Meeting Notes (7/9/13 13:09) ----- definition of other places
  • We categorized attackers in a 2x2 grid.
  • \log\frac{P(PIN|u=1)}{P(PIN|u=-1)}+\log\frac{P(W|u=1)}{P(W|u=-1)}\\ \log\frac{P(A|u=1)}{P(A|u=-1)}+\log\frac{P(H|u=1)}{P(H|u=-1)}
  • \log\frac{P(PIN|u=1)}{P(PIN|u=-1)}+\log\frac{P(W|u=1)}{P(W|u=-1)}\\ \log\frac{P(A|u=1)}{P(A|u=-1)}+\log\frac{P(H|u=1)}{P(H|u=-1)}
  • CASA: Context Aware Scalable Authentication, at SOUPS 2013

    1. 1. CASA: Context-Aware Scalable Authentication Eiji Hayashi, Sauvik Das, Shahriyar Amini Jason Hong, Ian Oakery Human-Computer Interaction Institute Carnegie Mellon University
    2. 2. One Fits All? Devices require the same user authentication regardless of contexts
    3. 3. If Cost Too Much Stop using authentication system
    4. 4. A Few Could Fit All How can we choose security lock system for different situations? Do they provide better security and usability from users’ perspectives?
    5. 5. Context-Aware Scalable Authentication •Authenticate users using active factors and passive factors •Adjust an active factor based on passive factors •Quantitative way to choose an active factor
    6. 6. Prototype
    7. 7. Outline • Underlying Model • Feasibility Analysis (Field Study #1) • Prototype Evaluation (Field Study #2) • Security Analysis • Design Iteration (Field Study #3) • Conclusion
    8. 8. Outline • CASA Framework • Feasibility Analysis (Field Study #1) • Prototype Evaluation (Field Study #2) • Security Analysis • Design Iteration (Field Study #3) • Conclusion
    9. 9. CASA Framework
    10. 10. Combining Multiple Factors
    11. 11. Combining Multiple Factors The probability that a person is a legitimate user given a set of signals
    12. 12. Combining Multiple Factors The probability that a person is NOT a legitimate user given a set of signals
    13. 13. Combining Multiple Factors Weight that balances false positives and false negatives
    14. 14. Combining Multiple Factors Authenticate: A user is more likely to be a legitimate user
    15. 15. Combining Multiple Factors Reject: A user is less likely to be a legitimate user
    16. 16. Naive Bayes Model
    17. 17. Prototype Evaluation (Field Study #2)
    18. 18. Field Study #2 Test system that changes authentication schemes based on location
    19. 19. Choosing an Authentication Scheme Location Active Factor Home ? Workplace PIN Other Places ?
    20. 20. Naive Bayes Model
    21. 21. Compare Confidence Type PIN Be at workplace Type PIN Be at other place
    22. 22. Compare Confidence
    23. 23. Compare Confidence
    24. 24. Compare Confidence Type PIN Be at workplace Type Password Be at other place
    25. 25. Compare Confidence
    26. 26. Chosen Authentication Scheme Location Active Factor Home ? Workplace PIN Other Places Password
    27. 27. Two Conditions Location w/ PIN w/o PIN Home PIN None Workplace PIN None Other Places Password PIN
    28. 28. Screenshots
    29. 29. Field Study #2 • 32 participants • 18 to 40 years old (mean=24) • On their phones • For 2 weeks
    30. 30. Result: # of Activations Condition Home Workplace Other Places w/o PIN None 13.1 (1.4) None 2.5 (0.4) PIN 8.1 (1.1) w/ PIN PIN 24.5 (3.2) PIN 7.1 (1.0) Password 15.7 (2.0)
    31. 31. Result: # of Activations Condition Home Workplace Other Places w/o PIN 65.8% 34.2% w/ PIN 66.8% 33.2%
    32. 32. Result: User Feedback Condition Easy to understand Secure Prefer to use w/o PIN 5 4 3.5 w/ PIN 4 4 3
    33. 33. Quotes P3 said, “I don't normally use a security lock, but I would be much more inclined to use one if it didn't require constant unlocking.”
    34. 34. Quotes P5 said, “I like the system. It’s a great pain to type pin at home, because the nature of the phone, it goes to sleep quickly, then I have to type pin again, which is super annoying.”
    35. 35. Quotes P12 said, “Typing passwords to check text was annoying. I don't think I will use it.”
    36. 36. Appropriate Security Level Location Using PIN No Security Locks Home None Workplace Other Places PIN
    37. 37. Appropriate Security Level Location Using PIN No Security Locks Home PIN Workplace PIN Other Places PIN
    38. 38. Appropriate Security Level Location Using PIN No Security Locks Home PIN None Workplace PIN Other Places PIN
    39. 39. Appropriate Security Level Location Using PIN No Security Locks Home PIN None Workplace PIN None Other Places PIN None
    40. 40. Design Iteration (Field Study #3)
    41. 41. Design Iteration • Appropriate security level • Workplace is not as safe as home
    42. 42. Appropriate Security Level Location Active Factor Home None Workplace Other Places
    43. 43. Appropriate Security Level Location Active Factor Home None Workplace Other Places PIN
    44. 44. Workplace is not safe No Active Factor Be at Home No Active Factor Be at Workplace + +
    45. 45. Workplace is not safe No Active Factor Be at Home Type PIN Be at Workplace + +
    46. 46. Workplace is not safe No Active Factor Be at Home Using Computer Be at Workplace + +No Active Factor +
    47. 47. Active Factor Selection Location Active Factor Home None Workplace when using computers None Workplace when not using computers PIN Others PIN
    48. 48. Notification
    49. 49. Field Study #3 • 18 participants • 21 to 40 years old (mean=26.3) • On their phones and laptops • For 10 to 14 days
    50. 50. Result: At Workplace Grey: Computer not used Black: Computer used
    51. 51. Result: User Feedback Feature Easy to understand Useful Secure Prefer to use Location- based 5 4.5 4 4 Comp- based 4.5 4 3.5 3.5 Notification - 4 - 4
    52. 52. Quote • P17 said, “It is annoying to use security locks all the time, but whereas if I had such a system which requires pin only at unsecure places its usefulness adds more value when compared to the annoyance caused by it. So, I will definitely use it.”
    53. 53. Conclusion • Proposed a Naive Bayes framework to combine multiple factors to adjust active authentication schemes • The framework allowed us to choose active factor in a quantitative way • Field studies indicated that users preferred the proposed system
    54. 54. Backup
    55. 55. Feasibility Analysis (Field Study #1)
    56. 56. Location as a Signal • People have their own mobility patterns • Random people don’t have access to certain places
    57. 57. Field Study #1 • Where do people log in to their phones? • 32 participants • 7 to 140 days PlacePlace Mean Time [%]Mean Time [%] Mean Activation [%]Mean Activation [%] 1 (Home) 38.9 31.9 2 (Workplace) 18.7 28.9 Others 42.4 39.2
    58. 58. Security Analysis
    59. 59. Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert
    60. 60. Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert Strangers •CASA is as strong as PIN/password
    61. 61. Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert Family members, Friends, Co-workers •Trusted people •However, users trust co-workers less
    62. 62. Security Analysis Condition Knowledge about target users Uninformed Informed Technical expertise Novice Uninformed Novice Informed Novice Expert Uninformed Expert Informed Expert Dedicated attackers •Rare, but difficult to prevent •Detection rather than prevention
    63. 63. Adjusting Security Levels
    64. 64. Results: # of Activations Gray: w/ PIN Black: w/o PIN
    65. 65. Compare Confidence
    66. 66. Result: User Feedback Condition Easy to understand Secure Prefer to use w/o PIN 5 4 3.5 w/ PIN 4 4 3 3 4
    67. 67. Compare Confidence
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×