Knock x Knock: The Design and Evaluation of a Unified Authentication Management System
•Download as PPTX, PDF•
0 likes•233 views
We introduce UniAuth, a set of mechanisms for streamlining authentication to devices and web services. With UniAuth, a user first authenticates himself to his UniAuth client, typically his smartphone or wearable device. His client can then authenticate to other services on his behalf. In this paper, we focus on exploring the user experiences with an early iPhone prototype called Knock x Knock. To manage a variety of accounts securely in a usable way, Knock x Knock incorporates features not supported in existing password managers, such as tiered and location-aware lock control, authentication to laptops via knocking, and storing credentials locally while working with laptops seamlessly. In two field studies, 19 participants used Knock x Knock for one to three weeks with their own devices and accounts. Our participants were highly positive about Knock x Knock, demonstrating the desirability of our approach. We also discuss interesting edge cases and design implications.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Knock x Knock: The Design and Evaluation of a Unified Authentication Management System
Similar to Knock x Knock: The Design and Evaluation of a Unified Authentication Management System (20)
Recently uploaded
Recently uploaded (20)
Knock x Knock: The Design and Evaluation of a Unified Authentication Management System
- 1. 1 Knock x Knock: The Design and Evaluation of a Unified Authentication System Eiji Hayashi Jason I. Hong Carnegie Mellon University
- 3. 3 Weakest Link • Passwords is the weakest link in most of the computer system 3
- 4. 4 Weakest Link • Passwords is the weakest link in most of the computer system 4 “Passwords are broken”
- 5. 5
- 6. 6 “every scheme does worse than passwords on deployability” [Bonneau 2012] Bonneau, J., Herley, C., Oorschot, P.C.V., and Stajano, F. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. IEEE, 553–567.
- 7. 7 IcebergAuthentication Scheme Create Accounts Generate Passwords Periodically Update Password Monitor Accounts Keep Account Information Updated Keep Many Accounts Revoke Accounts
- 9. 9
- 10. 10 Weakest Link • Passwords is the weakest link in most of the computer system 10 Password as Backend Addressing Management APIs for Automation
- 11. 11 Concept
- 12. 12
- 16. 16 Online Service Device IoT User Credentials Management Client Unified Authentication Framework
- 19. 19 Online Service Device IoT User Credentials Management Client User Experience (Knock x Knock)
- 20. 20 Knock x Knock Screenshots
- 21. 21 Knock x Knock Basic Features • Manage all credentials on iPhone • Password manager for online services • Knock to unlock Mac
- 22. 22 Knock to Unlock • Easy to detect • Nice semantic meaning
- 23. 23 Location-Aware Tiered Access Control Assign each credential to: Secure Standard Quick Balance usability and security based on location Eiji Hayashi et al. 2012. Goldilocks and the two mobile devices: going beyond all-or- nothing access to a device's applications. SOUPS. Eiji Hayashi et al. 2013. CASA: context-aware scalable authentication. SOUPS.
- 24. 24 Location-Aware Tiered Access Control Trusted Locations Other Locations Secure Need a master password Locked after one access Standard Need a master password Locked when leaving Need a master password Locked after 3 min Quick Automatically unlocked Locked when leaving Need a master password Locked after 3 min
- 25. 25 Location-Aware Tiered Access Control Trusted Locations Other Locations Secure Need a master password Locked after one access Standard Need a master password Locked when leaving Need a master password Locked after 3 min Quick Automatically unlocked Locked when leaving Need a master password Locked after 3 min
- 26. 26 Location-Aware Tiered Access Control Trusted Locations Other Locations Secure Need a master password Locked after one access Standard Need a master password Locked when leaving Need a master password Locked after 3 min Quick Automatically unlocked Locked when leaving Need a master password Locked after 3 min
- 27. 27 Location-Aware Tiered Access Control Trusted Locations Other Locations Secure Need a master password Locked after one access Standard Need a master password Locked when leaving Need a master password Locked after 3 min Quick Automatically unlocked Locked when leaving Need a master password Locked after 3 min
- 28. 28 Location-Aware Tiered Access Control Trusted Locations Other Locations Secure Need a master password Locked after one access Standard Need a master password Locked when leaving Need a master password Locked after 3 min Quick Automatically unlocked Locked when leaving Need a master password Locked after 3 min
- 29. 29 Knock x Knock UIMP features Examples: • Unlock doors / bike locks / lockers • Create an account automatically • Update password periodically • Reset all passwords by one click • Receive account activity notifications
- 30. 30 Knock x Knock Implementation UniAuth Client Online Service UIMP Master Password UniAuth Proxy BLE Computer Online Service Device Smartphone UIMPConventional Login Form
- 31. 31
- 32. 32
- 33. 33 Authenticated Online Service Master Password UniAuth Proxy Computer Online Service Device Smartphone User – Client Authentication
- 34. 34
- 35. 35 Authenticated Online Service UniAuth Proxy Computer Online Service Device Smartphone Client – Device Authentication
- 36. 36 Authenticated Online Service UniAuth Proxy Computer Online Service Device Smartphone Client – Device Authentication
- 37. 37
- 38. 38 Authenticated Online Service UniAuth Proxy Computer Online Service Device Smartphone Client – Service Authentication
- 39. 39 Authenticated Online Service UniAuth Proxy Computer Online Service Device Smartphone URL Open in a Browser Client – Service Authentication
- 40. 40 Authenticated Online Service UniAuth Proxy Computer Online Service Device Smartphone User ID & Pwd User ID & Pwd Client – Service Authentication
- 41. 41
- 42. 42
- 43. 43 Authenticated Online Service UniAuth Proxy Computer Online Service Device Smartphone Client De-Authentication
- 44. 44 Not Authenticated Online Service UniAuth Proxy Computer Online Service Device Smartphone Client De-Authentication
- 45. 45 Three-Week Field Study • First Session • Setup Knock x Knock on their devices • Add 5 existing accounts • Delete passwords for these from their tools • Try Knock x Knock for three weeks • Weekly phone interview • Second Session • Post interview
- 46. 46 Participants • 13 participants • 19 to 42 years old (mean: 27) • All of them except one use browser password auto-fill feature • One use KeePass • One use 1Password
- 47. 47 Knock x Knock Usage • 22 – 192 logins (mean:93.3, SD: 58.5) • Participants with small numbers of logins did not log out from their online accounts Authentication to websites Authentication to Mac
- 48. 48 Likert-Scale Eval (Security) 1: Very Negative and 5: Very Positive Storing Credentials in iPhone 1 2 3 4 5 Knocking Mac to Unlock Three Security Tiers Location-Awareness
- 49. 49 Likert-Scale Eval (Usability) 1: Very Negative and 5: Very Positive Storing Credentials in iPhone 1 2 3 4 5 Knocking Mac to Unlock Three Security Tiers Location-Awareness
- 50. 50 Proximity and Perceived Security
- 52. 52 Transition to Better Authentication
- 53. 53 Conclusion
- 55. 55 Online Service Device IoT User Knock x Knock User Experience Unified Authentication Framework
- 56. 56 Online Service Device IoT User Credentials Management Client Password as Backend Location-Aware + Tiered Perceived Security/Availability Smooth Transition to Better User Authentication Take Away
- 57. 57 Backup Slides
- 58. 58 UIMP • Unified Identity Management Protocol • RESTful APIs that streamlines credential management • Information APIs (e.g., password policy) • Account APIs • Authentication APIs • Notification APIs
- 59. 59 Example (Account Creation) URI /account Method POST Argument { “timestamp”: “2013/9/19 13:52:32 GMT”, “email”: “ehayashi@cs.cmu.edu”, “password”: “f1sd25ioFA!G” “name”: “Eiji Hayashi” } Return Value Success or Error Message
- 61. 61 Example (Account Creation) URI /account Method POST Argument { “timestamp”: “2013/9/19 13:52:32 GMT”, “email”: “ehayashi@cs.cmu.edu”, “password”: “f1sd25ioFA!G” “name”: “Eiji Hayashi” } Return Value Success or Error Message
- 62. 62 Example (Login) URI /authentication/login Method POST Argument { “timestamp”: “2013/9/19 13:52:32 GMT”, “email”: “ehayashi@cs.cmu.edu”, “password”: “f1sd25ioFA!G” } Return Value HTML code
- 63. 63 Example (Policy) URI /Information/Authentication_Policy Method GET Argument - Return Value Type (only support password in ver. 1.0) Length Lower case (true: allowed / false: not allowed) Upper case (true: allowed / false: not allowed) Numbers (true: allowed / false: not allowed) Special characters (true: allowed / false: not allowed) Minimum number of lower case letters Minimum number of upper case letters Minimum number of numbers Minimum number of special characters Update period
- 64. 64 FAQ
- 65. 65 Question: What if I lose my phone? Answer: Download backup from a server, decrypt it, restore account information, and reset all passwords
- 66. 66 Question: Can somebody eavesdrop? Answer: I assume communications are protected by HTTPS and appropriate encryption
- 67. 67 Question: How can we pair devices? Answer: I also assume that device paring is done in a secure manner
- 68. 68 Question: Can I use UniAuth on public computers? Answer: You can check your password in a UniAuth client (to be backward compatible with current practice)
- 69. 69 Research Contributions • Design and evaluation • UniAuth protocol • Probabilistic authentication framework (CASA) • Provide a building block for more natural human-computer interaction
- 70. 70 One More Lesson Improve authentication to a single service Make the authentications to multiple services easier
- 71. 71 One More Lesson Build a framework that makes multiple authentication easier Make the authentications to multiple services easier
- 72. 72 Question: What’s differences between UniAuth and OAuth, OpenID, or FIDO
- 73. 73 Question: What’s differences between UniAuth and OAuth, OpenID, or FIDO
- 74. 74 OAuth
- 75. 75 OAuth
- 76. 76 Research Contribution • Understanding account management practices (Interviews + Diary) • Context-Aware Scalable Authentication (Field + Interview) • Unified Identity Management Protocol (Expert Review) • UniAuth Client (Field)
- 77. 77 Future Works
- 78. 78 More Security Evaluation Knock x Knock • Device Theft • Insider attacks • Phishing attacks UIMP • Evaluation by security community
- 79. 79 Deployment • People really adopt Knock x Knock? • Service providers adopt UIMP?
- 80. 80 Replace passwords • Once enough users and service provider adopt UniAuth, we can replace passwords with minimal impact on user experience
- 82. 82 Conventional Way Online Service Device
- 83. 83 Conventional Way Online Service Device Password Management Tools
- 85. 85 Proposed Solution UniAuth Client Online Service Device Unified Identity Management Protocol
- 86. 86 Proposed Solution UniAuth Client Online Service Device Context Aware Scalable Authentication Unified Identity Management Protocol
- 87. 87 Proposed Solution UniAuth Client Online Service Device Context Aware Scalable Authentication Unified Identity Management ProtocolUnified Authentication Framework (UniAuth Framework)
- 88. 88 Half of applications have too much/too little access control Users using security lock After Unlocking Split Always Available [%]
- 89. 89 Half of applications have too much/too little access control After Unlocking Split Always Available [%] Too hard! Users using security lock OK
- 90. 90 None of Them Are Happy After Unlocking Split Always Available [%] Users using security lock Users NOT using security lock
- 91. 91 FIDO Bootstrapping • Service provider should support FIDO • Third parties should provide FIDO Servers • Users should adopt FIDO Clients
Editor's Notes
- User authentication a basis of current computer systems. We cannot imagine a life without emails, facebook, amazon, or twitter. These services are relying on user authentication. Virtually for all user authentication, we user usernames and passwords
- As the number of password increases, they are becoming unmanagable. Or to make it manageable, people adopt insecure practices. Such as using simple passwords, or reusing one password for multiple accounts.
- And there are people who claim passwords are broken.
- To address this problem, so many works have proposed ways to improve passwords and password alternatives. However, their adoptions are very limite
- In 2012 Bonneau did an exhaustive analysis of password alternatives, and concluded that.
- In these works, people focused on authentication scheme, how to login to websites. However there are so many task related to user authentication.
- These are account management. If this account management is easy, people would use long, secure, and unique passwords for their accounts So, essentially, we built a management layer without modifying existing password-based authentication. Then this system will be highly backward-compatible and addressed the deployability challenge. These address the existing challenges in password-based authentication.
- Finally, this system can address forthcoming problem too. We are envisioning Internet of Things, where so many physical objects are connected to network. In this setting, we need some sort of user identification or authentication to these objects. However, these objects do not have appropriate input capability for password-based authentication. We also addressed this challenge by providing an API set that allows authentication to physical devices in addition to automated account management.
- So our system uses password as backend, addresses management problem rather than trying to replace passwords, and provide API set for further improvements.
- Here is the basic idea.
- We let a client running on a smart device manage all credentials
- A user only needs to authenticate to the client. So, he has to mange one client instead of many passwords. For this authentication we can utilize sensors on the smart device to make it secure and usable.
- Then, this client authenticates to online services, devices, and IoT using M2M protocol. So it scales. Because the user does not have to memorize passwords, the client can use secure passwords.
- Finally, if we store many account information in one client, user authentication to this client should be usable and secure. So, I also propose to use Context-Aware Scalable Authentication as an authentication scheme for this. This scheme authenticate users based on information collected by passive sensors, such as GPS or accelerometers to adjust security level of the authentication system. And I call this entire framework as Unified Authentication Framework, UniAuth in short.
- Then, this client authenticates to online services, devices, and IoT using M2M protocol. So it scales. Because the user does not have to memorize passwords, the client can use secure passwords.
- Knock x Knock essentially work as a password manager. It stores all credential of iPhone, and send the credential to Mac seamlessly over BLE. One of the interesting feature in Knock x Knock is knock to unlock featue.
- In Knock x Knock, sers can physically knock their Mac to log into it. Our application running on the Mac detects the knocking using a microphone and SVM classifier. When it detect knocking, it request a login password to iPhone. If a user’s iPhone is nearby, it sends password back, and the application on the Mac generates fake key events to auto-fill the password and log into the mac. Knocking is very good as an indicator of login. It’s easy to detect using microphone or accelerometer. Also, it has a nice semantic meaning since we tends to knock something when start using it. This can be expanded to authentication to other physical devices and/or IoT.
- One of the novel features is location-aware tiered access control. Uses can assign each credential to one of the three tiers: secure, standard, and quick. Then, the system locks and unlocks these tiers separately using location information and a master password. To login to an account stored in a tier, the tier should be unlocked state.
- This table shows how we balance security and usability differently in each tier.
- This table shows how we balance security and usability differently in each tier.
- This table shows how we balance security and usability differently in each tier.
- This table shows how we balance security and usability differently in each tier.
- This table shows how we balance security and usability differently in each tier.
- Knock x Knock can also provide additional features if server-side supports UIMP. However no service supports UIMP now. So we evaluated these features using paper prototypes. Because time constrain, I cannot talk about details. But essentially participants were really positive about these features.
- This graph shows the frequency of user authentication via Knock x Knock. Each bar represents a participant. Y-axis represents total number of authentication during three weeks. The white parts denote authentication to online services. The gray parts denote authentication to Mac.
- Here is a result of Likert-scale evaluation by participants. Here 1 denotes very negative and 5 denotes very positive. In this box plot, red lines denotes medians, box represents 25 percentile to 75 parcentile, whiskers represent range except out layers, and red plus represent out-layers. In general, our participants were positive about security of Knock x Knock in terms of these four aspects.
- Here is the same analysis on usability of the system . Again, our participants were very positive. Now, just saying, our participants liked our system, is not that interesting. It’s more insightful why they liked it.
- The first qualitative finding is that proximity affected perceived security significantly. Many people said that because passwords are stored in iPhones which were close to them they felt it was secure compared to storing them in computers or cloud, which are not as close as iPhone. I do agree that perceived security is different from real security. But it’s also true that people make decision of whether they use a system or not based on their perceived security. Thus it’s important to design a system with high perceived security to facilitate adoption.
- Another reason is related to the availability. When users try a new system, they don’t know how reliable the system is. This negatively affect adoption of the system. In knock x Knock, users can see their passwords by typing their master passwords on their iPhone. So, as long as they have iPhones, thier batteries are charged, and they remember their passwords, they can log into their account by typing the password manually. Our participants had enough experience to estimate baseline availability is predictable. Many participants commented on this when describing why they liked Knock x Knock.
- Finally, Knock x Knock provide a smooth transition to better authentication. This is what we think very good rather than our participants mentioned in the interview. Our results demonstrated that our participants liked Knock x Knock. So, when we release the app, we can expect reasonable adoption. This is the first step. Then, after reasonable adoption of Knock x Knock, now, service providers have incentive to adopt UIMP, because people are already using UIMP compatible applications. This is the second step. Finally, after service provider adopt UIMP, we can replace password-based authenticaiton with more secure one such as asymetirc crypto without affecting user experience. Because, at this point, users are not touching passwords at all, changing it does not affect user experience. At this step, we can finally get rid of passwords.
- Then, this client authenticates to online services, devices, and IoT using M2M protocol. So it scales. Because the user does not have to memorize passwords, the client can use secure passwords.
- Finally, if we store many account information in one client, user authentication to this client should be usable and secure. So, I also propose to use Context-Aware Scalable Authentication as an authentication scheme for this. This scheme authenticate users based on information collected by passive sensors, such as GPS or accelerometers to adjust security level of the authentication system. And I call this entire framework as Unified Authentication Framework, UniAuth in short.
- Before describing the details of the proposed solution, let me
- UIMP is the name of the M2M protocol. It is designed as RESTful APIs that streamlines not only authentication but also credential management. The protocol consists of four sets of APIs. Because of time constrain I will give just a few examples here. For full specification, please refer my dissertation document.
- Here is account creation API. This is very close to what we are doing using a HTML form.
- This example is for twitter. But if a user want to create an account at amazon, amazon would need more information about the user and the API will send more information about the user.
- Here is a login API. Again this is a direct translation of a HTML form. I chose direct translation to minimize server side modification. Server side already has a code to handle inputs from HTML forms. So if the API pass the same data, sever side can reuse the same code to handle it.
- In addition to replacing existing interaction, UIMP also provides natural transition to make current user authentication better. Here is an example. This API essentially make password composition policy machine readable. Making it machine readable already have some benefit. Existing password managers have password generation features, but generating password that comply with various policies is challenging. This API make it simple.
- details ----- Meeting Notes (7/16/13 13:05) ----- framework ->protocol
- Now, let me talk about an overview of UniAuth framework
- In a conventional way, users are managing all account information such as user IDs and passwords
- They may use variety of tools that support password management, such as sticky notes, auto fill features in web browsers, or password management applications. However, still, users have to deal with accounts by themselves in many situations, such as password update, account creation, updating account information. Because of this, when the number of services and devices increases, the users’ workload increases too.
- I propose putting one client between the services and users, and let the client manage all account information.
- Furthermore, to allow the client communicate with services and devices smoothly, I define a protocol, which is a set of APIs. Using the protocol, the client can not only manage authentication, but also other tasks related to account management, such as creating account, updating passwords, monitoring the account activities.
- Finally, if we store many account information in one client, user authentication to this client should be usable and secure. So, I also propose to use Context-Aware Scalable Authentication as an authentication scheme for this. This scheme authenticate users based on information collected by passive sensors, such as GPS or accelerometers to adjust security level of the authentication system. And I call this entire framework as Unified Authentication Framework, UniAuth in short.
- Finally, if we store many account information in one client, user authentication to this client should be usable and secure. So, I also propose to use Context-Aware Scalable Authentication as an authentication scheme for this. This scheme authenticate users based on information collected by passive sensors, such as GPS or accelerometers to adjust security level of the authentication system. And I call this entire framework as Unified Authentication Framework, UniAuth in short.
- Now let’s look at how each participants categorized applications. This graph shows the categorization on phones by participants using security locks. The red parts denote the application in the available only after unlocking, the green parts shows the split category, and the blue parts denote the applications in always available.
- Because those participants used security locks on their phones. They were happy about the red parts. The applications were protected when the devices were locked. But, they were not happy about the blue parts. They wanted these application to be available even when the devices were locked. However, they had to unlock the devices to use these applications.
- Too soft!