CASA: Context Aware Scalable Authentication, at SOUPS 2013
-
Upload
jason-hong -
Category
Technology
-
view
110 -
download
3
description
Transcript of CASA: Context Aware Scalable Authentication, at SOUPS 2013
![Page 1: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/1.jpg)
CASA: Context-Aware Scalable Authentication
Eiji Hayashi, Sauvik Das, Shahriyar Amini
Jason Hong, Ian Oakery
Human-Computer Interaction InstituteCarnegie Mellon University
Human-Computer Interaction InstituteCarnegie Mellon University
![Page 2: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/2.jpg)
One Fits All?
Devices require the same user authentication regardless of contexts
![Page 3: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/3.jpg)
If Cost Too Much
Stop using authentication system
![Page 4: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/4.jpg)
A Few Could Fit All
How can we choose security lock system for different situations?
Do they provide better security and usability from users’ perspectives?
![Page 5: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/5.jpg)
Context-Aware
Scalable Authentication
•Authenticate users using active factors and passive factors
•Adjust an active factor based on passive factors
•Quantitative way to choose an active factor
![Page 6: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/6.jpg)
Prototype
![Page 7: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/7.jpg)
Outline
• Underlying Model
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Analysis
• Design Iteration (Field Study #3)
• Conclusion
![Page 8: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/8.jpg)
Outline
• CASA Framework
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Analysis
• Design Iteration (Field Study #3)
• Conclusion
![Page 9: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/9.jpg)
CASA Framework
![Page 10: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/10.jpg)
Combining Multiple Factors
![Page 11: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/11.jpg)
Combining Multiple Factors
The probability that a person is a legitimate user given a set of signals
![Page 12: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/12.jpg)
Combining Multiple Factors
The probability that a person is NOT a legitimate user given a set of signals
![Page 13: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/13.jpg)
Combining Multiple Factors
Weight that balances false positives and false negatives
![Page 14: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/14.jpg)
Combining Multiple Factors
Authenticate: A user is more likely to be a legitimate user
![Page 15: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/15.jpg)
Combining Multiple Factors
Reject: A user is less likely to be a legitimate user
![Page 16: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/16.jpg)
Naive Bayes Model
![Page 17: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/17.jpg)
Prototype Evaluation(Field Study #2)
![Page 18: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/18.jpg)
Field Study #2
Test system that changes authentication schemes based on location
![Page 19: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/19.jpg)
Choosing an Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places ?
![Page 20: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/20.jpg)
Naive Bayes Model
![Page 21: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/21.jpg)
Compare Confidence
Type PIN Be at workplace
Type PIN Be at other place
![Page 22: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/22.jpg)
Compare Confidence
![Page 23: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/23.jpg)
Compare Confidence
![Page 24: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/24.jpg)
Compare Confidence
Type PIN Be at workplace
Type Password Be at other place
![Page 25: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/25.jpg)
Compare Confidence
![Page 26: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/26.jpg)
Chosen Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places Password
![Page 27: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/27.jpg)
Two Conditions
Location w/ PIN w/o PIN
Home PIN None
Workplace PIN None
Other Places Password PIN
![Page 28: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/28.jpg)
Screenshots
![Page 29: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/29.jpg)
Field Study #2
• 32 participants
• 18 to 40 years old (mean=24)
• On their phones
• For 2 weeks
![Page 30: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/30.jpg)
Result: # of Activations
Condition Home Workplace Other Places
w/o PINNone
13.1 (1.4)None
2.5 (0.4)PIN
8.1 (1.1)
w/ PINPIN
24.5 (3.2)PIN
7.1 (1.0)Password15.7 (2.0)
![Page 31: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/31.jpg)
Result: # of Activations
Condition Home Workplace Other Places
w/o PIN 65.8% 34.2%
w/ PIN 66.8% 33.2%
![Page 32: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/32.jpg)
Result: User Feedback
ConditionEasy to
understandSecure Prefer to use
w/o PIN 5 4 3.5
w/ PIN 4 4 3
![Page 33: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/33.jpg)
Quotes
P3 said, “I don't normally use a security lock, but I would be much more inclined to use one if it didn't require constant unlocking.”
![Page 34: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/34.jpg)
Quotes
P5 said, “I like the system. It’s a great pain to type pin at home, because the nature of the phone, it goes to sleep quickly, then I have to type pin again, which is super annoying.”
![Page 35: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/35.jpg)
Quotes
P12 said, “Typing passwords to check text was annoying. I don't think I will use it.”
![Page 36: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/36.jpg)
Appropriate Security Level
Location Using PIN No Security Locks
Home None
Workplace
Other Places PIN
![Page 37: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/37.jpg)
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN
Workplace PIN
Other Places PIN
![Page 38: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/38.jpg)
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN
Other Places PIN
![Page 39: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/39.jpg)
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN None
Other Places PIN None
![Page 40: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/40.jpg)
Design Iteration(Field Study #3)
![Page 41: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/41.jpg)
Design Iteration
• Appropriate security level
• Workplace is not as safe as home
![Page 42: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/42.jpg)
Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places
![Page 43: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/43.jpg)
Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places PIN
![Page 44: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/44.jpg)
Workplace is not safe
No Active Factor Be at Home
No Active Factor Be at Workplace
+
+
![Page 45: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/45.jpg)
Workplace is not safe
No Active Factor Be at Home
Type PIN Be at Workplace
+
+
![Page 46: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/46.jpg)
Workplace is not safe
No Active Factor Be at Home
Using Computer Be at Workplace
+
+No Active Factor +
![Page 47: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/47.jpg)
Active Factor Selection
Location Active Factor
Home None
Workplace when using computers None
Workplace when not using computers
PIN
Others PIN
![Page 48: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/48.jpg)
Notification
![Page 49: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/49.jpg)
Field Study #3
• 18 participants
• 21 to 40 years old (mean=26.3)
• On their phones and laptops
• For 10 to 14 days
![Page 50: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/50.jpg)
Result: At Workplace
Grey: Computer not usedBlack: Computer used
![Page 51: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/51.jpg)
Result: User Feedback
FeatureEasy to
understandUseful Secure
Prefer to use
Location-based
5 4.5 4 4
Comp-based
4.5 4 3.5 3.5
Notification - 4 - 4
![Page 52: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/52.jpg)
Quote
• P17 said, “It is annoying to use security locks all the time, but whereas if I had such a system which requires pin only at unsecure places its usefulness adds more value when compared to the annoyance caused by it. So, I will definitely use it.”
![Page 53: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/53.jpg)
Conclusion
• Proposed a Naive Bayes framework to combine multiple factors to adjust active authentication schemes
• The framework allowed us to choose active factor in a quantitative way
• Field studies indicated that users preferred the proposed system
![Page 54: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/54.jpg)
Backup
![Page 55: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/55.jpg)
Feasibility Analysis(Field Study #1)
![Page 56: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/56.jpg)
Location as a Signal
• People have their own mobility patterns
• Random people don’t have access to certain places
![Page 57: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/57.jpg)
Field Study #1
• Where do people log in to their phones?
• 32 participants
• 7 to 140 days
PlacePlace Mean Time [%]Mean Time [%] Mean Activation [%]Mean Activation [%]
1 (Home) 38.9 31.9
2 (Workplace) 18.7 28.9
Others 42.4 39.2
![Page 58: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/58.jpg)
Security Analysis
![Page 59: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/59.jpg)
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
![Page 60: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/60.jpg)
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Strangers•CASA is as strong as PIN/password
![Page 61: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/61.jpg)
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Family members, Friends, Co-workers•Trusted people•However, users trust co-workers less
![Page 62: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/62.jpg)
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Dedicated attackers•Rare, but difficult to prevent•Detection rather than prevention
![Page 63: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/63.jpg)
Adjusting Security Levels
![Page 64: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/64.jpg)
Results: # of Activations
Gray: w/ PINBlack: w/o PIN
![Page 65: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/65.jpg)
Compare Confidence
![Page 66: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/66.jpg)
Result: User Feedback
ConditionEasy to
understandSecure Prefer to use
w/o PIN 5 4 3.5
w/ PIN
4 4 3
3 4
![Page 67: CASA: Context Aware Scalable Authentication, at SOUPS 2013](https://reader033.fdocuments.us/reader033/viewer/2022051613/54c793c24a7959035f8b457a/html5/thumbnails/67.jpg)
Compare Confidence