CASA: Context-Aware Scalable Authentication, at SOUPS 2013
67
CASA: Context-Aware Scalable Authentication Eiji Hayashi, Sauvik Das, Shahriyar Amini Jason Hong, Ian Oakley Human-Computer Interaction Institute Carnegie Mellon University
-
Upload
jason-hong -
Category
Technology
-
view
83 -
download
3
description
We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication (e.g., typing a PIN) based on the combination of multiple passive factors (e.g., a user’s current location) for authentication. We provide a probabilistic framework for dynamically selecting an active authentication scheme that satisfies a specified security requirement given passive factors. We also present the results of three user studies evaluating the feasibility and users’ receptiveness of our concept. Our results suggest that location data has good potential as a passive factor, and that users can reduce up to 68% of active authentications when using an implementation of CASA, compared to always using fixed active authentication. Furthermore, our participants, including those who do not using any security mechanisms on their phones, were very positive about CASA and amenable to using it on their phones.
Transcript of CASA: Context-Aware Scalable Authentication, at SOUPS 2013
CASA: Context-Aware Scalable Authentication
Eiji Hayashi, Sauvik Das, Shahriyar Amini
Jason Hong, Ian Oakley
Human-Computer Interaction InstituteCarnegie Mellon University
Human-Computer Interaction InstituteCarnegie Mellon University
One Fits All?
Devices require the same user authentication regardless of contexts
If Cost Too Much
Stop using authentication system
A Few Could Fit All
How can we choose security lock system for different situations?
Do they provide better security and usability from users’ perspectives?
Context-Aware
Scalable Authentication
•Authenticate users using active factors and passive factors
•Adjust an active factor based on passive factors
•Quantitative way to choose an active factor
Prototype
Outline
• Underlying Model
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Analysis
• Design Iteration (Field Study #3)
• Conclusion
Outline
• CASA Framework
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Analysis
• Design Iteration (Field Study #3)
• Conclusion
CASA Framework
Combining Multiple Factors
Combining Multiple Factors
The probability that a person is a legitimate user given a set of signals
Combining Multiple Factors
The probability that a person is NOT a legitimate user given a set of signals
Combining Multiple Factors
Weight that balances false positives and false negatives
Combining Multiple Factors
Authenticate: A user is more likely to be a legitimate user
Combining Multiple Factors
Reject: A user is less likely to be a legitimate user
Naive Bayes Model
Prototype Evaluation(Field Study #2)
Field Study #2
Test system that changes authentication schemes based on location
Choosing an Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places ?
Naive Bayes Model
Compare Confidence
Type PIN Be at workplace
Type PIN Be at other place
Compare Confidence
Compare Confidence
Compare Confidence
Type PIN Be at workplace
Type Password Be at other place
Compare Confidence
Chosen Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places Password
Two Conditions
Location w/ PIN w/o PIN
Home PIN None
Workplace PIN None
Other Places Password PIN
Screenshots
Field Study #2
• 32 participants
• 18 to 40 years old (mean=24)
• On their phones
• For 2 weeks
Result: # of Activations
Condition Home Workplace Other Places
w/o PINNone
13.1 (1.4)None
2.5 (0.4)PIN
8.1 (1.1)
w/ PINPIN
24.5 (3.2)PIN
7.1 (1.0)Password15.7 (2.0)
Result: # of Activations
Condition Home Workplace Other Places
w/o PIN 65.8% 34.2%
w/ PIN 66.8% 33.2%
Result: User Feedback
ConditionEasy to
understandSecure Prefer to use
w/o PIN 5 4 3.5
w/ PIN 4 4 3
Quotes
P3 said, “I don't normally use a security lock, but I would be much more inclined to use one if it didn't require constant unlocking.”
Quotes
P5 said, “I like the system. It’s a great pain to type pin at home, because the nature of the phone, it goes to sleep quickly, then I have to type pin again, which is super annoying.”
Quotes
P12 said, “Typing passwords to check text was annoying. I don't think I will use it.”
Appropriate Security Level
Location Using PIN No Security Locks
Home None
Workplace
Other Places PIN
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN
Workplace PIN
Other Places PIN
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN
Other Places PIN
Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN None
Other Places PIN None
Design Iteration(Field Study #3)
Design Iteration
• Appropriate security level
• Workplace is not as safe as home
Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places
Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places PIN
Workplace is not safe
No Active Factor Be at Home
No Active Factor Be at Workplace
+
+
Workplace is not safe
No Active Factor Be at Home
Type PIN Be at Workplace
+
+
Workplace is not safe
No Active Factor Be at Home
Using Computer Be at Workplace
+
+No Active Factor +
Active Factor Selection
Location Active Factor
Home None
Workplace when using computers None
Workplace when not using computers PIN
Others PIN
Notification
Field Study #3
• 18 participants
• 21 to 40 years old (mean=26.3)
• On their phones and laptops
• For 10 to 14 days
Result: At Workplace
Grey: Computer not usedBlack: Computer used
Result: User Feedback
FeatureEasy to
understandUseful Secure
Prefer to use
Location-based
5 4.5 4 4
Comp-based
4.5 4 3.5 3.5
Notification - 4 - 4
Quote
• P17 said, “It is annoying to use security locks all the time, but whereas if I had such a system which requires pin only at unsecure places its usefulness adds more value when compared to the annoyance caused by it. So, I will definitely use it.”
Conclusion
• Proposed a Naive Bayes framework to combine multiple factors to adjust active authentication schemes
• The framework allowed us to choose active factor in a quantitative way
• Field studies indicated that users preferred the proposed system
Backup
Feasibility Analysis(Field Study #1)
Location as a Signal
• People have their own mobility patterns
• Random people don’t have access to certain places
Field Study #1
• Where do people log in to their phones?
• 32 participants
• 7 to 140 days
PlacePlace Mean Time [%]Mean Time [%] Mean Activation [%]Mean Activation [%]
1 (Home) 38.9 31.9
2 (Workplace) 18.7 28.9
Others 42.4 39.2
Security Analysis
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Strangers•CASA is as strong as PIN/password
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Family members, Friends, Co-workers•Trusted people•However, users trust co-workers less
Security Analysis
ConditionKnowledge about target users
Uninformed Informed
Technical expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Dedicated attackers•Rare, but difficult to prevent•Detection rather than prevention
Adjusting Security Levels
Results: # of Activations
Gray: w/ PINBlack: w/o PIN
Compare Confidence
Result: User Feedback
ConditionEasy to
understandSecure Prefer to use
w/o PIN 5 4 3.5
w/ PIN
4 4 3
3 4
Compare Confidence
