Progressive Authentication: Deciding When to Authenticate on Mobile Phones
Date: August 2012
Publication: Proceedings of the 21st USENIX Conference on Security Symposium, Security '12
Source 1: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final154.pdf
Source 2: http://research.microsoft.com/pubs/168102/pa.pdf
Abstract or Summary:
Mobile users are often faced with a trade-off between security and convenience. Either users do not use any security lock and risk compromising their data, or they use security locks but then have to inconveniently authenticate every time they use the device. Rather than exploring a new authentication scheme, we address the problem of deciding when to surface authentication and for which applications. We believe reducing the number of times a user is requested to authenticate lowers the barrier of entry for users who currently do not use any security. Progressive authentication, the approach we propose, combines multiple signals (biometric, continuity, possession) to determine a level of confidence in a userís authenticity. Based on this confidence level and the degree of protection the user has configured for his applications, the system determines whether access to them requires authentication. We built a prototype running on modern phones to demonstrate progressive authentication and used it in a lab study with nine users. Compared to the state-of-the-art, the system is able to reduce the number of required authentications by 42% and still provide acceptable security guarantees, thus representing an attractive solution for users who do not use any security mechanism on their devices.
PasswordResearch.com Note: Presentation video and audio: https://www.usenix.org/conference/usenixsecurity12/progressive-authentication-deciding-when-authenticate-mobile-phones
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.