EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Forensic computing: a practitioner's guide
Forensic computing: a practitioner's guide
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Will your digital butlers betray you?
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
IEEE Transactions on Circuits and Systems for Video Technology
Can i borrow your phone?: understanding concerns when sharing mobile phones
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A context-sensitive security model for privacy protection on mobile phones
Proceedings of the 11th International Conference on Human-Computer Interaction with Mobile Devices and Services
Proceedings of the 13th international conference on Security protocols
Proceedings of the 13th international conference on Security protocols
TreasurePhone: context-sensitive user data protection on mobile phones
Pervasive'10 Proceedings of the 8th international conference on Pervasive Computing
Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications
Proceedings of the Eighth Symposium on Usable Privacy and Security
Progressive authentication: deciding when to authenticate on mobile phones
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Too much information!: user attitudes towards smartphone sharing
Proceedings of the 7th Nordic Conference on Human-Computer Interaction: Making Sense Through Design
Hi-index | 0.00 |
How can we design a PDA that is at the same time secure and usable? In current implementations the two properties are mutually exclusive. Because normal users find password entry inconvenient, the balance usually shifts away from security, leaving the PDA vulnerable if lost or stolen. We begin by envisaging what an ideal PDA authentication mechanism might look like and by carefully examining alternatives to passwords such as tokens and biometrics. We then expose another aspect of the security vs. usability problem. In many cases, when we turn on our PDA, we only access functionality (dictionary, calculator, web browser...) that requires no access to private data stored in the machine; why, then, should we pay the usability penalty of authentication in such cases? Moreover, we may want to grant another person temporary access to such “harmless” functionality, but without being forced to grant them unrestricted access to the whole machine. To solve this problem we describe a system in which we may assign more than one “hat” to the owner of this single-user device, with each hat having specific privileges. The machine supports concurrent graphical logins for several hats and a convenient mechanism to switch between them. There is also provision for a userid associated with “no hat”, to which one can switch without the need for authentication, and which can access all the harmless functionality. This scheme turns out to be applicable and useful well beyond the limited realm of PDAs.