Integrating Faces and Fingerprints for Personal Identification
IEEE Transactions on Pattern Analysis and Machine Intelligence
Communications of the ACM
Biometrics, Personal Identification in Networked Society: Personal Identification in Networked Society
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
User authentication through keystroke dynamics
ACM Transactions on Information and System Security (TISSEC)
Biometric Recognition: Security and Privacy Concerns
IEEE Security and Privacy
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
Cognitive security for personal devices
Proceedings of the 1st ACM workshop on Workshop on AISec
Can i borrow your phone?: understanding concerns when sharing mobile phones
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
xShare: supporting impromptu sharing of mobile phones
Proceedings of the 7th international conference on Mobile systems, applications, and services
Inferring Identity Using Accelerometers in Television Remote Controls
Pervasive '09 Proceedings of the 7th International Conference on Pervasive Computing
Calling the cloud: enabling mobile phones as interfaces to cloud applications
Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
Mobile user location-specific encryption (MULE): using your office as your password
Proceedings of the third ACM conference on Wireless network security
MAUI: making smartphones last longer with code offload
Proceedings of the 8th international conference on Mobile systems, applications, and services
Ensemble: cooperative proximity-based authentication
Proceedings of the 8th international conference on Mobile systems, applications, and services
Implicit authentication through learning user behavior
ISC'10 Proceedings of the 13th international conference on Information security
LittleRock: Enabling Energy-Efficient Continuous Sensing on Mobile Phones
IEEE Pervasive Computing
SpeakerSense: energy efficient unobtrusive speaker identification on mobile phones
Pervasive'11 Proceedings of the 9th international conference on Pervasive computing
One user, many hats; and, sometimes, no hat: towards a secure yet usable PDA
SP'04 Proceedings of the 12th international conference on Security Protocols
TreasurePhone: context-sensitive user data protection on mobile phones
Pervasive'10 Proceedings of the 8th international conference on Pervasive Computing
SP'11 Proceedings of the 19th international conference on Security Protocols
Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications
Proceedings of the Eighth Symposium on Usable Privacy and Security
Short paper: smartphones: not smart enough?
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Know your enemy: the risk of unauthorized access in smartphones by insiders
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Adaptive information-sharing for privacy-aware mobile social networks
Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
PIN skimmer: inferring PINs through the camera and microphone
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Deadbolt: locking down android disk encryption
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Extended PIN Authentication Scheme Allowing Multi-Touch Key Input
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
Towards application-centric implicit authentication on smartphones
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
Security and privacy for augmented reality systems
Communications of the ACM
Hi-index | 0.02 |
Mobile users are often faced with a trade-off between security and convenience. Either users do not use any security lock and risk compromising their data, or they use security locks but then have to inconveniently authenticate every time they use the device. Rather than exploring a new authentication scheme, we address the problem of deciding when to surface authentication and for which applications. We believe reducing the number of times a user is requested to authenticate lowers the barrier of entry for users who currently do not use any security. Progressive authentication, the approach we propose, combines multiple signals (biometric, continuity, possession) to determine a level of confidence in a user's authenticity. Based on this confidence level and the degree of protection the user has configured for his applications, the system determines whether access to them requires authentication. We built a prototype running on modern phones to demonstrate progressive authentication and used it in a lab study with nine users. Compared to the state-of-theart, the system is able to reduce the number of required authentications by 42% and still provide acceptable security guarantees, thus representing an attractive solution for users who do not use any security mechanism on their devices.