Short paper: smartphones: not smart enough?

Authors:
Ian Timothy Fischer;Cynthia Kuo;Ling Huang;Mario Frank
Affiliations:
University of California, Berkeley, Berkeley, CA, USA;Nokia Research Center, Palo Alto, CA, USA;Intel Labs, Berkeley, CA, USA;University of California, Berkeley, Berkeley, CA, USA
Venue:
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Year:
2012

Citing 9
Cited 1

Threat Modeling

Threat Modeling
Cognitive security for personal devices

Proceedings of the 1st ACM workshop on Workshop on AISec
The Case for VM-Based Cloudlets in Mobile Computing

IEEE Pervasive Computing
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Implicit authentication for mobile devices

HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition

IIH-MSP '10 Proceedings of the 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing
Using Fingerprint Authentication to Reduce System Security: An Empirical Study

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Applying problem-structuring methods to problems in computer security

Proceedings of the 2011 workshop on New security paradigms workshop
Progressive authentication: deciding when to authenticate on mobile phones

Security'12 Proceedings of the 21st USENIX conference on Security symposium

CASA: context-aware scalable authentication

Proceedings of the Ninth Symposium on Usable Privacy and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Today's mobile devices are packed with sensors that are capable of gathering rich contextual information, such as location, wireless device signatures, ambient noise, and photographs. This paper exhorts the security community to re-design authentication mechanisms for users on mobile devices. Instead of relying on one simplistic, worst-case threat model, we should use contextual information to develop more nuanced models that assess the risk level of the user's current environment. This would allow us to decrease or eliminate the level of user interaction required to authenticate in some situations, improving usability without any effective impact on security. Ideally, authentication mechanisms will scale up or down to match users' own mental threat models of their environments. We sketch out several scenarios demonstrating how contextual information can be used to assess risks and adapt authentication mechanisms. This is a research-rich area, and we outline future research directions for developing and evaluating dynamic security mechanisms using contextual information.