Threat Modeling
Cognitive security for personal devices
Proceedings of the 1st ACM workshop on Workshop on AISec
The Case for VM-Based Cloudlets in Mobile Computing
IEEE Pervasive Computing
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Implicit authentication for mobile devices
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition
IIH-MSP '10 Proceedings of the 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing
Using Fingerprint Authentication to Reduce System Security: An Empirical Study
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Applying problem-structuring methods to problems in computer security
Proceedings of the 2011 workshop on New security paradigms workshop
Progressive authentication: deciding when to authenticate on mobile phones
Security'12 Proceedings of the 21st USENIX conference on Security symposium
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
Hi-index | 0.00 |
Today's mobile devices are packed with sensors that are capable of gathering rich contextual information, such as location, wireless device signatures, ambient noise, and photographs. This paper exhorts the security community to re-design authentication mechanisms for users on mobile devices. Instead of relying on one simplistic, worst-case threat model, we should use contextual information to develop more nuanced models that assess the risk level of the user's current environment. This would allow us to decrease or eliminate the level of user interaction required to authenticate in some situations, improving usability without any effective impact on security. Ideally, authentication mechanisms will scale up or down to match users' own mental threat models of their environments. We sketch out several scenarios demonstrating how contextual information can be used to assess risks and adapt authentication mechanisms. This is a research-rich area, and we outline future research directions for developing and evaluating dynamic security mechanisms using contextual information.