Communications of the ACM
Typing Patterns: A Key to User Identification
IEEE Security and Privacy
Context sensitive access control
Proceedings of the tenth ACM symposium on Access control models and technologies
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
Password sharing: implications for security design based on social practice
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Risk-based access control systems built on fuzzy inferences
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Ensemble: cooperative proximity-based authentication
Proceedings of the 8th international conference on Mobile systems, applications, and services
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
Implicit authentication for mobile devices
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Bridging the gap between physical location and online social networks
Proceedings of the 12th ACM international conference on Ubiquitous computing
Of passwords and people: measuring the effect of password-composition policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A diary study of password usage in daily life
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Caché: caching location-enhanced content to improve user privacy
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Pervasive'11 Proceedings of the 9th international conference on Pervasive computing
TreasurePhone: context-sensitive user data protection on mobile phones
Pervasive'10 Proceedings of the 8th international conference on Pervasive Computing
SP 800-63-1. Electronic Authentication Guideline
SP 800-63-1. Electronic Authentication Guideline
Progressive authentication: deciding when to authenticate on mobile phones
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Short paper: smartphones: not smart enough?
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling
SOCIALCOM-PASSAT '12 Proceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
Exploring capturable everyday memory for autobiographical authentication
Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing
Towards application-centric implicit authentication on smartphones
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
Hi-index | 0.00 |
We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication (e.g., typing a PIN) based on the combination of multiple passive factors (e.g., a user's current location) for authentication. We provide a probabilistic framework for dynamically selecting an active authentication scheme that satisfies a specified security requirement given passive factors. We also present the results of three user studies evaluating the feasibility and users' receptiveness of our concept. Our results suggest that location data has good potential as a passive factor, and that users can reduce up to 68% of active authentications when using an implementation of CASA, compared to always using fixed active authentication. Furthermore, our participants, including those who do not using any security mechanisms on their phones, were very positive about CASA and amenable to using it on their phones.