Hans Joachim Jelena Mirkovic Ivica Milanovic Øyvind Bakkeli

Similar documents
Report Course name ABSTRACT. Research and reporting. Survey Report. Nguyen Ngoc Long. Ann Viitala. Adesh Chymariya. Shu Sheng 5/2/2010.

Intruders, Human Identification and Authentication, Web Authentication

CS 528 Mobile and Ubiquitous Computing Lecture 11b: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu

2013 NATIONAL ONLINE SAFETY STUDY

Fingerprint Authentication for SIS-based Healthcare Systems

Usability Report for Online Writing Portfolio

US 2013 Consumer Data Privacy Study Mobile Edition

AUTHENTICATION IN THE AGE OF ELECTRONIC TRANSACTIONS

RocReadaR a System for Collaborative Transmedia Publishing

Welcome! Copyright 2017 MAC. All Rights Reserved.

BIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal

Now there is: Asignio web-based signature authentication.

Multi-Factor Authentication: Security or Snake Oil? Steven Myers Rachna Dhamija Jeffrey Friedberg

Usable Security Introduction to User Authentication and Human Interaction Proof Research

Private Browsing: an Inquiry on Usability and Privacy Protection

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

Fingerprint Authentication Guide

Humanistic Multi-Factor Authentication (MFA) Why We Don't Use MFA

PNC.com, Weather.com & SouthWest.com. Usability Analysis. Tyler A. Steinke May 8, 2014 IMS 413

Hardening Fingerprint Authentication Systems Using Intel s SGX Enclave Technology. Interim Progress Report

A STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT

Pro s and con s Why pins # s, passwords, smart cards and tokens fail

Safelayer's Adaptive Authentication: Increased security through context information

Identity Management. Rolf Blom Ericsson Research

Technology Basics and Social Networking Presented by Gina Lobdell Graduate Student at Purdue University

INCOGNITO TOOLKIT: TOOLS, APPS, AND CREATIVE METHODS FOR REMAINING ANONYMOUS, PRIVATE, AND SECURE WHILE COMMUNICATING, PUBLISHING, BUYING,

Define information security Define security as process, not point product.

Foundation Level Syllabus Usability Tester Sample Exam

Signer Authentication

Sumy State University Department of Computer Science

Opening Smart T.V to third-party apps, user perspectives Himanandini Mohanty Faculty sponsor: Fadi Mohsen, University of Michigan-Flint

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

TRAINING MATERIAL. An introduction to SONET-BULL Platform for members. HOME PAGE

Integration of Handwriting Recognition in Butterfly Net

THE ROLE OF ADVANCED AUTHENTICATION IN CYBERSECURITY FOR CREDIT UNIONS AND BANKS

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

Using Mobile Devices for Campus Orientation with QR-Codes. Group 11 Jake, Jarrod, Aaron, Tevita

Duo End User Education Templates

In this unit we are continuing our discussion of IT security measures.

How to Build a Culture of Security

esign an ser mterrace Evaluation TheOpen University DEBBIE STONE The Open University, UK CAROLINE JARRETT Effortmark Limited

Chapter 12. Information Security Management

Q&A NemID code app. Q&A NemID code app. The Q&A is divided into four sections:

Introduction C H A P T E R1. Exercises

BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN

Augmented Reality Face Recognition For Mobile Devices

How Next Generation Trusted Identities Can Help Transform Your Business

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Passwords. EJ Jung. slide 1

BCS THE CHARTERED INSTITUTE FOR IT. BCS HIGHER EDUCATION QUALIFICATIONS BCS Level 5 Diploma in IT. March 2017 PRINCIPLES OF USER INTERFACE DESIGN

Setting Usability Requirements For A Web Site Containing A Form Sarah Allen Miller and Caroline Jarrett

IAM Problems with managing identities and access of University Guests

New Tools and Tactics from Technology Service. Wayne Gilroy Ross Eaton Tom Janicki Ed Knudsen

Course Outline. Department of Computing Science Faculty of Science. COMP 3450 Human Computer Interaction Design (3,1,0) Fall 2015

Markus Jakobsson Elaine Shi Philippe Golle Richard Chow (Palo Alto Research Center) Thanks to Yuan Niu (UC Davis)

Privacy Policy GENERAL

Evaluating Three Scrutability and Three Privacy User Privileges for a Scrutable User Modelling Infrastructure

Compu&ng Services Strengthening Authen&ca&on. October 2016

Treasury Services Group Number Treasury Management Officer

FAQ: Privacy, Security, and Data Protection at Libraries

INTERNET SAFETY IS IMPORTANT

Access Control Biometrics User Guide

MOBILE COMPUTING 2/14/17. System Structure. Context as Implicit Input. explicit input. explicit output. explicit input.

Using Biometric Authentication to Elevate Enterprise Security

Lecture 3 - Passwords and Authentication

Keystroke Dynamics: Low Impact Biometric Verification

Prof. Christos Xenakis

The security challenge in a mobile world

Chapter 2: Access Control and Site Security. Access Control. Access Control. ACIS 5584 E-Commerce Security Dr. France Belanger.

Mobile security: Tips and tricks for securing your iphone, Android and other mobile devices

Prof. Christos Xenakis

Biometric Offender Movement

Identification and Authentication

design john barr cs205 advanced web programming barr")"cs205"

Defenses against Large Scale Online Password Guessing by Using Persuasive Cued Click Points

Authentication KAMI VANIEA 1

Authentication Methods

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Security and Privacy. Security or Privacy? Computer Security

lifeid Foundation FAQ v.1

PayThankYou LLC Privacy Policy

Survey Guide: Businesses Should Begin Preparing for the Death of the Password

ANATOMY OF AN ATTACK!

Yes. [No Response] General Questions

INFORMATION SECURITY MANAGEMENT SYSTEMS CERTIFICATION RESEARCH IN THE ROMANIAN ORGANIZATIONS

Gold finger: Fingerprints lead biometric authentication

PSD2 webinar session - Q&A

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington

Guide to a Perfect Event Communication Plan - Professional event management

BOCHK Mobile Token FAQ

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

By Richard Boire March A Practioner s Viewpoint on Data Mining & Privacy Part 2

Lecture 3 - Passwords and Authentication

iaide Mid-term report Moquan Chen & Stian Kilaas

PSD2 Compliance - Q&A

Integrated Access Management Solutions. Access Televentures

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Transcription:

Hans Joachim Jelena Mirkovic Ivica Milanovic Øyvind Bakkeli

Introduction Research questions: What are most common and accepted authentication methods for mobile services? What are differences, opportunities and challenges concerning user authentication for mobile service compared with traditional stationary computers? How do people accept them and what are their opinions regarding security on mobile device? Evaluation of security / usability / privacy trade-offs for different authentication mechanisms.

Methods Research on what is already developed and available in the area of user authentication for mobile and stationary services Web browsing Research databases (IEEE, ACM, Elsevier) Literature Getting know the users Questionnaire Prototype Interview with users

Authentication methods Classification in four groups: Something that user knows Something that user has Something that user is Location based

Authentication methods Something that user knows PIN/passwords Usability good, but security depends on users Password management problem

Authentication methods Something that user has Tokes can be One Time Password generator devices, password cards, messages Appropriate for mobile devices, because mobile phone can be used both as terminal for providing service and token

Authentication methods Something that user is centers around authentication based on that person's unique traits Fingerprint readers, face recognitions, iris scanning, Good and bad solutions

Authentication methods Location based Not used so much today Usage of services limited only to some area, or location can be used to determine the level of authentication one need

Questionnaire We want to determine what users would expect and tolerate to protect their personal information Hard copies and in online version Only stipulation is the respondents should be current or previous users of mobile handsets.

Questionnaire Duration: three weeks 73 respondent Majority of people between 18 and 35 years old with higher education

Questionnaire results

Questionnaire results

Questionnaire results

Questionnaire results More results in the report Additionaly we presented some interesting results from user groups with different age and gender We wanted to demonstrate how responses differ for different user groups and that it is very important to get acquainted with needs of right potential user group when developing a mobile service

Interviews Supplement to the questionnaire More qualitative feedback from the users Use of prototype that simulates authentication methods (passwords, tokens, fingerprint and location based)

Interview subjects 8 subjects Between 18 and 30 Mix of students and employee From general to advanced knowledge level regarding mobile devices

Prototype

Experiences from the interviews Interviews are timeconsuming One can get a better impression than the questionnaire, and investigate the why's. The prototype helped people to relate to the methods, but it were a bit rough so we used it mostly as a visual aid. Qualitative interviews are a powerful tool, but not always easy to master. Could have had more structure

Interview results Passwords Subjects do not differentiate between passwords used on mobile or stationary devices, despite reduced usability. Most subjects find the passwords used on mobile devices secure enough Tokens Perceived as secure and easy to use. Some subjects were skeptical regarding integrated token generators in phones.

Interview results Biometrics Most subjects are conscious about the risk of data loss. Fingerprint authentication has higher acceptance than other biometrical methods - subjects had experience or some previous knowledge about them Many considered some forms of biometrics (iris scanning for instance) as a method that got too intimate

Interview results Authentication and services Subjects are aware of the security level needed for the different services. Subjects do not expect the same security measures on services like net-banking as on social services (like facebook)

Our findings We tried to utilize information that we gathered from questionnaire and interviews and give answers to research questions that we set on the beginning of the project

What are most common and accepted authentication methods for mobile services? Passwords mostly used Reasons: medium/high usability, familiarity from the users, familiarity for service providers, technical simplicity Services using tokens perceived as more important Token as independent device vs. token integrated with mobile device Of biometrics authentication methods fingerprint most accepted Location based authentication still in the phase of research

How do people accept them and what are their opinions regarding security on mobile device? Satisfied with current methods, and trust service provider to ensure enough level of security More worried about their private data and how it is stored on a mobile device, then on private data delivered through mobile services Users expect a certain level of security from mobile services and they are positive to a higher level of security for mobile services

What are differences, opportunities and challenges concerning user authentication for mobile services compared with traditional stationary computers? Limitation of mobile devices - battery, processing power, display Stationary devices used for services that are more complex and require better overview Mobility enables new services Mobile devices easily get lost or stolen

Evaluation of the security / usability / privacy trade offs for different authentication mechanisms

Summary Many approaches for user authentication today Only couple of approaches accepted in everyday use, and others has more or less potential Main obstacles of their wide deployments: limited capabilities of mobile devices user perception usability of mobile services

Thoughts for improvements Research background User group Prototype Narrow down the focus on some parts of the questionnaire Better connection between questionnaire to interview Better planning

Questions and comments

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback