Abstract
Today's mobile devices are packed with sensors that are capable of gathering rich contextual information, such as location, wireless device signatures, ambient noise, and photographs. This paper exhorts the security community to re-design authentication mechanisms for users on mobile devices. Instead of relying on one simplistic, worst-case threat model, we should use contextual information to develop more nuanced models that assess the risk level of the user's current environment. This would allow us to decrease or eliminate the level of user interaction required to authenticate in some situations, improving usability without any effective impact on security. Ideally, authentication mechanisms will scale up or down to match users' own mental threat models of their environments. We sketch out several scenarios demonstrating how contextual information can be used to assess risks and adapt authentication mechanisms. This is a research-rich area, and we outline future research directions for developing and evaluating dynamic security mechanisms using contextual information.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
