We introduce context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication. Our core idea is to choose an appropriate form of active authentication (e.g., typing a PIN) based on the combination of multiple passive factors (e.g., a user’s current location) for authentication. We provide a probabilistic framework for dynamically selecting an active authentication scheme that satisfies a specified security requirement given passive factors. We also present the results of three user studies evaluating the feasibility and users’ receptiveness of our concept. Our results suggest that location data has good potential as a passive factor, and that users can reduce up to 68% of active authentications when using an implementation of CASA, compared to always using fixed active authentication. Furthermore, our participants, including those who do not using any security mechanisms on their phones, were very positive about CASA and amenable to using it on their phones.

1. CASA: Context-Aware
Scalable Authentication
Eiji Hayashi, Sauvik Das, Shahriyar Amini
Jason Hong, Ian Oakley
Human-Computer Interaction Institute
Carnegie Mellon University

2. One Fits All?
Devices require the same user
authentication regardless of contexts

3. If Cost Too Much
Stop using authentication system

4. A Few Could Fit All
How can we choose security lock
system for different situations?
Do they provide better security and
usability from users’ perspectives?

5. Context-Aware
Scalable Authentication
•Authenticate users using active factors
and passive factors
•Adjust an active factor based on
passive factors
•Quantitative way to choose an active
factor

6. Prototype

7. Outline
• Underlying Model
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Analysis
• Design Iteration (Field Study #3)
• Conclusion

8. Outline
• CASA Framework
• Feasibility Analysis (Field Study #1)
• Prototype Evaluation (Field Study #2)
• Security Analysis
• Design Iteration (Field Study #3)
• Conclusion

9. CASA Framework

10. Combining Multiple Factors

11. Combining Multiple Factors
The probability that a person is a
legitimate user given a set of signals

12. Combining Multiple Factors
The probability that a person is NOT a
legitimate user given a set of signals

13. Combining Multiple Factors
Weight that balances false positives
and false negatives

14. Combining Multiple Factors
Authenticate: A user is more likely to
be a legitimate user

15. Combining Multiple Factors
Reject: A user is less likely to be a
legitimate user

16. Naive Bayes Model

17. Prototype Evaluation
(Field Study #2)

18. Field Study #2
Test system that changes authentication
schemes based on location

19. Choosing an Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places ?

20. Naive Bayes Model

21. Compare Confidence
Type PIN Be at workplace
Type PIN Be at other place

22. Compare Confidence

23. Compare Confidence

24. Compare Confidence
Type PIN Be at workplace
Type Password Be at other place

25. Compare Confidence

26. Chosen Authentication Scheme
Location Active Factor
Home ?
Workplace PIN
Other Places Password

27. Two Conditions
Location w/ PIN w/o PIN
Home PIN None
Workplace PIN None
Other Places Password PIN

28. Screenshots

29. Field Study #2
• 32 participants
• 18 to 40 years old (mean=24)
• On their phones
• For 2 weeks

30. Result: # of Activations
Condition Home Workplace Other Places
w/o PIN None
13.1 (1.4)
None
2.5 (0.4)
PIN
8.1 (1.1)
w/ PIN PIN
24.5 (3.2)
PIN
7.1 (1.0)
Password
15.7 (2.0)

31. Result: # of Activations
Condition Home Workplace Other Places
w/o PIN 65.8% 34.2%
w/ PIN 66.8% 33.2%

32. Result: User Feedback
Condition Easy to
understand Secure Prefer to use
w/o PIN 5 4 3.5
w/ PIN 4 4 3

33. Quotes
P3 said, “I don't normally use a security
lock, but I would be much more inclined to
use one if it didn't require constant
unlocking.”

34. Quotes
P5 said, “I like the system. It’s a great pain
to type pin at home, because the nature of
the phone, it goes to sleep quickly, then I
have to type pin again, which is super
annoying.”

35. Quotes
P12 said, “Typing passwords to check text
was annoying. I don't think I will use it.”

36. Appropriate Security Level
Location Using PIN No Security Locks
Home None
Workplace
Other Places PIN

37. Appropriate Security Level
Location Using PIN No Security Locks
Home PIN
Workplace PIN
Other Places PIN

38. Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN
Other Places PIN

39. Appropriate Security Level
Location Using PIN No Security Locks
Home PIN None
Workplace PIN None
Other Places PIN None

40. Design Iteration
(Field Study #3)

41. Design Iteration
• Appropriate security level
• Workplace is not as safe as home

42. Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places

43. Appropriate Security Level
Location Active Factor
Home None
Workplace
Other Places PIN

44. Workplace is not safe
+
No Active Factor Be at Home
+
No Active Factor Be at Workplace

45. Workplace is not safe
+
No Active Factor Be at Home
+
Type PIN Be at Workplace

46. Workplace is not safe
+
No Active Factor Be at Home
No Active Factor + +
Using Computer Be at Workplace

47. Active Factor Selection
Location Active Factor
Home None
Workplace when using computers None
Workplace when not using computers PIN
Others PIN

48. Notification

49. Field Study #3
• 18 participants
• 21 to 40 years old (mean=26.3)
• On their phones and laptops
• For 10 to 14 days

50. Result: At Workplace
Grey: Computer not used
Black: Computer used

51. Result: User Feedback
Feature Easy to
understand Useful Secure Prefer to
use
Location-based
5 4.5 4 4
Comp-based
4.5 4 3.5 3.5
Notification - 4 - 4

52. Quote
• P17 said, “It is annoying to use security
locks all the time, but whereas if I had
such a system which requires pin only
at unsecure places its usefulness adds
more value when compared to the
annoyance caused by it. So, I will
definitely use it.”

53. Conclusion
• Proposed a Naive Bayes framework to
combine multiple factors to adjust active
authentication schemes
• The framework allowed us to choose
active factor in a quantitative way
• Field studies indicated that users
preferred the proposed system

54. Backup

55. Feasibility Analysis
(Field Study #1)

56. Location as a Signal
• People have their own mobility patterns
• Random people don’t have access to
certain places

57. Field Study #1
• Where do people log in to their phones?
• 32 participants
• 7 to 140 days
PPllaaccee MMeeaann TTiimmee [[%%]] MMeeaann AAccttiivvaattiioonn [[%%]]
1 (Home) 38.9 31.9
2 (Workplace) 18.7 28.9
Others 42.4 39.2

58. Security Analysis

59. Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert

60. Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Strangers
•CASA is as strong as PIN/password

61. Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Family members, Friends, Co-workers
•Trusted people
•However, users trust co-workers less

62. Security Analysis
Condition
Knowledge about target users
Uninformed Informed
Technical
expertise
Novice Uninformed Novice Informed Novice
Expert Uninformed Expert Informed Expert
Dedicated attackers
•Rare, but difficult to prevent
•Detection rather than prevention

63. Adjusting Security Levels

64. Results: # of Activations
Gray: w/ PIN
Black: w/o PIN

65. Compare Confidence

66. Result: User Feedback
Condition Easy to
understand Secure Prefer to use
w/o PIN 5 4 3.5
w/ PIN
4 4 3
3 4

67. Compare Confidence