New approach to authentication - considering background and untrusted devices when taking the authentication decision
Abstract
IT usage today is typified by users that use multiple devices, including smartphones,desktop PCs, laptops, tablets, etc. Thus, the need to repeatedly authenticate israised, and even with the most basic security in place this process can be a sourceof frustration and inconvenience for the user.This especially holds true for authentication on mobile devices where usage is frequentbut short. Thus, the struggle to balance usability and security in authenticationapproaches has been present for some time now.Several user-friendly authentication approaches have been introduced till now,whose motivation was to reduce the number of intrusive authentications in mobiledevices as much as possible. Even though, by focusing too much on the user-friendlinessof the authentication approach, its security isn t completely addressed.In this thesis, we propose a new user-friendly authentication approach, whosefocus is on security at the same time. It leverages the security potential of surroundingdevices of the user, specifically the devices that the user trusts, as well as thenon trusted devices which can be found in his/her surrounding.We explore the capabilities of the devices that are not trusted /owned by the userin increasing the security of our authentication approach. Those devices can eitherbe environmental background devices or untrusted devices.Our research has shown that by increasing the level of security in a user-friendlyauthentication approach, it is still possible to achieve a high number of automatic(non-intrusive) authentications, except in the cases where it is not secure for themobile device to allow automatic access. We achieved up to 97.89% of automaticauthentications at the users home, which is considered to be a known environmentwhich the users most likely trust.A high percentage of up to 72.99% of automatic authentications was achievedat the users offices, which is also considered as a known environment, which theusers most likely trust. While a very low percentage of positive authentications wasachieved when the users were in unknown (possibly untrusted) environments. Thehighest percentage of automatic authentications in this case was 6%. But, whenin such an environment the users most likely wouldn t have liked to have theirdevice open automatically, without any countermeasures in place. The increaseof security in our authentication approach can be seen by this low percentage ofautomatic authentications in an unknown environment.