dc.description.abstract | IT usage today is typified by users that use multiple devices, including smartphones,
desktop PCs, laptops, tablets, etc. Thus, the need to repeatedly authenticate is
raised, and even with the most basic security in place this process can be a source
of frustration and inconvenience for the user.
This especially holds true for authentication on mobile devices where usage is frequent
but short. Thus, the struggle to balance usability and security in authentication
approaches has been present for some time now.
Several user-friendly authentication approaches have been introduced till now,
whose motivation was to reduce the number of intrusive authentications in mobile
devices as much as possible. Even though, by focusing too much on the user-friendliness
of the authentication approach, its security isn t completely addressed.
In this thesis, we propose a new user-friendly authentication approach, whose
focus is on security at the same time. It leverages the security potential of surrounding
devices of the user, specifically the devices that the user trusts, as well as the
non trusted devices which can be found in his/her surrounding.
We explore the capabilities of the devices that are not trusted /owned by the user
in increasing the security of our authentication approach. Those devices can either
be environmental background devices or untrusted devices.
Our research has shown that by increasing the level of security in a user-friendly
authentication approach, it is still possible to achieve a high number of automatic
(non-intrusive) authentications, except in the cases where it is not secure for the
mobile device to allow automatic access. We achieved up to 97.89% of automatic
authentications at the users home, which is considered to be a known environment
which the users most likely trust.
A high percentage of up to 72.99% of automatic authentications was achieved
at the users offices, which is also considered as a known environment, which the
users most likely trust. While a very low percentage of positive authentications was
achieved when the users were in unknown (possibly untrusted) environments. The
highest percentage of automatic authentications in this case was 6%. But, when
in such an environment the users most likely wouldn t have liked to have their
device open automatically, without any countermeasures in place. The increase
of security in our authentication approach can be seen by this low percentage of
automatic authentications in an unknown environment. | en |