abstract

FlexPass: Symbiosis of Seamless User Authentication Schemes in IoT

Authors:

Christos Fidas,

Andreas PitsillidesAuthors Info & Claims

CHI EA '19: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems

Paper No.: LBW2318, Pages 1 - 6

https://doi.org/10.1145/3290607.3312951

Published: 02 May 2019 Publication History

Abstract

This paper presents a new user authentication paradigm which is based on a flexible user authentication method, namely FlexPass. FlexPass relies on a single, user-selected secret that can be reflected in both textual and graphical authentication secrets. Such an approach facilitates adaptability in nowadays ubiquitous user interaction contexts within the Internet of Things (IoT), in which end-users authenticate multiple times per day through a variety of interaction device types. We present an initial evaluation of the new authentication method based on an in-lab experiment with 32 participants. Analysis of results reveal that the FlexPass paradigm is memorable and that users like the adaptable perspective of the new approach. Findings are expected to scaffold the design of more user-centric knowledge-based authentication mechanisms within nowadays ubiquitous computation realms.

References

[1]

Antonakakis, M., April, T., et al. (2017). Understanding the mirai botnet. In USENIX SEC 2017, 1093--1110.

Digital Library

[2]

Fernandes, E., Rahmati, A., Eykholt, K., & Prakash, A. (2017). Internet of things security research: A rehash of old ideas or new intellectual challenges? IEEE Security and Privacy, 15, 4, 79--84.

[3]

Yu, T., Sekar, V., Seshan, S., Agarwal, Y., & Xu, C. (2015). Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In ACM Workshop on HotNets 2015, ACM, article 5.

Digital Library

[4]

He, W., Golla, M., Padhi, R., Ofek, J., Dürmuth, M., Fernandes, E., & Ur, B. (2018). Rethinking access control and authentication for the home internet of things (IoT). In USENIX Security Symposium 2018, USENIX, 255--272.

Digital Library

[5]

Stobert, E., & Biddle, R. Authentication in the home. In Workshop on Home Usable Privacy and Security 2013.

[6]

Cranor, L.F. (2014). What's wrong with your pa$$w0rd? TED Talk, March 2014.

[7]

Biddle, R., Chiasson, S., & van Oorschot, P. (2012). Graphical passwords: Learning from the first twelve years. ACM Computing Surveys, 44(4), 41.

Digital Library

[8]

Wang, J., & Katabi, D. (2013). Dude, where's my card?: RFID positioning that works with multipath and non-line of sight. In ACM SIGCOMM 2013, ACM Press, 51--62.

Digital Library

[9]

von Zezschwitz, E., De Luca, A., & Hussmann, H. (2014). Honey, I shrunk the keys: Influences of mobile devices on password composition and authentication performance. In ACM NordiCHI 2014, ACM Press, 461--470.

Digital Library

[10]

Findlater, L., Wobbrock, J., & Wigdor, D. (2011). Typing on flat glass: Examining ten-finger expert typing patterns on touch surfaces. In ACM CHI 2011, ACM Press, 2453--2462.

Digital Library

[11]

Jermyn, I., Mayer, A., Monrose, F., Reiter, M., & Rubin, A. (1999). The design and analysis of graphical passwords. In USENIX Security Symposium 1999, USENIX Association.

Digital Library

[12]

Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., & Memon, N. (2005). PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies, 63(1--2), 102--127.

Digital Library

[13]

Real User Corporation (2004). The Science Behind Passfaces. Technical report, Real User Corporation.

[14]

Mare, S., Baker, M., & Gummeson, J. (2016). A study of authentication in daily life. SOUPS 2016, USENIX, 189--206

Digital Library

[15]

Nicholson, J., Coventry, L., & Briggs, P. (2013). Age-related performance issues for PIN and face-based authentication systems. In ACM CHI 2013, ACM Press, 323--332.

Digital Library

[16]

Ma, Y., Feng, J., Kumin, L., & Lazar, J. (2013). Investigating user behavior for authentication methods: A comparison between individuals with Down syndrome and neurotypical users. ACM TAC, 4(4), article 15, 27 p.

Digital Library

[17]

Katsini, C., Fidas, C., Raptis, G., Belk, M., Samaras, G., & Avouris, N. (2018). Influences of human cognition and visual behavior on password strength during picture password composition. In CHI 2018, ACM, paper 87.

Digital Library

[18]

Paivio, A. (2006). Mind and its evolution: A dual coding theoretical approach. Lawrence-Erlbaum, Mahwah, NJ.

[19]

Al-Ameen, M.N., Wright, M., Scielzo, S. (2015). Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. In ACM CHI 2015, ACM, 2315--2324.

Digital Library

[20]

Tulving, E. (2002). Episodic memory: From mind to brain. Annual Review of Psychology, 53, 1--25.

[21]

Squire, L (1992). Declarative and nondeclarative memory: Multiple brain systems supporting learning and memory. Journal of Cognitive Neuroscience, 4(3), 232--243.

Digital Library

[22]

Williams, H. L., Conway, M. A., & Cohen, G. (2008). Autobiographical memory. In G. Cohen & M. A. Conway (Eds.), Memory in the Real World (3rd ed., pp. 21--90). Hove, UK: Psychology Press.

[23]

Baddeley, A. (1990). Human memory: theory and practice. Lawrence-Erlbaum, London.

[24]

Stobert, E., & Biddle, R. (2013). Memory retrieval and graphical passwords. In SOUPS 2013, ACM, article 15, 14 p.

Digital Library

[25]

Komanduri, S., Shay, R., Kelley, P., Mazurek, M., Bauer, L., Christin, N., Cranor, L., & Egelman, S. (2011). Of passwords and people: Measuring the effect of password-composition policies. In CHI 2011, ACM, 2595--2604.

Digital Library

[26]

Burr, W.E., Dodson, D.F., & Polk, W.T. (2006). Electronic authentication guideline. NIST Technical Report.

[27]

Atkinson, R.C., & Shiffrin, R.M. (1968). Human memory: a proposed system and its control processes. In: Spence, K.W., Spence, J.T. (eds.) The psychology of learning and motivation (Volume 2). Academic Press, 89--195.

Cited By

Constantinides ABelk MFidas CBeumers RVidal DHuang WBowles JWebber TSilvina APitsillides A(2023)Security and Usability of a Personalized User Authentication Paradigm: Insights from a Longitudinal Study with Three Healthcare OrganizationsACM Transactions on Computing for Healthcare10.1145/35646104:1(1-40)Online publication date: 27-Feb-2023
https://dl.acm.org/doi/10.1145/3564610
Trnka MAbdelfattah AShrestha ACoffey MCerny T(2022)Systematic Review of Authentication and Authorization Advancements for the Internet of ThingsSensors10.3390/s2204136122:4(1361)Online publication date: 10-Feb-2022
https://doi.org/10.3390/s22041361
Banton MWebber TSilvina ABowles J(2022)Model-Based Security Assessment on the Design of a Patient-Centric Data Sharing PlatformFrom Data to Models and Back10.1007/978-3-031-16011-0_5(61-77)Online publication date: 15-Oct-2022
https://doi.org/10.1007/978-3-031-16011-0_5
Show More Cited By

Index Terms

FlexPass: Symbiosis of Seamless User Authentication Schemes in IoT
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI
    2. HCI theory, concepts and models
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

Security and Usability of a Personalized User Authentication Paradigm: Insights from a Longitudinal Study with Three Healthcare Organizations
This article proposes a user-adaptable and personalized authentication paradigm for healthcare organizations, which anticipates to seamlessly reflect patients’ episodic and autobiographical memories to graphical and textual passwords aiming to improve the ...
Three Diamentional Object Used for Data Security
CICN '10: Proceedings of the 2010 International Conference on Computational Intelligence and Communication Networks

Current authentication systems suffer from many weaknesses. Textual passwords are commonly used, however, users do not follow their requirements. Users tend to choose meaningful words from dictionaries, which make textual passwords easy to break and ...
Security pitfalls of "ePASS

Attribute-based signature (ABS) enables a signer, who possesses a set of attributes, to anonymously sign a message with respect to some signing policy. A recipient of the signature can just ensure that a signer owing attributes that satisfy the signing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI EA '19: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems

May 2019

3673 pages

ISBN:9781450359719

DOI:10.1145/3290607

General Chairs:
Stephen Brewster
University of Glasgow, Scotland, UK
,
Geraldine Fitzpatrick
TU Wien, Austria
,
Program Chairs:
Anna Cox
University College London, UK
,
Vassilis Kostakos
University of Melbourne, Australia

Copyright © 2019 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2019

Check for updates

Author Tags

Qualifiers

Abstract

Funding Sources

Horizon 2020

Conference

CHI '19

Sponsor:

SIGCHI

CHI '19: CHI Conference on Human Factors in Computing Systems

May 4 - 9, 2019

Glasgow, Scotland Uk

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
227
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Constantinides ABelk MFidas CBeumers RVidal DHuang WBowles JWebber TSilvina APitsillides A(2023)Security and Usability of a Personalized User Authentication Paradigm: Insights from a Longitudinal Study with Three Healthcare OrganizationsACM Transactions on Computing for Healthcare10.1145/35646104:1(1-40)Online publication date: 27-Feb-2023
https://dl.acm.org/doi/10.1145/3564610
Trnka MAbdelfattah AShrestha ACoffey MCerny T(2022)Systematic Review of Authentication and Authorization Advancements for the Internet of ThingsSensors10.3390/s2204136122:4(1361)Online publication date: 10-Feb-2022
https://doi.org/10.3390/s22041361
Banton MWebber TSilvina ABowles J(2022)Model-Based Security Assessment on the Design of a Patient-Centric Data Sharing PlatformFrom Data to Models and Back10.1007/978-3-031-16011-0_5(61-77)Online publication date: 15-Oct-2022
https://doi.org/10.1007/978-3-031-16011-0_5
Banton MBowles JSilvina AWebber T(2021)On the Benefits and Security Risks of a User-Centric Data Sharing Platform for Healthcare ProvisionAdjunct Proceedings of the 29th ACM Conference on User Modeling, Adaptation and Personalization10.1145/3450614.3464473(351-356)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3450614.3464473
Alfard FAli Keshlaf ABouzid O(2021)IoTGazePass: A New Password Scheme for IoT Applications2021 IEEE 1st International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering MI-STA10.1109/MI-STA52233.2021.9464390(299-304)Online publication date: 25-May-2021
https://doi.org/10.1109/MI-STA52233.2021.9464390
Constantinides ABelk MFidas CPitsillides A(2020)Design and Development of a Patient-centric User Authentication SystemAdjunct Publication of the 28th ACM Conference on User Modeling, Adaptation and Personalization10.1145/3386392.3399564(201-203)Online publication date: 14-Jul-2020
https://dl.acm.org/doi/10.1145/3386392.3399564
Bowles JMendoza-Santana JWebber TKuflik TTorre IBurke RGena C(2020)Interacting with Next-Generation Smart Patient-Centric Healthcare SystemsAdjunct Publication of the 28th ACM Conference on User Modeling, Adaptation and Personalization10.1145/3386392.3399561(191-192)Online publication date: 13-Jul-2020
https://doi.org/10.1145/3386392.3399561
Webber TSantana JVermeulen ABowles J(2020)Designing a Patient-Centric System for Secure Exchanges of Medical DataComputational Science and Its Applications – ICCSA 202010.1007/978-3-030-58817-5_44(598-614)Online publication date: 30-Sep-2020
https://doi.org/10.1007/978-3-030-58817-5_44
Janjic VBowles JVermeulen ASilvina ABelk MFidas CPitsillides AKumar MRossbory MVinov MGiven-Wilson TLegay ABlackledge EArredouani RStylianou GHuang W(2019)The SERUMS tool-chain: Ensuring Security and Privacy of Medical Data in Smart Patient-Centric Healthcare Systems2019 IEEE International Conference on Big Data (Big Data)10.1109/BigData47090.2019.9005600(2726-2735)Online publication date: Dec-2019
https://doi.org/10.1109/BigData47090.2019.9005600

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents