picking a smart lock
play

PICKING A (SMART)LOCK Locking Relationships on Mobile Devices - PowerPoint PPT Presentation

PICKING A (SMART)LOCK Locking Relationships on Mobile Devices Elizabeth Stobert & David Barrera, ETH Zrich DESKTOP AUTHENTICATION HASNT CHANGED MUCH 2 MORE THAN ONE WAY TO LOCK A PHONE iOS Passcode (PIN, password) Touch


  1. PICKING A (SMART)LOCK Locking Relationships on Mobile Devices Elizabeth Stobert & David Barrera, ETH Zürich

  2. DESKTOP AUTHENTICATION HASN’T CHANGED MUCH 2

  3. MORE THAN ONE WAY TO LOCK A PHONE iOS • • Passcode (PIN, password) • Touch ID (fingerprint) Android • • PIN/password • Pattern Unlock • Smart Locks • Trusted devices, face, place • On-body detection 3

  4. A PERFECT STORM FOR MOBILE DEVICE AUTHENTICATION Mobile devices have distinct use patterns • distinct threat models • market pressures • vertical integration • 4

  5. A MODEL OF MOBILE AUTHENTICATION Log out Locked Unlocked Authentication success 5

  6. A MODEL OF MOBILE AUTHENTICATION Authentication success Partly Locked Unlocked -Short timeout -Button lock -Long timeout Authentication Device -Remote lock enabled success rebooted -Too many failed logins -Device rebooted Fully Locked 6

  7. DOMINANT VS. SECONDARY AUTHENTICATION Dominant authentication always unlocks the device • Secondary authentication sometimes unlocks the device • Dominant or secondary authentication success Partly Locked Unlocked -Short timeout -Button lock -Long timeout Dominant -Remote lock enabled Device authentication rebooted success -Too many failed logins Fully Locked 7

  8. LAYERED SECURITY MECHANISMS Is having more authentication methods better for security? • • Authentication methods are keys more than doors How to calibrate the security di ff erences between dominant • and secondary authentication? Lockout policies are the usual approach • Many aspects of lockout policies are user-configured • 8

  9. A CHOICE OF AUTHENTICATION SCHEMES New models leave the choice of • authentication mechanisms in the hands of the user Do people know how to choose • and configure the right security for them? 9

  10. FUTURE AUTHENTICATION STRATEGIES How will this model develop? • • Continuous authentication? What design opportunities are • facilitated by this authentication model? • Partial authentication? • Per-app authentication? 10

  11. OPEN QUESTIONS What are the security implications of layering multiple • authentication mechanisms? How will giving users a variety of choice in how they secure • their devices play out? Will this model persist? How will it develop in future? • Thank you! • elizabeth.stobert@inf.ethz.ch •

Recommend


More recommend