Evaluating Re-authentication Strategies for Smartphones

dc.contributor.authorAgarwal, Lalit
dc.date.accessioned2016-08-04T15:57:46Z
dc.date.available2016-08-04T15:57:46Z
dc.date.issued2016-08-04
dc.date.submitted2016
dc.description.abstractRe-authenticating users may be necessary for smartphone authentication schemes that leverage user behavior, device context, or task sensitivity. However, due to the unpredictable nature of re-authentication, users may get annoyed when they have to use the default, non-transparent authentication prompt for re-authentication. We address this concern by proposing a few configurations with varying levels of screen transparency and time delays when displaying the authentication prompt. We conduct user studies with 30 participants to evaluate the usability and security of these configurations. We also study whether the user preferences of the configurations vary depending on the application the participants are using on their device or their surrounding environment. We find that the participants generally prefer the authentication configuration with a non-transparent background for sensitive applications, such as banking and photo apps. Our findings also indicate that the user preferences are inclined towards convenient, usable configurations while participants are using their devices at home. Though we did not observe any significant differences in the task completion overhead and context switch overhead among our proposed configurations, we find that participants utilize the time delay just before the authentication prompt is going to appear to complete their current task. We also provide implementation details of our Android lock library, FireLock, which developers can use to re-authenticate users while they are using their app. We conclude with suggestions to improve the design of the proposed configurations as well as a discussion of other mechanisms to notify the users in case of re-authentication.en
dc.identifier.urihttp://hdl.handle.net/10012/10611
dc.language.isoenen
dc.pendingfalse
dc.publisherUniversity of Waterlooen
dc.subjectMobile privacyen
dc.subjectAndroid re-authenticationen
dc.subjectSmartphone authenticationen
dc.titleEvaluating Re-authentication Strategies for Smartphonesen
dc.typeMaster Thesisen
uws-etd.degreeMaster of Mathematicsen
uws-etd.degree.departmentDavid R. Cheriton School of Computer Scienceen
uws-etd.degree.disciplineComputer Scienceen
uws-etd.degree.grantorUniversity of Waterlooen
uws.contributor.advisorHengartner, Urs
uws.contributor.affiliation1Faculty of Mathematicsen
uws.peerReviewStatusUnrevieweden
uws.published.cityWaterlooen
uws.published.countryCanadaen
uws.published.provinceOntarioen
uws.scholarLevelGraduateen
uws.typeOfResourceTexten

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Agarwal_Lalit.pdf
Size:
2.63 MB
Format:
Adobe Portable Document Format
Description:
Thesis

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
6.17 KB
Format:
Item-specific license agreed upon to submission
Description: