Authentication and Smart Environments

会議の名前
CHI 2023
FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones
要旨

Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.

受賞
Best Paper
著者
Leon Würsching
Technische Universität Darmstadt, Darmstadt, Hesse, Germany
Florentin Putz
TU Darmstadt, Darmstadt, Germany
Steffen Haesler
Technische Universität Darmstadt, Darmstadt, Germany
Matthias Hollick
TU Darmstadt, Darmstadt, Germany
論文URL

https://doi.org/10.1145/3544548.3580993

動画
Investigating Tangible Privacy-Preserving Mechanisms for Future Smart Homes
要旨

Most smart home devices have multiple sensors, such as cameras and microphones; however, most cannot be controlled individually. Tangible privacy mechanisms provide control over individual sensors and instill high certainty of privacy. Yet, it remains unclear how they can be used in future smart homes. We conducted three studies to understand how tangible privacy mechanisms scale across multiple devices and respond to user needs. First, we conducted a focus group (N=8) on speculative tangible control artifacts to understand the user perspective. Second, we ran a workshop at a human-computer interaction conference (N=8) on tangible privacy. Third, we conducted a six-week in-the-wild study with a tangible, static privacy dashboard across six households. Our findings help to contrast the need for tangible privacy mechanisms on the sensor level with user needs on a smart home level. Finally, we discuss our design implications for future smart homes through the lens of inclusive privacy.

著者
Maximiliane Windl
LMU Munich, Munich, Germany
Albrecht Schmidt
LMU Munich, Munich, Germany
Sebastian S.. Feger
LMU Munich, Munich, Germany
論文URL

https://doi.org/10.1145/3544548.3581167

動画
Why I Can't Authenticate -- Understanding the Low Adoption of Authentication Ceremonies with Autoethnography
要旨

Authentication ceremonies detect and mitigate Man-in-the-Middle (MitM) attacks on end-to-end encrypted messengers, such as Signal, WhatsApp, or Threema. However, prior work found that adoption remains low as non-expert users have difficulties using them correctly. Anecdotal evidence suggests that security researchers also have trouble authenticating others. Since their issues are probably unrelated to user comprehension or usability, the root causes may lie deeper. This work explores these root causes using autoethnography. The first author kept a five-month research diary of their experience with authentication ceremonies. The results uncover points of failure while planning and conducting authentication ceremonies. They include cognitive load, forgetfulness, social awkwardness, and explanations required by a communication partner. Additionally, this work identifies and discusses how sociocultural aspects affect authentication ceremonies. Lastly, this work discusses a design approach for cooperative security that employs cultural transcoding to improve sociocultural aspects of security by design.

著者
Matthias Fassl
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Katharina Krombholz
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
論文URL

https://doi.org/10.1145/3544548.3581508

Understanding People's Concerns and Attitudes Toward Smart Cities
要旨

Designing privacy-respecting and human-centric smart cities requires a careful investigation of people's attitudes and concerns toward city-wide data collection scenarios. To capture a holistic view, we carried out this investigation in two phases. We first surfaced people's understanding, concerns, and expectations toward smart city scenarios by conducting 21 semi-structured interviews with people in underserved communities. We complemented this in-depth qualitative study with a 348-participant online survey of the general population to quantify the significance of smart city factors (e.g., type of collected data) on attitudes and concerns. Depending on demographics, privacy and ethics were the two most common types of concerns among participants. We found the type of collected data to have the most and the retention time to have the least impact on participants' perceptions and concerns about smart cities. We highlight key takeaways and recommendations for city stakeholders to consider when designing inclusive and protective smart cities.

著者
Pardis Emami-Naeini
Duke University, Durham, North Carolina, United States
Joseph Breda
University of Washington, Seattle, Washington, United States
Wei Dai
Microsoft Research, Redmond, Washington, United States
Tadayoshi Kohno
University of Washington, Seattle, Washington, United States
Kim Laine
Microsoft Research, Redmond, Washington, United States
Shwetak Patel
University of Washington, Seattle, Washington, United States
Franziska Roesner
University of Washington, Seattle, Washington, United States
論文URL

https://doi.org/10.1145/3544548.3581558

動画
GestureMeter: Design and Evaluation of a Gesture Password Strength Meter
要旨

Gestures drawn on touchscreens have been proposed as an authentication method to secure access to smartphones. They provide good usability and a theoretically large password space. However, recent work has demonstrated that users tend to select simple or similar gestures as their passwords, rendering them susceptible to dictionary based guessing attacks. To improve their security, this paper describes a novel gesture password strength meter that interactively provides security assessments and improvement suggestions based on a scoring algorithm that combines a probabilistic model, a gesture dictionary, and a set of novel stroke heuristics. We evaluate this system in both online and offline settings and show it supports creation of gestures that are significantly more resistant to guessing attacks (by up to 67%) while also maintaining performance on usability metrics such as recall success rate and time. We conclude that gesture password strength meters can help users select more secure gesture passwords.

著者
Eunyong Cheon
UNIST , Ulsan, Korea, Republic of
Jun Ho Huh
Samsung Research, Seoul, Korea, Republic of
Ian Oakley
UNIST, Ulsan, Korea, Republic of
論文URL

https://doi.org/10.1145/3544548.3581397

動画
Negotiation Behaviors of Owners and Bystanders over Data Practices of Smart Home Devices
要旨

Bystanders (i.e., visiting friends, visiting family members, or domestic workers) are often not aware of the data practices in other people’s (i.e., owners’) smart homes, exposing them to privacy risks. One solution to avoid violating bystanders’ privacy is to increase the data practice transparency and facilitate negotiation. In this paper, we designed a negotiation interaction study to explore the behaviors of owners (n1=238 participants assigned with the owner role) and bystanders (n2=222 participants assigned with the by- stander role) when negotiating about smart home data practices with the corresponding bystander and owner digital agents. We also asked questions to explore factors that may potentially correlate with or affect the observed negotiation behaviors and outcomes. We found that owner and bystander participants differ in behaviors regarding numbers of rounds of negotiation, final reached preferences, and total number of agreements. We analyzed the correlating factors and predictability of reaching agreements.

著者
Ahmed Alshehri
Colorado School of Mines, GOLDEN, Colorado, United States
Eugin Pahk
Colorado School of Mines, Golden, Colorado, United States
Joseph Spielman
Colorado School of Mines, Golden, Colorado, United States
Jacob T. Parker
Colorado School of Mines, Golden, Colorado, United States
Benjamin Gilbert
Colorado School of Mines , Golden, Colorado, United States
Chuan Yue
Colorado School of Mines, Golden, Colorado, United States
論文URL

https://doi.org/10.1145/3544548.3581360

動画