authentication frequency
play

Authentication Frequency (and Continuous Authentication) Mike Just - PowerPoint PPT Presentation

Apr 15, 2023 •364 likes •502 views

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy Technologies Group Glasgow Caledonian University SOUPS 2014 WAY Workshop 9 July 2014 Outline Authentication frequency Continuous

  1. Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy Technologies Group Glasgow Caledonian University SOUPS 2014 – WAY Workshop 9 July 2014

  2. Outline • Authentication frequency • Continuous authentication (on mobile devices) • Implicit, transparent, data-driven, …

  3. Authentication Frequency • Typical authentication issues • Credential number, size, complexity • Duration of each authentication attempt • Authentication frequency • Number of authentication attempts with same credential • At one or more accounts • Explicit vs. implicit use • Trade-offs for increased/decreased authentication frequency

  4. Authentication Frequency – Highs and Lows • High(er) frequency • Higher frequency would seem to increase recall • SSO: Reduce number of credentials • Security • Model behaviour  reduce explicit use (e.g., continuous authentication) • Low(er) frequency • Lower frequency (explicit use) would seem to reduce use burden (e.g., saved passwords) • But also seems to negatively impact recall (leading to recovery) • Continuous authentication supports lower explicit use of credential

  5. Continuous, Data-Driven Authentication • On mobile devices • Reduce explicit unlocks • Multiple sensor input • More than just location • Insider attacks • Environment change See MoST 2014

  6. Time to Train

  7. Threshold Setting

  8. Usability • Current activity: usability study

  9. Security • Initial attacks, based on physical access, and known information

  10. Efficiency • Adaptive: Based on score changes over time (or other “trigger”) • Weight and use of sensors in different contexts (time, location)

  11. Final thoughts • Authentication frequency • Increasing/decreasing frequency options • Infrequent account access • Continuous, data-driven authentication • Plausible, but further investigation required • Current: Further usability and security studies, resource consumption • Will users (who currently use PIN/pattern) like a reduction of the number of explicit unlocks? • Will users (who DON’T currently use PIN/pattern) now use a solution with a smaller number of unlocks? • Will it be sufficiently secure? • Will lower frequency of explicit authentication impact memorability?

  12. Email: mike.just@gcu.ac.uk Joint with Gunes Kayacik, Nicholas Micallef, Lynne Baillie, and David Aspinall (Edinburgh)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Frequency Decomposition The base frequency or the fundamental frequency is the lowest frequency.

Frequency Decomposition The base frequency or the fundamental frequency is the lowest frequency.

IIT Bombay Slide 21 Frequency Decomposition The base frequency or the fundamental frequency is the lowest frequency. All multiples of the fundamental frequency are known as harmonics .

519 views • 27 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Joint Word Segmentation and pos-Tagging using a Single Perceptron Yue Zhang and Stephen Clark

Joint Word Segmentation and pos-Tagging using a Single Perceptron Yue Zhang and Stephen Clark

Joint Word Segmentation and pos-Tagging using a Single Perceptron Yue Zhang and Stephen Clark Oxford University Computing Laboratory June 5, 2008 Oxford University Computing Laboratory Introduction of Chinese pos-tagging Chinese sentences

571 views • 34 slides
By H.W.Weijers Presented at the Workshop on High Temperature Superconducting Magnets for Muon

By H.W.Weijers Presented at the Workshop on High Temperature Superconducting Magnets for Muon

High field magnets with coated conductors A viewpoint emerging from projects at the NHMFL By H.W.Weijers Presented at the Workshop on High Temperature Superconducting Magnets for Muon Collider Wilson Hall, Fermi National Accelerator Lab,

928 views • 17 slides
A depth formula for Tate Tor independent modules over Gorenstein rings Joint work with David A.

A depth formula for Tate Tor independent modules over Gorenstein rings Joint work with David A.

A depth formula for Tate Tor independent modules over Gorenstein rings Joint work with David A. Jorgensen arXiv:1107.3102[math.AC] Lars Winther Christensen Texas Tech University Lincoln NE, 16 October 2011 Auslanders depth formula Setup

527 views • 8 slides
Jointly Distributed Random Variables IE 502: Probabilistic Models Jayendran Venkateswaran IE

Jointly Distributed Random Variables IE 502: Probabilistic Models Jayendran Venkateswaran IE

Jointly Distributed Random Variables IE 502: Probabilistic Models Jayendran Venkateswaran IE & OR Joint Distribution Functions X and Y are random variables Joint cumulative distribution function of X and Y Individual CDFs of

505 views • 8 slides
Data-Driven Inference and Observationally Complete Devices joint work with: M. DallArno, A.

Data-Driven Inference and Observationally Complete Devices joint work with: M. DallArno, A.

Data-Driven Inference and Observationally Complete Devices joint work with: M. DallArno, A. Bisio, A. Tosini Francesco Buscemi (Nagoya University) QIRIF? ! 2019 V axj o, Sweden, 12 June 2019 An unknown device: how can we infer

391 views • 17 slides
Incrementality in Compositional Distributional Semantics M. Sadrzadeh, EECS, QMUL SemDial 2018

Incrementality in Compositional Distributional Semantics M. Sadrzadeh, EECS, QMUL SemDial 2018

Incrementality in Compositional Distributional Semantics M. Sadrzadeh, EECS, QMUL SemDial 2018 joint work with M. Purver, J. Hough, R. Kempson SYCO2, Glasgow December 2018 NLP in one slide structure preserving map Semantic Formal

926 views • 68 slides
Evaluating the value of storage facilities for buffering and arbitrage (Joint work with Lisa

Evaluating the value of storage facilities for buffering and arbitrage (Joint work with Lisa

Evaluating the value of storage facilities for buffering and arbitrage (Joint work with Lisa Flatley, Richard Gibbens, Stan Zachary) James Cruise Maxwell Institute for Mathematical Sciences Edinburgh and Heriot-Watt Universities 26 February

523 views • 26 slides
Outline Outline 2 Probability Models of N Random Variables Probability Models of N Random

Outline Outline 2 Probability Models of N Random Variables Probability Models of N Random

Outline Outline 2 Probability Models of N Random Variables Probability Models of N Random Variables (5.1, Y&G) Vector Notation (5.2, Y&G) Vector Notation (5 2 Y&G) 204312 PROBABILITY AND 204312 PROBABILITY AND

546 views • 7 slides

More recommend