PICKING A (SMART)LOCK Locking Relationships on Mobile Devices - - PowerPoint PPT Presentation

picking a smart lock
SMART_READER_LITE
LIVE PREVIEW

PICKING A (SMART)LOCK Locking Relationships on Mobile Devices - - PowerPoint PPT Presentation

Jan 04, 2023 187 likes •310 views

PICKING A (SMART)LOCK Locking Relationships on Mobile Devices Elizabeth Stobert & David Barrera, ETH Zrich DESKTOP AUTHENTICATION HASNT CHANGED MUCH 2 MORE THAN ONE WAY TO LOCK A PHONE iOS Passcode (PIN, password) Touch

slide-1
SLIDE 1

PICKING A (SMART)LOCK

Locking Relationships on Mobile Devices

Elizabeth Stobert & David Barrera, ETH Zürich

slide-2
SLIDE 2

DESKTOP AUTHENTICATION HASN’T CHANGED MUCH

2

slide-3
SLIDE 3

MORE THAN ONE WAY TO LOCK A PHONE

  • iOS
  • Passcode (PIN, password)
  • Touch ID (fingerprint)
  • Android
  • PIN/password
  • Pattern Unlock
  • Smart Locks
  • Trusted devices, face, place
  • On-body detection

3

slide-4
SLIDE 4

A PERFECT STORM FOR MOBILE DEVICE AUTHENTICATION

Mobile devices have

  • distinct use patterns
  • distinct threat models
  • market pressures
  • vertical integration

4

slide-5
SLIDE 5

A MODEL OF MOBILE AUTHENTICATION

Unlocked Locked

Log out Authentication success 5

slide-6
SLIDE 6

A MODEL OF MOBILE AUTHENTICATION

Partly Locked

Unlocked

  • Short timeout
  • Button lock

Authentication success Authentication success Device rebooted

  • Long timeout
  • Remote lock enabled
  • Too many failed logins
  • Device rebooted

Fully Locked

6

slide-7
SLIDE 7
  • Dominant authentication always unlocks the device
  • Secondary authentication sometimes unlocks the device

DOMINANT VS. SECONDARY AUTHENTICATION

7

Partly Locked

Unlocked

  • Short timeout
  • Button lock

Dominant or secondary authentication success Dominant authentication success Device rebooted

  • Long timeout
  • Remote lock enabled
  • Too many failed

logins

Fully Locked

slide-8
SLIDE 8

LAYERED SECURITY MECHANISMS

  • Is having more authentication methods better for security?
  • Authentication methods are keys more than doors
  • How to calibrate the security differences between dominant

and secondary authentication?

  • Lockout policies are the usual approach
  • Many aspects of lockout policies are user-configured

8

slide-9
SLIDE 9

A CHOICE OF AUTHENTICATION SCHEMES

  • New models leave the choice of

authentication mechanisms in the hands of the user

  • Do people know how to choose

and configure the right security for them?

9

slide-10
SLIDE 10

FUTURE AUTHENTICATION STRATEGIES

  • How will this model develop?
  • Continuous authentication?
  • What design opportunities are

facilitated by this authentication model?

  • Partial authentication?
  • Per-app authentication?

10

slide-11
SLIDE 11

OPEN QUESTIONS

  • What are the security implications of layering multiple

authentication mechanisms?

  • How will giving users a variety of choice in how they secure

their devices play out?

  • Will this model persist? How will it develop in future?
  • Thank you!
  • elizabeth.stobert@inf.ethz.ch