1 / 21

Context-Aware Authentication Framework

Context-Aware Authentication Framework. Diwakar Goel, Eisha Kher, Shriya Joag , Veda Mujumdar, Martin Griss, Anind K. Dey. CyLab Mobility Research Center. Mobility Research Center Carnegie Mellon Silicon Valley. 1. Outline. Background A Scenario The Architecture

Download Presentation

Context-Aware Authentication Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Context-Aware Authentication Framework Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, Anind K. Dey CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley 1

  2. Outline • Background • A Scenario • The Architecture • Threats and Attacks Mitigated • Conclusion Context-Aware Authentication Framework

  3. Outline • Background • A Scenario • The Architecture • Threats and Attacks Mitigated • Conclusion Context-Aware Authentication Framework October 26, 2009

  4. Context-Awareness • Context: • ‘information about the situation of an entity’, e.g., location, identity, time, activity • Context-Aware Systems: • use context to provide relevant information and/or services to the user • enhance the behavior of any application by informing it of the context of use Context-Aware Authentication Framework October 26, 2009

  5. Our solution framework • Authentication algorithm • User scans QR codes using camera-phones, requests access • Context contains authentication information • Access may be granted based on policies • Contextual cues used • Location (coordinates, using Wi-Fi positioning) • Roles (faculty, student, staff, admin) • Time of day Context-Aware Authentication Framework October 26, 2009

  6. Context-Aware Authentication • Enhances usability • Password replaced by gesture • Enhances Robustness • Adaptive instead of static passwords • Scalable • Ubiquitous use of mobile phones • Extensible • Multiple contextual cues, e.g., time, location, ‘roles’ Context-Aware Authentication Framework October 26, 2009

  7. Outline • Background • A Scenario • The Architecture • Threats and Attacks Mitigated • Conclusion Context-Aware Authentication Framework October 26, 2009

  8. A scenario Context-Aware Authentication Framework October 26, 2009

  9. Outline • Background • A Scenario • The Architecture • Threats and Attacks Mitigated • Conclusion Context-Aware Authentication Framework October 26, 2009

  10. The Architecture Context-Aware Authentication Framework October 26, 2009

  11. The Architecture Dynamic: -Linked to server -On tablets, kiosks, other screens Static: -Inexpensive -On Paper Context-Aware Authentication Framework October 26, 2009

  12. The Architecture Logs: -Authentication attempts -Time -Result -Context info Maintains: -QR code info -Location info -Expiry time Context-Aware Authentication Framework October 26, 2009

  13. The Architecture Stores: -User-specific info -Session token -Calendar id Context-Aware Authentication Framework October 26, 2009

  14. Example Step 2: Extra authentication Optional extra layer of security Step 3: Context-based Access Step 1: Scan QR code Context-Aware Authentication Framework October 26, 2009

  15. Outline • Background • A Scenario • The Architecture • Threats and Attacks Mitigated • Conclusion Context-Aware Authentication Framework October 26, 2009

  16. Threats and Attacks Mitigated • Replication of displayed code • Time varying, location varying QR codes • Cloning/ theft of user device • Session tokens, ‘line-of-sight’ property • Brute force/guessing attack • Dynamically generated codes • Faking/manipulating context information • Weighted context cues, peer verification • Sniffing attack Context-Aware Authentication Framework October 26, 2009

  17. Why QR codes? • Can be read fast • Easy to generate • Can be displayed anywhere – on screens/print outs • Can be read by nearly all camera equipped phones • Robust against sniffing attacks • ‘Line-of-sight ‘ property Context-Aware Authentication Framework October 26, 2009

  18. Outline • Background • A Scenario • The Architecture • Threats and Attacks Mitigated • Conclusion Context-Aware Authentication Framework October 26, 2009

  19. Conclusion • Role-based and location-based access control • Leveraged user’s context • Used light-weight tagging • Advantages • Simple, inexpensive, scalable, extensible • Centralized control over authentication sites • Smarter and robust authentication • Future work • Adding other contextual cues, user profiling Context-Aware Authentication Framework October 26, 2009

  20. Acknowledgments Thanks to • Co-authors for their contribution • CyLab, ARO and Nokia for their grants • You for patient listening! October 26, 2009 Context-Aware Authentication Framework October 26, 2009

  21. Context-Aware Authentication Framework Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, Anind K. Dey CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley 21

More Related