Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Medical Applications Tejinder Judge Usable Security – CS 6204 – Fall, 2009 – Dennis.

Slides:



Advertisements
Similar presentations
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Advertisements

A Pervasive Reminder System for Smart Homes Sylvain GIROUX and Simon GUERTIN Département d’informatique, Université de Sherbrooke 2500 boul. Université,
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
Beyond Prototypes: Challenges in Deploying Ubiquitous Systems N. Davies and H. Gellersen IEEE pervasive computing, 2002 Presenter: Min Zhang
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Multimedia Communications Tejinder Judge Usable Security – CS 6204 – Fall, 2009.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Chapter 5 Input and Output. What Is Input? What is input? p. 166 Fig. 5-1 Next  Input device is any hardware component used to enter data or instructions.
Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
(insert Presenters Name) (insert Title)
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
3d ..
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
Gateplus Time Attendance and Access Control System.
. Smart Cities and the Ageing Population Sustainable smart cities: from vision to reality 13 October ITU, Geneva Knud Erik Skouby, CMI/ Aalborg University-Cph.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
FIT3105 Smart card based authentication and identity management Lecture 4.
Ubiquitous Computing Computers everywhere. Agenda Old future videos
SAB ReviewFebruary 2004Pervasive 2004April 2004 Using an Extended Episodic Memory Within a Mobile Companion Alexander Kröner, Stephan Baldes, Anthony Jameson,
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
Pervasive Healthcare Martin Mogensen mastering student and student programmer Centre for Pervasive Healthcare [ Computer Science Department.
Security and Privacy in Ubiquitous Computing. Agenda Project issues? Project issues? Ubicomp quick overview Ubicomp quick overview Privacy and security.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Smart Home Technologies CSE 4392 / CSE 5392 Spring 2006 Manfred Huber
Certificate and Key Storage Tokens and Software
RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.
Chapter 10: Authentication Guide to Computer Network Security.
On Education Gerrit C. van der Veer most work done by Anne Bowser Elizabeth Churchill Jennifer Preece.
The Energy Aware Smart Home
COMP1070/2002/lec3/H.Melikian COMP1070 Lecture #3 v Operating Systems v Describe briefly operating systems service v To describe character and graphical.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.
Desktop Integration Rhidian Bramley PACS & Teleradiology Group Meeting November 2005.
Context awareness in health care: A review Nathalie Bricon-Souf, Conrad R. NewMan Centre d’Etude et de Recherche en Informatique Medicale, France International.
Integrating the Healthcare Enterprise Enterprise User Authentication and Consistent Time Glen Marshall Co-Chair, IHE IT Infrastructure Planning Committee.
Michael Lawo Using Wearable Computing Technology to Empower the Mobile Worker TNC 2009 Malaga Michael Lawo, Otthein Herzog, Peter.
Ubiquitous Computing Computers everywhere. Where are we going? What happens when the input is your car pulls into the garage, and the output is the heat.
Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.
PERVASIVE COMPUTING MIDDLEWARE BY SCHIELE, HANDTE, AND BECKER A Presentation by Nancy Shah.
Cloud platforms Lead to Open and Universal access for people with Disabilities and for All Cloud4all User Forum and Focus group 30/08/2012.
Comp 15 - Usability & Human Factors Unit 9 - Ubiquitous Computing in Healthcare This material was developed by Columbia University, funded by the Department.
A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Designing for Privacy Human factors and system’s engineering Usable Security – CS.
SBIR Final Meeting Collaboration Sensor Grid and Grids of Grids Information Management Anabas July 8, 2008.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Cerberus: A Context-Aware Security Scheme for Smart Spaces presented by L.X.Hung u-Security Research Group The First IEEE International Conference.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Principles of Context aware systems Presented by: Rajesh Gangam Usable Security.
Student Attendance System Requirement Analysis Presentation.
Context in Ubiquitous Computing. Context sensing.
Controlling Computer Using Speech Recognition (CCSR) Creative Masters Group Supervisor : Dr: Mounira Taileb.
Jini Architecture Introduction System Overview An Example.
SFTW241 Programming Languages Architecture I University of Macau Faculty of Science and Technology Computer and Information Science Year2 Class A Group.
UBICOMP SYSTEMS: TOPICS & CHALLENGES. New computing model  Heterogeneous devices  Interaction:  Many-to-many  Possibly implicit, invisible, through.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
Desktop Integration Rhidian Bramley PACS & Teleradiology Group Meeting November 2005.
Ubiquitous Computing Computers everywhere. Wednesday: presentations Ideal Concepts T.H.E. Team Infused Industries CommuniCORP Part 3 DUE!
Semantic Web in Context Broker Architecture Presented by Harry Chen, Tim Finin, Anupan Joshi At PerCom ‘04 Summarized by Sungchan Park
Ambient Intelligence: Everyday Living Aid System for Elders
Integrating the Healthcare Enterprise Improving Clinical Care: Enterprise User Authentication For IT Infrastructure Robert Horn Agfa Healthcare.
DEVELOPING A PERSONALLY CONTROLLED HEALTH RECORD (PCHR) USING MICROSOFT VISUAL C# SESSION 9 SUMMARY.
Unlocking Smartphone Data For Educational Use in Teaching & Learning Environment Fuming Shih, WeiHua Li (fuming | 8th International and.
Advancements of RFID in the Healthcare System Jesse A. Evans 3/25/07.
3D Password.
Maria Cinque, Michele Crudele, Giulio Iannello Università Campus Bio-Medico di Roma Hospital Information System for Students The results of the HISS project:
1 Interaction in Pervasive Computing Settings using Bluetooth-enabled Active tags and passive RFID Technology tegether with Mobile Phones PerCom 2003 F.
National Patient Portal
Modular Object Scanning Technology (MOST)
K!M SAA LOGICAL SECURITY Strong Adaptive Authentication
Mobile Commerce and Ubiquitous Computing
Presentation transcript:

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Medical Applications Tejinder Judge Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Jacob Bardram Professor at University of Copenhagen His research areas are Ubiquitous Computing, Computer Supported Cooperative Work (CSCW), and Human- Computer Interaction (HCI) Main application area of this research is healthcare, especially Pervasive Healthcare Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Central theme of these papers The main challenge in the shift from desktop computing, to ubiquitous and pervasive computing, is user authentication A domain where this challenge is easily seen is healthcare

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Paper 1 Context-Aware User Authentication – Supporting Proximity-Based Login in Pervasive Computing  Jakob Bardram, Rasmus Kjær, and Michael Pedersen  Proceedings of Ubicomp 2003

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Motivation Problems with Electronic Patient Records (EPR)  Clinicians have to log in times a day  Have to log on to different machines based on location  Made easy to share passwords like ‘1234’

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Activity-Based Computing The basic idea is to represent a user’s (work) activity as a collection of computational services Make such activities available on various stationary and mobile computing equipment in a hospital Clinicians can initiate a set of activities, and access these on various devices in the hospital

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Method Participatory design sessions and workshops  12 workshops, 4-6 hours each with 6-10 participants (most of which were clinicians) Several user authentication mechanisms were designed implemented and evaluated

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Requirements for a pervasive computing user authentication mechanism Proximity based Secure Active gesture Support for logout

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Context-aware user authentication 3 key principles  First, it uses a physical token used for active gesturing and as the basis for authentication  Second, it uses a context-awareness system to verify the location of the user, and to log out the user when she leaves a certain place  Third, it contains ‘fall-back’ mechanisms, so that if either of the two components in the system falls out, the user authentication mechanism switches to other mechanisms.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Authentication protocol The authentication protocol runs on a JavaCard The following information is stored on the card:  An id for the user the card belongs to.  The user’s password.  The user’s pair of a secret key (KS) and public key (KP).

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Authentication protocol 1. The client receives notification that user P is in the room (optional). 2. The user places his smart card in the card reader. 3. The client requests the id from the smart card. 4. The client looks up the person in the Context Server based on the id from the card.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Authentication protocol 5. There are two distinct cases based on the probability that the user is in the same place as the client.  Case A: The probability is greater that a certain threshold. The smart card is asked to verify that it holds the user’s secret key, KS.  Case B: The location of the user is not sufficiently sure. The computer asks the user to enter his password. The smart card accepts or rejects the user based on the password.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Infrastructure Context Context Monitors Context Server Client 1Client 2

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Security analysis It is possible for someone to authenticate as a legitimate user by the following: 1. Steal the smart card and fake the location of a legitimate user 2. Steal the smart card and be in the same room as the legitimate user. 3. Steal the smart card and acquire the user’s password somehow

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Possible solutions Voice monitor that can identify and locate a user based on voice Additional checks (e.g. is user still on his shift?) Using biometrics instead of a password

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Paper 2 Applications of context-aware computing in hospital work: examples and design principles  Jakob Bardram  Proceedings of the 2004 ACM Symposium on Applied Computing

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Motivation Addressing the problems of clinical computer systems being unaware of their usage context Example Electronic Patient Records (EPR)  Same interface is used in the ward, operating theater, medicine room  Doctors and nurses need to manually adjust the interface.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Method Design and implementation of context-aware clinical applications  Context-aware Electronic Patient Records (EPR)  Context-aware pill container  Context-aware hospital bed Design was a result of 15 workshops over 2 years  Each workshop was 4-7 hours, had 5-12 participants each  8 participants were clinicians

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Scenarios of context-awareness in hospitals

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Prototype of context-aware hospital bed The bed has an integrated computer, a touch sensitive display, various RFID sensors The patient is identified using RFID tags in an armband and the personal profile is loaded into the computer The Context-Aware Hospital Bed.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Prototype of context aware pill container Current implementation is based on RFID technology The Context-Aware Pill Container. a – the vision with fingerprint recognition and a LED indicating proximity to the patient. b – the current prototype based on RFID technology.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Lessons learned Context-awareness is particular useful for user-interface navigation Context is more than location Physical things reveal activity Using context-awareness to suggest courses of action

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Design principles Framework for context awareness in medical work 1. Runtime Infrastructure 2. Programming Framework (API)

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Runtime Infrastructure Distributed and Cooperating Services Security and Privacy Lookup and Discovery Extensible

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Application Programmer Interface Semantic-free modeling Context transformation Context quality Support for activities

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Future work Creating a Java Context- Awareness Framework (JCAF) that addresses these design principles

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Paper 3 Security in Context - Lessons Learned from Security Studies in Hospitals  Jakob Bardram  CHI 2007 Workshop on Security User Studies: Methodologies and Best Practices

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Motivation Conventional login procedures cause usability problems especially in a hospital setting User studies show that the use of cryptic passwords made users write the passwords on the computer displays

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Proposed solution User-centered security that has usability as a primary goal

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Current security challenges Collaborating using an EPR  No longer easy for nurses to work together around digitized records  Technological challenge: is to enable users to share’ a login, i.e. enabling some kind of collective user authentication.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Current security challenges User authentication in the design of home monitoring devices for the elderly  An elderly lady has severe problems of using the tablet PC and did not succeed in authenticating herself to the system using the finger print scanner

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Prototype of proximity-based user authentication mechanism The overall goal with this proximity-based user authentication technology was to log in the user when he or she approached a computer, like a large public display.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Evaluation of prototype and results Logging in a person by proximity might not work in a real hospital  Authentication needs to be triggered by some gesture from the user Need fast switching between users  “Shift user” command while leaving screen intact

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Lessons learned from multiple security studies Ethnographic field studies are useful in understanding security and usability problems Design security technologies based on what users do not by merely improving existing security technologies

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Lessons learned from multiple security studies Making security more usable is to realize the need for many different kinds of security – one size does not fit all Make security visible and understandable

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Central theme of these papers The main challenge in the shift from desktop computing, to ubiquitous and pervasive computing, is user authentication

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Conclusion and critique Provided two solutions to user authentication  Context based authentication  Proximity based authentication Provided a domain and justification for using context-aware applications and activity-based computing in a hospital Did not discuss possible pitfalls of using context-aware applications in a hospital

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Discussion What are the tradeoffs to using context based applications in hospitals? How can we design with users who prefer having no security hassle? How can we implement security mechanisms which are sufficiently secure while being usable? How do we evaluate such technologies?