Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley.

Similar presentations


Presentation on theme: "Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley."— Presentation transcript:

1 Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, Anind K. Dey 1

2 Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 2 October 26, 2009 Context-Aware Authentication Framework

3 Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 3 Context-Aware Authentication Framework October 26, 2009

4 Carnegie MellonCarnegie Mellon Context-Awareness Context: Context: ‘information about the situation of an entity’, e.g., location, identity, time, activity Context-Aware Systems: Context-Aware Systems: relevant use context to provide relevant information and/or services to the user enhance enhance the behavior of any application by informing it of the context of use 4 Context-Aware Authentication Framework October 26, 2009

5 Carnegie MellonCarnegie Mellon Our solution framework Authentication algorithm Authentication algorithm – User scans QR codes using camera-phones, requests access – Context contains authentication information – Access may be granted based on policies Contextual cues used Contextual cues used – Location (coordinates, using Wi-Fi positioning) – Roles (faculty, student, staff, admin) – Time of day Context-Aware Authentication Framework 5 October 26, 2009

6 Carnegie MellonCarnegie Mellon Context-Aware Authentication Enhances usability Enhances usability – Password replaced by gesture Enhances Robustness Enhances Robustness – Adaptive instead of static passwords Scalable Scalable – Ubiquitous use of mobile phones Extensible Extensible – Multiple contextual cues, e.g., time, location, ‘roles’ Context-Aware Authentication Framework 6 October 26, 2009

7 Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 7 Context-Aware Authentication Framework October 26, 2009

8 Carnegie MellonCarnegie Mellon A scenario 8 Context-Aware Authentication Framework October 26, 2009

9 Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 9 Context-Aware Authentication Framework October 26, 2009

10 Carnegie MellonCarnegie Mellon The Architecture 10 Context-Aware Authentication Framework October 26, 2009

11 Carnegie MellonCarnegie Mellon The Architecture 11 Context-Aware Authentication Framework Dynamic: -Linked to server -On tablets, kiosks, other screens Static: -Inexpensive -On Paper October 26, 2009

12 Carnegie MellonCarnegie Mellon The Architecture 12 Context-Aware Authentication Framework Maintains: -QR code info -Location info -Expiry time Logs: -Authentication attempts -Time -Result -Context info October 26, 2009

13 Carnegie MellonCarnegie Mellon The Architecture 13 Context-Aware Authentication Framework Stores: -User-specific info -Session token -Calendar id October 26, 2009

14 Carnegie MellonCarnegie Mellon Example 14 Context-Aware Authentication Framework Step 1: Scan QR code Step 2: Extra authentication Optional extra layer of security Step 3: Context-based Access October 26, 2009

15 Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 15 Context-Aware Authentication Framework October 26, 2009

16 Carnegie MellonCarnegie Mellon Threats and Attacks Mitigated Replication of displayed code Replication of displayed code – Time varying, location varying QR codes Cloning/ theft of user device Cloning/ theft of user device – Session tokens, ‘line-of-sight’ property Brute force/guessing attack Brute force/guessing attack – Dynamically generated codes Faking/manipulating context information Faking/manipulating context information – Weighted context cues, peer verification Sniffing attack Sniffing attack 16 Context-Aware Authentication Framework October 26, 2009

17 Carnegie MellonCarnegie Mellon Why QR codes? Can be read fast Easy to generate Can be displayed anywhere – on screens/print outs Can be read by nearly all camera equipped phones Robust against sniffing attacks ‘Line-of-sight ‘ property 17 Context-Aware Authentication Framework October 26, 2009

18 Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 18 Context-Aware Authentication Framework October 26, 2009

19 Carnegie MellonCarnegie Mellon Conclusion Role-based and location-based access control Role-based and location-based access control – Leveraged user’s context – Used light-weight tagging Advantages Advantages – Simple, inexpensive, scalable, extensible – Centralized control over authentication sites – Smarter and robust authentication Future work Future work – Adding other contextual cues, user profiling 19 Context-Aware Authentication Framework October 26, 2009

20 Carnegie MellonCarnegie Mellon Acknowledgments Thanks to Thanks to – Co-authors for their contribution – CyLab, ARO and Nokia for their grants – You for patient listening! October 26, 2009 20 Context-Aware Authentication Framework October 26, 2009

21 Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, Anind K. Dey 21


Download ppt "Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley."

Similar presentations


Ads by Google