Download presentation
Presentation is loading. Please wait.
Published byMarlene Booker Modified over 9 years ago
1
Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, Anind K. Dey 1
2
Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 2 October 26, 2009 Context-Aware Authentication Framework
3
Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 3 Context-Aware Authentication Framework October 26, 2009
4
Carnegie MellonCarnegie Mellon Context-Awareness Context: Context: ‘information about the situation of an entity’, e.g., location, identity, time, activity Context-Aware Systems: Context-Aware Systems: relevant use context to provide relevant information and/or services to the user enhance enhance the behavior of any application by informing it of the context of use 4 Context-Aware Authentication Framework October 26, 2009
5
Carnegie MellonCarnegie Mellon Our solution framework Authentication algorithm Authentication algorithm – User scans QR codes using camera-phones, requests access – Context contains authentication information – Access may be granted based on policies Contextual cues used Contextual cues used – Location (coordinates, using Wi-Fi positioning) – Roles (faculty, student, staff, admin) – Time of day Context-Aware Authentication Framework 5 October 26, 2009
6
Carnegie MellonCarnegie Mellon Context-Aware Authentication Enhances usability Enhances usability – Password replaced by gesture Enhances Robustness Enhances Robustness – Adaptive instead of static passwords Scalable Scalable – Ubiquitous use of mobile phones Extensible Extensible – Multiple contextual cues, e.g., time, location, ‘roles’ Context-Aware Authentication Framework 6 October 26, 2009
7
Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 7 Context-Aware Authentication Framework October 26, 2009
8
Carnegie MellonCarnegie Mellon A scenario 8 Context-Aware Authentication Framework October 26, 2009
9
Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 9 Context-Aware Authentication Framework October 26, 2009
10
Carnegie MellonCarnegie Mellon The Architecture 10 Context-Aware Authentication Framework October 26, 2009
11
Carnegie MellonCarnegie Mellon The Architecture 11 Context-Aware Authentication Framework Dynamic: -Linked to server -On tablets, kiosks, other screens Static: -Inexpensive -On Paper October 26, 2009
12
Carnegie MellonCarnegie Mellon The Architecture 12 Context-Aware Authentication Framework Maintains: -QR code info -Location info -Expiry time Logs: -Authentication attempts -Time -Result -Context info October 26, 2009
13
Carnegie MellonCarnegie Mellon The Architecture 13 Context-Aware Authentication Framework Stores: -User-specific info -Session token -Calendar id October 26, 2009
14
Carnegie MellonCarnegie Mellon Example 14 Context-Aware Authentication Framework Step 1: Scan QR code Step 2: Extra authentication Optional extra layer of security Step 3: Context-based Access October 26, 2009
15
Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 15 Context-Aware Authentication Framework October 26, 2009
16
Carnegie MellonCarnegie Mellon Threats and Attacks Mitigated Replication of displayed code Replication of displayed code – Time varying, location varying QR codes Cloning/ theft of user device Cloning/ theft of user device – Session tokens, ‘line-of-sight’ property Brute force/guessing attack Brute force/guessing attack – Dynamically generated codes Faking/manipulating context information Faking/manipulating context information – Weighted context cues, peer verification Sniffing attack Sniffing attack 16 Context-Aware Authentication Framework October 26, 2009
17
Carnegie MellonCarnegie Mellon Why QR codes? Can be read fast Easy to generate Can be displayed anywhere – on screens/print outs Can be read by nearly all camera equipped phones Robust against sniffing attacks ‘Line-of-sight ‘ property 17 Context-Aware Authentication Framework October 26, 2009
18
Carnegie MellonCarnegie Mellon Outline Background A Scenario The Architecture Threats and Attacks Mitigated Conclusion 18 Context-Aware Authentication Framework October 26, 2009
19
Carnegie MellonCarnegie Mellon Conclusion Role-based and location-based access control Role-based and location-based access control – Leveraged user’s context – Used light-weight tagging Advantages Advantages – Simple, inexpensive, scalable, extensible – Centralized control over authentication sites – Smarter and robust authentication Future work Future work – Adding other contextual cues, user profiling 19 Context-Aware Authentication Framework October 26, 2009
20
Carnegie MellonCarnegie Mellon Acknowledgments Thanks to Thanks to – Co-authors for their contribution – CyLab, ARO and Nokia for their grants – You for patient listening! October 26, 2009 20 Context-Aware Authentication Framework October 26, 2009
21
Carnegie MellonCarnegie Mellon Context-Aware Authentication Framework CyLab Mobility Research Center Mobility Research Center Carnegie Mellon Silicon Valley Diwakar Goel, Eisha Kher, Shriya Joag, Veda Mujumdar, Martin Griss, Anind K. Dey 21
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.