| Summary: | One of the main reasons why smartphone users do not adopt authentication mechanisms is due to the inefficiency of entering a PIN/Pattern/Password each time they use their phone. On the other hand. users who do use these locking mechanisms find them annoying (40- 47%) (Egelman et al.. 2014; Harbach et al., 2014; Jakobsson et al., 2009). Previous research (Gupta et al. 2012; Hayashi et al., 2013) has studied the potential of using sensor data to detect the location of the phone for the purpose of implicit authentication. However. little consideration has been given to applying the rich set of environment-related sensor data such as noise. light and magnetic field ("ambient factors") to authentication. Therefore, this research used ambient sensors with the purpose of detecting changes in environmental surroundings so that the phone asks for explicit authentication only when a change is detected in these conditions. The main aim is to improve the efficiency and user satisfaction of smartphone authentication mechanisms, to increase use (adoption) among traditional nonadopters (users who do not lock their phone). and reduce the level of annoyance to current adopters, all while maintaining a reasonable level of security. An empirical study was first conducted to investigate the use of ambient sensors and to determine if ambient profiles that confirm the consistency of sensor readings for a user would improve the efficiency of smartphone authentication. Subsequently, two further empirical studies were conducted to investigate the strengths and weaknesses of this mechanism from a security and battery consumption perspective. Since all these empirical studies confirmed the premise of this work. a three phase user study was conducted to evaluate this novel context-sensitive authentication mechanism from a usability and adoption perspective. The security and battery consumption studies showed that the use of ambient sensors during context-sensitive authentication adds an extra layer of security over location only solutions because this authentication mechanism can reasonably detect most of the insider attacks and still achieve an acceptable number of false positives (where there is a failure to identify the legitimate user). The usability and adoption study showed that both current adopters and traditional non-adopters felt that the evaluated mechanism had all the necessary qualities for being adopted because it satisfied their divergent security needs. Unlocking their phone only when necessary was considered to be more efficient. did not annoy them and offered a reasonable level of security. Another contribution of this thesis is that participants responded positively to the option of choosing when a PIN/Pattern is required in different contexts. Therefore, this research recommends that designers of smartphone locking mechanisms should consider ceding a reasonable level of control over security settings (e.g. choosing the locations in which explicit authentication is required) to users to increase adoption and convenience, while keeping smartphones reasonably secure.
|
|---|
