Embed Size (px)
DESCRIPTION
This talk was for the Cylab partners meeting in 2011. I gave an overview of research my colleagues and I are doing in streamlining authentication as well as understanding human behavior at large scales.
Citation preview
©2
00
9 C
arn
eg
ie M
ello
n U
niv
ers
ity :
1
Computer Human Interaction:Mobility, Privacy, and Security
Jason [email protected]
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
2
Two Major Research Thrusts
• Streamlining Authentication– How to simplify and strengthen
authentication using sensor data?
• Understanding Human Behavior at Large Scales– What can we infer about people and
places based on lots of sensor data?
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
3
Too many passwords!!!
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
4
Problems with Passwords
• People forget passwords• Susceptible to social engineering• People re-use passwords• Passwords tend to be weak in practice
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
5
WebTicket
• Cheap printable tokensfor a reliable way to log in
• Browser plug-in forcreating new accounts– Strong passwords are assigned
• Print out ticket– Ticket is encrypted to work
only with specific computer(s)– QRCode: URL, user name,
password
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
6
Logging In with WebTicket
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
7
WebTicket
• Design:– Very cheap (paper + printer + webcam)– Compatible with existing systems– Easy to deploy– Easy to teach: treat it like a house key
• Weaknesses:– Not meant for commonly used passwords– Tickets can get damaged or lost– Need to store main encryption key– Scale (about 15 accounts on average)
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
8
WebTicket User Study
• Three studies, 59 people total– Study 1: Lab study– Study 2: Lab study (phishing too)– Study 3: Field trial
• Experiment– Two conditions: password and WebTicket – Create a few new accounts– Login to a few sites– Come back a week later, login again
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
9
WebTicket Study Results
• 1/4 of people using passwords could not login again a week later– Didn’t restrict what passwords people used
• Login time for WebTicket slower at first, faster a week later
• WebTicket perceived as easier and faster• Simulated phishing attack– All in password condition fell for it– 30% of people using WebTicket did
(though data still encrypted)
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
10
Ongoing and Future Work
• Mobile phone version to scale up– A strong password manager– Can’t fall for phish too
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
11
Ongoing Work
• Can encode 3k data with QR codes– Ex. “Login only if in Cylab office or home”– Ex. “Login only if between 5-8pm”– Ex. “Login only if parents at home”– Ex. “Notify parents when you login”– Ex. Include face biometric data
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
12
Casual Authentication
• Use commodity sensors + behavioral models for cheap, passive, multi-factor authentication
• Modulate level of authentication needed– In likely situations, make logins fast– In unlikely situations, make it reliable
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
13
Example Scenarios
• Scenario 1 – Mobile device– If in office is high, make login fast– If in Brazil, make login reliable– Location, IP address, WiFi MAC,
Bluetooth devices nearby, tilt
• Scenario 2 – Home– Wake up in morning, go to computer– Weight sensor in chair, height sensor
via Kinect, mobile devices nearby– Use face recognition to login (fast)
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
14
Casual Authentication
• Location as a passive factor– (a) Diary study with 20 people– (b) Location traces of 30 people
(a) Where people login
(Hayashi and Hong, CHI 2011)
(b) Where peoplespend time
(Amini et al, Mobisys 2011)
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
15
• Location entropy– Concept taken from ecology– Number of unique people seen in a place– Approximates public vs private
• Locaccino data– 489 participants– 2.8m location sightings
Characterizing Places
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
16
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
17
Using Location Data
• Characterizing individuals– Personal frequency– Personal mobility pattern
• Characterizing places– Entropy – number of unique people– Churn – same people or different– Transience – amount of time spent– Burst – regularity of people seen
• Building models of people and places
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
18
Ongoing Work
• Evaluating passive factors• Developing threat models– How well person knows you– How skilled a hacker they are
• Developing prototypes– Mobile case– Work/Home
• Evaluating security and usability– Ease of use, time to login– False accept rates, expert analysis
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
19
Understanding Human Behavior at Very Large Scales• Capabilities of today’s mobile devices– Location, sound, proximity, motion– Call logs, SMS logs, pictures
• We can now analyze real-world social networks and human behaviors at unprecedented fidelity and scale
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
20
• Insert graph here• Describe entropy
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
21
Entropy Related to Location Privacy
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
22
Results of Location Analysis
• Entropy related to location privacy– Fewer concerns in “public” places
(Toch et al, Ubicomp 2010)
• Can predict Facebook friendships based on co-location patterns– Not just frequency, but also where– 92% accuracy
(Cranshaw et al, Ubicomp 2010)
• Can predict number of friends based on mobility patterns– Go out often and to high entropy places
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
23
Augmented Social Graph
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
24
Augmented Social Graph
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
25
Augmented Social Graph
• Online social network information + smartphone communication– Infer tie strength, roles, groups
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
26
Potential Scenarios
• Secure invitations– Who is this person friending me?– How do my friends know her?
• Communication triage• Configuration of privacy policies– Tie strength strongly correlated with what
personal info people willing to share(Wiese et al, Ubicomp 2011)
– Communication and co-location can be used to predict tie strength
• Depression / Leadership
©2
01
1 C
arn
eg
ie M
ello
n U
niv
ers
ity :
27
Summary
• WebTicket– Printable tokens to login
• Casual authentication– Use sensor data and models to
characterize people and places– Modulate level of authentication
based on situation
• Understanding behavior at large scales– Opportunity to instrument the world– Augmented social graph
