Researchers:
- Masoud Mehrabi Koushki (Lead)
- Yue Huang
- Max Conti
- Borke Obada
- Konstantin Beznosov
Summary:
Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. It relies on behavioral traits (e.g., gait patterns) for user identification, instead of biometric data or knowledge of a PIN. The reported studies on users’ perception of IA have painted a very positive picture, showing that more than 60% of their respective participants are interested in adopting IA, should it become available on their devices. These studies, however, have all been done either in lab environments, or with low- to medium-fidelity prototypes, which limits their generalizability and ecological validity. Therefore, the question of “how would smartphone users perceive a commercialized IA scheme in a realistic setting?” remains unanswered. Moreover, it is not yet known whether users can understand the semantics of this technology well enough to use it properly.
This project aims at bridging these aforementioned knowledge gaps by aiming to:
- (1) identify security and usability requirements for implicit authentication on mobile devices, by studying users’ experiences with Google Smart Lock for Android (SL)
- (2) improve the usability of IA on smartphones by designing and evaluating more granular access control systems. The evaluation will be done empirically, by employing user studies.
- (3) investigate the efficacy of user access control solutions on smartphones and its potential effects on the deployment of implicit authentication
Related Publications:
- Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones (USENIX Security 2022).
- On Smartphone Users’ Difficulty with Understanding Implicit Authentication (CHI 2021)
- Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android” (MobileHCI 2020)