Common authentication methods based on passwords, tokens, or fingerprints perform one-time authentication and rely on users to log out from the computer terminal when they leave. Users often do not log out, however, which is a security risk. The most common solution, inactivity timeouts, inevitably fail security (too long a timeout) or usability (too short a timeout) goals. One solution is to authenticate users continuously while they are using the terminal and automatically log them out when they leave. Several solutions are based on user proximity, but these are not sufficient: they only confirm whether the user is nearby but not whether the user is actually using the terminal. Proposed solutions based on behavioral biometric authentication (e.g., keystroke dynamics) may not be reliable, as a recent study suggests.To address this problem we propose Zero-Effort Bilateral Recurring Authentication (ZEBRA). In ZEBRA, a user wears a bracelet (with a built-in accelerometer, gyroscope, and radio) on her dominant wrist. When the user interacts with a computer terminal, the bracelet records the wrist movement, processes it, and sends it to the terminal. The terminal compares the wrist movement with the inputs it receives from the user (via keyboard and mouse), and confirms the continued presence of the user only if they correlate. Because the bracelet is on the same hand that provides inputs to the terminal, the accelerometer and gyroscope data and input events received by the terminal should correlate because their source is the same -the user's hand movement. In our experiments ZEBRA performed continuous authentication with 85 % accuracy in verifying the correct user and identified all adversaries within 11 s. For a different threshold that trades security for usability, ZEBRA correctly verified 90 % of users and identified all adversaries within 50 s.
Consumer smart home devices are becoming increasingly pervasive. As Airbnb hosts deploy smart devices in spaces shared with guests, we seek to understand the security and privacy implications of these devices for both hosts and guests. We conducted a large-scale survey of 82 hosts and 554 guests to explore their current technology practices, their preferences for smart devices and data collection/sharing, and their privacy and security concerns in the context of Airbnbs. We found that guests preferred smart devices, even viewed them as a luxury, but some guests were concerned that smart devices enable excessive monitoring and control, which could lead to repercussions from hosts (e.g., locked thermostat). On average, the views of guests and hosts on data collection in Airbnb were aligned, but for the data types where differences occur, serious privacy violations might happen. For example, 90% of our guest participants did not want to share their Internet history with hosts, but one in five hosts wanted access to that information. Overall, our findings surface tensions between hosts and guests around the use of smart devices and in-home data collection. We synthesize recommendations to address the surfaced tensions and identify broader research challenges.
No abstract
Prior research suggests that security and privacy needs of users in developing regions are different than those in developed regions. To better understand the underlying differentiating factors, we conducted a systematic review of Human-Computer Interaction for Development and Security & Privacy publications in 15 proceedings, such as CHI, SOUPS, ICTD, and DEV, from the past ten years. Through an in-depth analysis of 114 publications that discuss security and privacy needs of people in developing regions, we identified five key factors-culture, knowledge gaps, unintended technology use, context, and usability and cost considerations-that shape security and privacy preferences of people in developing regions. We discuss how these factors influence their security and privacy considerations using case studies on phone sharing and surveillance. We then present a set of design recommendations and research directions for addressing security and privacy needs of people in resource-constrained settings. CCS CONCEPTS• Security and privacy → Human and societal aspects of security and privacy;
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.