Co-operative user identity verification using an Authentication Aura

Document Type

Journal Article

Publisher

Elsevier Advanced Technology

Faculty

Faculty of Health, Engineering and Science

School

ECU Security Research Institute

RAS ID

15965

Comments

Hocking, C., Furnell, S. , Clarke, N. , & Reynolds, P. (2013). Co-operative user identity verification using an Authentication Aura. Computers and Security, 39(Part b), 486-502. Available here

Abstract

IT usage today is typified by users that operate across multiple devices, including traditional desktop PCs, laptops, tablets and smartphones. As a consequence, users can regularly find themselves having a variety of devices open concurrently, and with even the most basic security in place, there is a resultant need to repeatedly authenticate, which can potentially represent a source of hindrance and frustration for the user. Building upon previous work by the authors that proposed a novel approach to user authentication, called an Authentication Aura, this paper investigates the latent security potential contained in surrounding devices in everyday life and how this may be used to augment security. An experiment has been undertaken to ascertain the technological infrastructure, devices and inert objects that surround individuals throughout the day to establish whether or not these items might be utilised within an authentication solution. The experiment involved twenty volunteers, over a 14-day period, and resulted in a dataset of 1.23 million recorded observations. Using the data provided by the experiment as a basis for a simulation, it investigated how confidence in the user's identity is influenced by these familiar everyday possessions and how their own authentication status can be 'leveraged' to negate the need to repeatedly manually authenticate. The simulation suggests a potential reduction of 74.04% in the daily number of required authentications for a user operating a device once every 30 min, with a 10-min screen lock in place. Ultimately, it confirms that during device activation it is possible to remove the need to authenticate with the Authentication Aura providing sufficient confidence.

DOI

10.1016/j.cose.2013.09.011

Share

 
COinS