Open and Future Work: Authentication

Figure 7.1: Intentional distractions in an ATM lab study. This setup has been used by Dun-phy et al. in [44] to provide a more realistic setting for ATM interaction within a controlled lab study. The screens around the ATM mock up display recordings that have been made around a real ATM.

is a methodology designed for the evaluation of in-car interfaces that tests how much (using a quantitative measurement) a secondary task distracts a user from the primary task, which is driving. What would be needed to evaluate criterion 6 would be a methodology to actively distract a user rather than measuring distraction.

We presented significant improvements to current authentication systems but we cannot claim that we created “the one authentication mechanism to replace them all”. From our experience based on this work, we argue that there is a high chance that such a system simply does not exist and that it is highly depending on the context. That is, in a different context, a different system might be the best solution.

At this point, we have to ask again whether biometrics might be the solution. From a point of view of the criteria defined in this thesis, biometric authentication in general would be a great candidate. As discussed in chapter 2.1, mainly privacy concerns still hinder its wide adaptation.

Therefore, if biometrics are to replace standard authentication, this aspect has to be dealt with both in industry as well as in research. The main problem is the collection and storage of bio-metric data which users consider lost forever, once it is in possession of another entity, like a bank.

The biometric daemon [13] is a concept describing a possible solution: A pet, that lives with its users and “learns” their biometric features from them. Authentication is done by the daemon rather than its user. Once the user moves too far from it, the daemon dies. Having the biometric data always close to them, this concept might allay the users’ doubts. A very important thought of this concept is to create a biometric system in which the data does not have to be given away but

Figure 7.2: Interaction with TreasurePhone [116]. Different profiles of the phone and cor-responding data are protected until the user is in the right context. Left: By touching a room plate enhanced with an NFC tag, the user activates a location that defines a context like

“work” or “home”. Right: Controlling an NFC-based lock activates a specific action that defines a context as well.

always remains with the user. We can imagine a biometric box (which could be a smartphone for example) or something key-like. The box learns the biometric data from the users while it stays with them. Starting from simple data like fingerprints to biometric information on how the users move, how they hold the box, etc. To authenticate to a system, the box or key has to be “opened”

or “made ready”. To do so, biometric features of the user are exploited. In the best case, this could happen implicitly while pulling the box from the pocket. To authenticate to a system, the only property that it has to know is whether the box is open or not. After authentication, the box closes again. Since the biometric data never leaves the device, the users do not have to provide them to a third entity. This is just a quick thought but it highlights that if researchers work on the privacy problem, biometric authentication can be an important factor in our future.

Besides token-based and biometric authentication, there is a third field of authentication that has great potential, implicit authentication. The main idea is that authentication is implicitly happen-ing and not anymore somethhappen-ing the user actively does. That is, it eliminates active authentication as a cumbersome task that users do not want to be bothered with since it is not their primary goal [133]. Oftentimes, biometric information is used to achieve this goal, but in many cases, context information can be used as well. When we developed TreasurePhone [116], we created a system in which context is used to define whether a specific profile (and with this specific data) of a smartphone can be viewed or not. Therefore, it uses actions and locations as shown in fig-ure 7.2. For instance, when a user opens an office door with the mobile device (e.g. using NFC), the phone switches to the “work” location and data related to the user’s work becomes available.

Even though this is authorization rather than authentication, the system shows how context can be used to grant or deny access to a specific entity.

Especially the field of mobile personal devices can highly benefit from implicit authentication.

For instance, modern mobile phones have different mechanisms to unlock the displays or keypads so that the user can interact with the device. These include for instance moving locks from one side to another or dragging windows down. Adding a biometric component to this approach, the mobile device could not only measure that the unlock mechanism was used but also how. This way, the user can be identified and authorized to use the phone or not. That is, authentication can take place implicitly in such an approach. Other approaches of implicit authentication could include shaking patterns and the like. Theoretically, the criteria of implicit authentication do not differ significantly from the ones presented in this thesis. Even though authentication is happening implicitly, the design of the system is important for its speed, security, robustness to distractions etc.¹

In this chapter, we showed that there is still a large body of open research questions related to authentication. We are currently continuing our work with a focus on the just presented topics.