SOUPS2015 2日目

Elissa M. Redmiles, Ph.D. @eredmil1

implicit authentication - continuously auth #smartphone users through #behavior monitoring #soups2015 paper here: bit.ly/1CZgL4Q

Elissa M. Redmiles, Ph.D. @eredmil1

Implicit Authentication for Mobile Devices by @umdcs @CollegeParkMC2 Elaine Shi cited on the big screen at #soups2015

Maria Wolters @mariawolters

Khan: How security concerns and usability issues affect adoption intention? Two-part study of (pseudo) touch behavior #soups2015

Maria Wolters @mariawolters

Khan: In the field study, users were interrupted during actual tasks with authentication requests. #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

#soups2015 paper: evaluated annoyance levels w/ 5%, 10%, 20% false reject rate from implicit #authentication #infosec bit.ly/1CZgL4Q

Elissa M. Redmiles, Ph.D. @eredmil1

Of 37 participants, 33% use pattern lock, 24% Pin, 38% no auth for #mobile device - #soups2015 paper: bit.ly/1CZgL4Q #infosec

Maria Wolters @mariawolters

Khan: In the field study, false reject rates were modified (5-20%). Good spread of ages, 40% didn't use authentication #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

Despite interruptions, overall time to complete a task on #mobile decreased by 7% when using implicit #authentication #soups2015

Sarah Matthews @sarahfmatthews

@waitrose You’ve just e-mailed me saying “Summer is for ice cream” It’s the coldest day in weeks and it’s pouring with rain. #soups2015

Maria Wolters @mariawolters

Khan: People sometimes lost their train of thoughts. Answers to whether system is annoying depend on how it's phrased #soups2015

Maria Wolters @mariawolters

The talk about location-based passwords I tweeted earlier was given by @aesdeluca. #soups2015

Maria Wolters @mariawolters

Khan: False accepts were a concern. 2 out of 3 were fine with using implicit authentication as primary or secondary solution #soups2015

Martin Ortlieb @uxprivacy

I wonder whether people *feel* 7%, though... IOW, is optimisation here the right approach? #soups2015 #cynic twitter.com/eredmil1/statu…

Maria Wolters @mariawolters

User comments: "Does the lock exist or not?" "Interruptions are annoying, but as soon as I see it, I know it protects me." #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

Interrupts from Implicit #authentication = possible source of annoyance, BUT, reinforces that device is protected! #soups2015

Maria Wolters @mariawolters

Khan: the usability/security tradeoffs of implicit authentication means that it might be a feasible alternative. #soups2015

Maria Wolters @mariawolters

Now: Watanabe et al. on inconsistency between descriptions and use of privacy sensitive resources in mobile apps #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

Next up: Understanding Inconsistencies btw Text descript & #Privacy sensative resources of #mobile #apps #soups2015 bit.ly/1DBZcD0

Maria Wolters @mariawolters

Watanabe: People don't really understand or pay attention to privacy info during installation. #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

Research @: why do test descriptions of #mobile #apps not refer to #privacy sensitive resources? #soups2015 bit.ly/1DBZcD0

Maria Wolters @mariawolters

Watanabe: Idea is to look at text descriptions, which are read. What potential privacy issues are mentioned? #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

methods for analyzing text descript. of #privacy resources in #mobile apps - #code analysis & text #classification #datascience #soups2015

Maria Wolters @mariawolters

Watanabe: Code analysis identifies use of privacy-sensitive resources, app text description is searched for mention of this use #soups2015

Maria Wolters @mariawolters

Watanabe: app descriptions are analyzed using an automatic classifier that uses keywords to spot mentions of privacy resources #soups2015

Elissa M. Redmiles, Ph.D. @eredmil1

Text #classifier can divide description into two classes: API used/un-used-> then extract #keywords #mobile #app #security #soups2015