Ubicomp’18: securing clinical desktops with smart wristbands

Authentication has become an integral part of computer usage, but it still remains an interruptive step in people’s workflow. To authenticate to a computer, depending on the authentication method, users must exert mental effort (e.g., recall their password) and/or physical effort (e.g., type their password). These factors increase the cost of context switch for users – cost of switching attention from a primary task to the authentication step and back to the task – disrupting users’ workflow.  Clinical staff have often told us they are frustrated by the need to repeatedly log into their clinical desktop computers – sometimes hundreds of times in a day.

In this paper, presented by David Kotz at Ubicomp’18 in Singapore, we propose Seamless Authentication using Wristbands (SAW). SAW is an authentication method designed to address this shortcoming of proximity-based authentication methods, and we do so by adding a quick low-effort user input step that explicitly captures user intentionality for authentication. In SAW, the user’s wristband (e.g., fitness tracker, smartwatch) acts as the user’s authentication token.  Read more below, and in the paper.

SAW-dfk.JPGShrirang Mare, Reza Rawassizadeh, Ronald Peterson, and David Kotz. SAW: Wristband-based authentication for desktop computers. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (Ubicomp), 2(3), September 2018. DOI 10.1145/3264935.

Abstract: Token-based proximity authentication methods that authenticate users based on physical proximity are effortless, but lack explicit user intentionality, which may result in accidental logins. For example, a user may get logged in when she is near a computer or just passing by, even if she does not intend to use that computer. Lack of user intentionality in proximity-based methods makes them less suitable for multi-user shared computer environments, despite their desired usability benefits over passwords.

We present an authentication method for desktops called Seamless Authentication using Wristbands (SAW), which addresses the lack of intentionality limitation of proximity-based methods. SAW uses a low-effort user input step for explicitly conveying user intentionality, while keeping the overall usability of the method better than password-based methods. In SAW, a user wears a wristband that acts as the user’s identity token, and to authenticate to a desktop, the user provides a low-effort input by tapping a key on the keyboard multiple times or wiggling the mouse with the wristband hand. This input to the desktop conveys that someone wishes to log in to the desktop, and SAW verifies the user who wishes to log in by confirming the user’s proximity and correlating the received keyboard or mouse inputs with the user’s wrist movement, as measured by the wristband. In our feasibility user study (n=17), SAW proved quick to authenticate (within two seconds), with a low false-negative rate of 2.5% and worst-case false-positive rate of 1.8%. In our user perception study (n=16), a majority of the participants rated it as more usable than passwords.

This entry was posted in Uncategorized by David Kotz. Bookmark the permalink.

About David Kotz

David Kotz is the Provost, the Pat and John Rosenwald Professor in the Department of Computer Science, and the Director of Emerging Technologies and Data Analytics in the Center for Technology and Behavioral Health, all at Dartmouth College. He previously served as Associate Dean of the Faculty for the Sciences and as the Executive Director of the Institute for Security Technology Studies. His research interests include security and privacy in smart homes, pervasive computing for healthcare, and wireless networks. He has published over 240 refereed papers, obtained $89m in grant funding, and mentored nearly 100 research students. He is an ACM Fellow, an IEEE Fellow, a 2008 Fulbright Fellow to India, a 2019 Visiting Professor at ETH Zürich, and an elected member of Phi Beta Kappa. He received his AB in Computer Science and Physics from Dartmouth in 1986, and his PhD in Computer Science from Duke University in 1991.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s