The Trouble with Login Jakob E. Bardram
Is login a usability problem?
2
Identification & authentication • Basic to all security – Identification – Verification or authentication – Authorization
• Introduced with time-sharing multi-user computer – PDP-11, UNIX – Networked PCs
• Early mini’s and PCs did not have login – PDP-1 & PDP-8 – Apple II – IBM PC
3
Outline of Talk • Part I – Motivation and Challenges – Scientific Background and Research Approach – Studies of login in Hospitals – Challenges to login
• Part II – Technology support for User Authentication in Ubiquitous Computing – Application Roaming ~ Session migration – Proximity-based user authentication – Silent login
• Part III – Ongoing and Future Work
4
Background • Traditionally – 1:1 relationship between a user and the computer – Seldom login – Change computer once every second year
• Pervasive Computing – m:m relationship – Frequent login – Change computer every hour or minute
• Challenges in a pervasive computing environment – Mobility (PDA, Phones, WLAN, UMTS, …) – Personal devices vs. Public Computers – ”Invisble” or ”Embedded” computers
• Are we required to log in to our refrigerator? Source: J.E. Bardram. The Trouble with Login - On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6):357-367, 2005.
5
Field Study • Ethomethodologically-oriented investigation – Participant observation, Interviews, Data analysis
• The site – department T – Surgical department for hearts & lungs – Focus on the ward – Using an Electronic Patient Record (EPR) • Classical client-server, thick clients, db server • 2(A) + 6(B) 2 + 1(C) PC at the ward
6
7
Findings from Field Studies • Apparent findings – – – – – –
Typing in username and passwords is cumbersome 30-40 logins for a nurse a day Login time 1-3 min Often workstations were locked by a user … or left open Login was often circumvented
• HOWEVER – we found that there is much more at stake here
Source: J.E. Bardram. The Trouble with Login - On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6):357-367, 2005.
8
Fast Pace • Clinical work happens in a fast pace while login causes focus shift
– “Before we got the EPR, I would have finished the task I was doing before I left the patient’s room. Now I have to remember a lot in order to enter it into the system later.”
9
Nomadic work • Medical work is nomadic while login is fixed to one computer
10
Interruptions • Login contradicts the interrupted nature of medical work
11
Collaboration • Medical work is collaborative using shared material while login is intended for single user activities
12
13
14
15
Findings from Field Studies • More fundamental findings – Clinical work happens in a fast pace while login causes focus shift – Medical work is nomadic while login is fixed to one computer – Login contradicts the interrupted nature of medical work – Medical work is collaborative using shared material while login is intended for single user activities
Source: J.E. Bardram. The Trouble with Login - On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6):357-367, 2005.
16
Concepts for User Authentication in UbiComp • Application Roaming – The user sessions roams around the hospital with the user
• Proximity-Based User Authentication – Login by approaching the “computer” – Context-aware – Secure
• Silent User Authentication – Support for Co-located Cooperation – Shared login – Maintains traceability
17
Proximity-Based User Authentication • Requirements – Secure – Triggered by proximity to ‘device’ – Active gesturing – Support for logout
• Design – Uses a physical token • Token for active gestures • Cryptographic unit
– Context-aware • Verify location • Logout
– Fall-back mechanisms 1. Automatic 2. Password 3. Username + Password
Source: J.E. Bardram, R.E. Kjær & M.Ø. Pedersen. Context-Aware User Authentication – Supporting Proximity-Based Login in Pervasive Computing. In Proceedings of UbiComp 2003, pages 107-123, Seattle, Washington, USA, oct 2003.
18
The PBUA Protocol • The token (Java Smartcard) holds – User id – User password – Pair of secret key and public key (KS , KP)
• RSA key pair is generated by the card – KS is saved on card – KP is saved centrally with the id
19
Proof-of-Concept Implementation • Smart Card – Using IBM JCOP SDK (Java Card) – Smartcard Open platform standards – Contactless Smart Card Reader from Philips
• The authentication applet – Uses 512 – 2048 bit keys – Encryption in PKCS#1 – Signatures uses SHA 1 hash
• The Java ContextAwareness Framework (JCAF) – Uses passive RFID for location
• A client running the protocol
20
Silent Login
21
Silent Login • Uses the proximity-based login scheme and technology • Based on the ABC Framework • Protocol: – A user is authenticated using the PBUA protocol – if (an activity is resumed) { • keep the activity active • log out the current user by sending a “logout” event to all ABC applications • send a “login” event to all ABC applications • each ABC application adapts to the new user context
– } else { • login the user • resume the last activity
– } 22
Current Work • User Authentication in Operating Rooms – Moving user authentication away form the interface – .. and out in the physical context
• TrustCare – Trustworthy Computing in Healthcare – Perceived Trust and Security
23
Acknowlegdement • Studies with – Christina Nielsen – Thomas Kjær – Claus Bossen
• Design with – Henrik Bærbak Christensen – Claus Bossen – Anders Kaare Olsen
• Funding from – The Danish Center for Information Technology (CIT)
24
Contact details • Jakob Bardram –
[email protected] – www.itu.dk/~bardram
25