the

The Trouble with Login Jakob E. Bardram Is login a usability problem? 2 Identification & authentication • Basic to ...
2 downloads 103 Views 3MB Size
DOWNLOAD .PDF
The Trouble with Login Jakob E. Bardram

Is login a usability problem?

2

Identification & authentication • Basic to all security – Identification – Verification or authentication – Authorization

• Introduced with time-sharing multi-user computer – PDP-11, UNIX – Networked PCs

• Early mini’s and PCs did not have login – PDP-1 & PDP-8 – Apple II – IBM PC

3

Outline of Talk • Part I – Motivation and Challenges – Scientific Background and Research Approach – Studies of login in Hospitals – Challenges to login

• Part II – Technology support for User Authentication in Ubiquitous Computing – Application Roaming ~ Session migration – Proximity-based user authentication – Silent login

• Part III – Ongoing and Future Work

4

Background • Traditionally – 1:1 relationship between a user and the computer – Seldom login – Change computer once every second year

• Pervasive Computing – m:m relationship – Frequent login – Change computer every hour or minute

• Challenges in a pervasive computing environment – Mobility (PDA, Phones, WLAN, UMTS, …) – Personal devices vs. Public Computers – ”Invisble” or ”Embedded” computers

• Are we required to log in to our refrigerator? Source: J.E. Bardram. The Trouble with Login - On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6):357-367, 2005.

5

Field Study • Ethomethodologically-oriented investigation – Participant observation, Interviews, Data analysis

• The site – department T – Surgical department for hearts & lungs – Focus on the ward – Using an Electronic Patient Record (EPR) • Classical client-server, thick clients, db server • 2(A) + 6(B) 2 + 1(C) PC at the ward

6

7

Findings from Field Studies • Apparent findings – – – – – –

Typing in username and passwords is cumbersome 30-40 logins for a nurse a day Login time 1-3 min Often workstations were locked by a user … or left open Login was often circumvented

• HOWEVER – we found that there is much more at stake here

Source: J.E. Bardram. The Trouble with Login - On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6):357-367, 2005.

8

Fast Pace • Clinical work happens in a fast pace while login causes focus shift

– “Before we got the EPR, I would have finished the task I was doing before I left the patient’s room. Now I have to remember a lot in order to enter it into the system later.”

9

Nomadic work • Medical work is nomadic while login is fixed to one computer

10

Interruptions • Login contradicts the interrupted nature of medical work

11

Collaboration • Medical work is collaborative using shared material while login is intended for single user activities

12

13

14

15

Findings from Field Studies • More fundamental findings – Clinical work happens in a fast pace while login causes focus shift – Medical work is nomadic while login is fixed to one computer – Login contradicts the interrupted nature of medical work – Medical work is collaborative using shared material while login is intended for single user activities

Source: J.E. Bardram. The Trouble with Login - On Usability and Computer Security in Ubiquitous Computing. Personal and Ubiquitous Computing, 9(6):357-367, 2005.

16

Concepts for User Authentication in UbiComp • Application Roaming – The user sessions roams around the hospital with the user

• Proximity-Based User Authentication – Login by approaching the “computer” – Context-aware – Secure

• Silent User Authentication – Support for Co-located Cooperation – Shared login – Maintains traceability

17

Proximity-Based User Authentication • Requirements – Secure – Triggered by proximity to ‘device’ – Active gesturing – Support for logout

• Design – Uses a physical token • Token for active gestures • Cryptographic unit

– Context-aware • Verify location • Logout

– Fall-back mechanisms 1. Automatic 2. Password 3. Username + Password

Source: J.E. Bardram, R.E. Kjær & M.Ø. Pedersen. Context-Aware User Authentication – Supporting Proximity-Based Login in Pervasive Computing. In Proceedings of UbiComp 2003, pages 107-123, Seattle, Washington, USA, oct 2003.

18

The PBUA Protocol • The token (Java Smartcard) holds – User id – User password – Pair of secret key and public key (KS , KP)

• RSA key pair is generated by the card – KS is saved on card – KP is saved centrally with the id

19

Proof-of-Concept Implementation • Smart Card – Using IBM JCOP SDK (Java Card) – Smartcard Open platform standards – Contactless Smart Card Reader from Philips

• The authentication applet – Uses 512 – 2048 bit keys – Encryption in PKCS#1 – Signatures uses SHA 1 hash

• The Java ContextAwareness Framework (JCAF) – Uses passive RFID for location

• A client running the protocol

20

Silent Login

21

Silent Login • Uses the proximity-based login scheme and technology • Based on the ABC Framework • Protocol: – A user is authenticated using the PBUA protocol – if (an activity is resumed) { • keep the activity active • log out the current user by sending a “logout” event to all ABC applications • send a “login” event to all ABC applications • each ABC application adapts to the new user context

– } else { • login the user • resume the last activity

– } 22

Current Work • User Authentication in Operating Rooms – Moving user authentication away form the interface – .. and out in the physical context

• TrustCare – Trustworthy Computing in Healthcare – Perceived Trust and Security

23

Acknowlegdement • Studies with – Christina Nielsen – Thomas Kjær – Claus Bossen

• Design with – Henrik Bærbak Christensen – Claus Bossen – Anders Kaare Olsen

• Funding from – The Danish Center for Information Technology (CIT)

24

Contact details • Jakob Bardram – [email protected] – www.itu.dk/~bardram

25