Beta 1

Title An Authentication Framework for Nomadic Users in Ubiquitous Computing
Author Ahmed, Naveed (Embedded Systems Engineering, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Supervisor Jensen, Christian D. (Embedded Systems Engineering, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2009
Abstract Security and usability are often horn locked and at times, security experts tend to make a system more secure on expense of usability. For nomadic users, however, this approach is highly undesirable and due to poor resultant usability, users start feeling the need to circumvent the security mechanism. Although designed with a high level of security, such a system becomes quite vulnerable to various security threats. One of the best example of this is classic password based authentication mechanism when used by nomadic users. For instance in hospitals, patients' treatment is at top priority. Doctors and nurses are usually in urgency and also often require to authenticate for a couple of times within a single hour, to access sensitive patients' health data. It is also very typical that a single terminal is being shared by many staff members, over a course of time. Moreover, they often need to delegate their duties to other co- workers. In most of these places, people tend to use short and easy passwords, going out with out logout, sharing passwords with colleagues, etc. As a consequence, security of the system has deteriorated considerably in the trade off with usability of the authentication mechanism. After analyzing these types of usability problems, we have compiled a list of key requirements which must be considered while designing an authentication mechanism for nomadic use. These requirements specify the nature of user interaction in an authentication mechanism and are aimed to improve usability experience as well as the effective security of a system. To meet these requirements, we have proposed a network based authentication framework, called NDAF (Nomadic Delegation and Authentication Framework). This framework supports zero interaction, persistent and multi factor techniques. We have also introduced the concept of delegation at user authentication level in the framework. This is essentially equivalent to giving one's password to another person, but is secure, persistent and accountable. Furthermore, due to distributed network nature, its integration with session migration is trivial. A prototype of the proposed authentication framework has been developed, which supports persistent and multi-factor authentication without the active intervention of a user. We have used device centric authentication based on RFID tags, which represents a single branch in multi-factor authentication. The client and the server part of the mechanism are present on a single computer. This implemented mechanism also supports multiple simultaneous active sessions and authentication level user delegation. Currently, we have not demonstrated session migration features in our experiment due to time constraints for the project. We have evaluated the developed mechanism from both usability and security perspective, and have compared it to classic knowledge based authentication. The evaluation shows that by abating usability constraints, an increase in the effective level of security is achieved. Also, it is evident from our experiment that it saves substantial time of nomadic users which otherwise is being drained while authenticating. Thus it can provide users with more job satisfaction and increased level security, which definitely contribute to organizational productivity.
Note TRITA number is assigned by Royal Institute of Technology, Sweden.
Imprint Technical University of Denmark (DTU) : Kgs. Lyngby, Denmark
Pages 81
Series TRITA
Keywords Security; Usability; Authentication; Delegation; Nomadic Users; Persistent Authentication; Zero-Interaction; NDAF
Original PDF Masters_Thesis.pdf (0.94 MB)
Admin Creation date: 2009-06-17    Update date: 2009-12-11    Source: dtu    ID: 244915    Original MXD