||An Authentication Framework for Nomadic Users in Ubiquitous Computing
||Ahmed, Naveed (Embedded Systems Engineering, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
||Jensen, Christian D. (Embedded Systems Engineering, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
||Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
||Security and usability are often horn locked and at times, security experts tend to make a system more
secure on expense of usability. For nomadic users, however, this approach is highly undesirable and due
to poor resultant usability, users start feeling the need to circumvent the security mechanism. Although
designed with a high level of security, such a system becomes quite vulnerable to various security threats.
One of the best example of this is classic password based authentication mechanism when used by
nomadic users. For instance in hospitals, patients' treatment is at top priority. Doctors and nurses are
usually in urgency and also often require to authenticate for a couple of times within a single hour, to
access sensitive patients' health data. It is also very typical that a single terminal is being shared by many
staff members, over a course of time. Moreover, they often need to delegate their duties to other co-
workers. In most of these places, people tend to use short and easy passwords, going out with out logout,
sharing passwords with colleagues, etc. As a consequence, security of the system has deteriorated
considerably in the trade off with usability of the authentication mechanism.
After analyzing these types of usability problems, we have compiled a list of key requirements which
must be considered while designing an authentication mechanism for nomadic use. These requirements
specify the nature of user interaction in an authentication mechanism and are aimed to improve usability
experience as well as the effective security of a system. To meet these requirements, we have proposed a
network based authentication framework, called NDAF (Nomadic Delegation and Authentication
Framework). This framework supports zero interaction, persistent and multi factor techniques. We have
also introduced the concept of delegation at user authentication level in the framework. This is essentially
equivalent to giving one's password to another person, but is secure, persistent and accountable.
Furthermore, due to distributed network nature, its integration with session migration is trivial.
A prototype of the proposed authentication framework has been developed, which supports persistent
and multi-factor authentication without the active intervention of a user. We have used device centric
authentication based on RFID tags, which represents a single branch in multi-factor authentication. The
client and the server part of the mechanism are present on a single computer. This implemented
mechanism also supports multiple simultaneous active sessions and authentication level user delegation.
Currently, we have not demonstrated session migration features in our experiment due to time constraints
for the project.
We have evaluated the developed mechanism from both usability and security perspective, and have
compared it to classic knowledge based authentication. The evaluation shows that by abating usability
constraints, an increase in the effective level of security is achieved. Also, it is evident from our
experiment that it saves substantial time of nomadic users which otherwise is being drained while
authenticating. Thus it can provide users with more job satisfaction and increased level security, which
definitely contribute to organizational productivity.
||TRITA number is assigned by Royal Institute of Technology, Sweden.
||Technical University of Denmark (DTU) : Kgs. Lyngby, Denmark
||Security; Usability; Authentication; Delegation; Nomadic Users; Persistent Authentication; Zero-Interaction; NDAF
Creation date: 2009-06-17
Update date: 2009-12-11