skip to main content
10.1145/2638728.2641705acmconferencesArticle/Chapter ViewAbstractPublication PagesubicompConference Proceedingsconference-collections
research-article

To have and have not: variations on secret sharing to model user presence

Published: 13 September 2014 Publication History

Abstract

We address the problem of locking and unlocking a device, such as a laptop, a phone or a security token, based on the absence or presence of the user. We detect user presence by sensing the proximity of a subset of their possessions, making the process automatic and effortless. As in previous work, a master key unlocks the device and a secret-sharing scheme allows us to reconstruct this master key in the presence of k-out-of-n items. We extend this basic scheme in various directions, e.g. by allowing items to issue a dynamically variable number of shares based on how confident they are that the user is present. The position we argue in this paper is that a multi-dimensional approach to authentication that fuses several contextual inputs, similar to that already adopted by major web sites, can also bring advantages at the local scale.

References

[1]
Blakley, G. Safeguarding cryptographic keys. In Proceedings of the 1979 AFIPS National Computer Conference, vol. 48, AFIPS Press (1979), 313--317.
[2]
Bonneau, J., Herley, C., van Oorschot, P., and Stajano, F. The past, present and future of password authentication on the web. (In submission).
[3]
Desmedt, Y., Burmester, M., Safavi-Naini, R., and Wang, H. Threshold things that think (t4): Security requirements to cope with theft of handheld/handless internet devices. In Symposium on Requirements Engineering for Information Security (2001).
[4]
Jenkinson, G., Spencer, M., Warrington, C., and Stajano, F. I bought a new security token and all I got was this lousy phish---Relay attacks on visual code authentication schemes. In Proceedings of Security Protocols Workshop 2014, Bruce Christianson et al., Ed., LNCS, Springer (2014). (To appear).
[5]
Krause, F. Designing secure & usable picosiblings: An exploration of potential pairing mechanisms. Master's thesis, University of Cambridge, 2014.
[6]
Mantyjarvi, J., Lindholm, M., Vildjiounaite, E., Makela, S., and Ailisto, H. Identifying users of portable devices from gait pattern with accelerometers. In IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP'05), vol. 2 (2005).
[7]
Peeters, R. Security Architecture for Things That Think. PhD thesis, K. U. Leuven, June 2012.
[8]
Peeters, R., Kohlweiss, M., and Preneel, B. Threshold things that think: Authorisation for resharing. In Proceedings of iNetSec 2009 --- Research Problems in Network Security, J. Camenisch and D. Kesdogan, Eds., vol. 309 of IFIP Advances in Information and Communication Technology (Zurich, CH, 2009), 111--124.
[9]
Peeters, R., Kohlweiss, M., Preneel, B., and Sulmon, N. Threshold things that think: usable authorization for resharing. In SOUPS, L. F. Cranor, Ed., ACM (2009).
[10]
Shamir, A. How to share a secret. Commun. ACM 22, 11 (Nov. 1979), 612--613.
[11]
Stajano, F. The resurrecting duckling --- what next? In Proceedings of Security Protocols Workshop, B. Christianson, B. Crispo, and M. Roe, Eds., vol. 2133 of LNCS, Springer (2000), 204--214.
[12]
Stajano, F. Pico: no more passwords! In Proceedings of the 19th International Conference on Security Protocols, SP'11, Springer-Verlag (2011), 49--81.
[13]
Stajano, F., Jenkinson, G., Payne, J., Spencer, M., Staórd-Fraser, Q., and Warrington, C. Bootstrapping adoption of the Pico password replacement system. In Proceedings of Security Protocols Workshop 2014, Bruce Christianson et al., Ed., LNCS, Springer (2014). (To appear).
[14]
Toader, C. User authentication for pico: When to unlock a security token. Master's thesis, University of Cambridge, 2014.

Cited By

View all
  • (2016)Low-Cost Mitigation Against Cold Boot Attacks for an Authentication TokenApplied Cryptography and Network Security10.1007/978-3-319-39555-5_3(36-57)Online publication date: 9-Jun-2016

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
UbiComp '14 Adjunct: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication
September 2014
1409 pages
ISBN:9781450330473
DOI:10.1145/2638728
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 September 2014

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Funding Sources

Conference

UbiComp '14
UbiComp '14: The 2014 ACM Conference on Ubiquitous Computing
September 13 - 17, 2014
Washington, Seattle

Acceptance Rates

Overall Acceptance Rate 764 of 2,912 submissions, 26%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2016)Low-Cost Mitigation Against Cold Boot Attacks for an Authentication TokenApplied Cryptography and Network Security10.1007/978-3-319-39555-5_3(36-57)Online publication date: 9-Jun-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media