TY - GEN
T1 - Towards usable and secure location-based smartphone authentication
AU - Cho, Geumhwan
AU - Kwag, Sungsu
AU - Huh, Jun Ho
AU - Kim, Bedeuro
AU - Lee, Choong Hoon
AU - Kim, Hyoungshick
N1 - Publisher Copyright:
© is held by the author/owner. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. USENIX Symposium on Usable Privacy and Security (SOUPS) 2021.
PY - 2021
Y1 - 2021
N2 - The concept of using location information to unlock smart-phones is widely available on Android phones. To date, however, not much research has been conducted on investigating security and usability requirements for designing such location-based authentication services. To bridge this gap, we interviewed 18 participants, studying users' perceptions and identifying key design requirements such as the need to support fine-grained indoor location registration and location (unlock coverage) size adjustment. We then conducted a field study with 29 participants and a fully-functioning application to study real-world usage behaviors. On average, the participants were able to reduce about 36% of manual unlock attempts by using our application for three weeks. 28 participants enduringly used registered locations to unlock their phones despite being able to delete them during the study and unlock manually instead. Worryingly, however, 23 participants registered at least one insecure location - defined as a location where an unwanted adversary can physically access their phones - as a trusted location mainly due to convenience or low (perceived) likelihood of phones being attacked. 52 out of 65 total registered locations were classified as insecure by the definition above. Interestingly, regardless of whether locations were considered secure or insecure, the participants preferred to select large phone unlock coverage areas.
AB - The concept of using location information to unlock smart-phones is widely available on Android phones. To date, however, not much research has been conducted on investigating security and usability requirements for designing such location-based authentication services. To bridge this gap, we interviewed 18 participants, studying users' perceptions and identifying key design requirements such as the need to support fine-grained indoor location registration and location (unlock coverage) size adjustment. We then conducted a field study with 29 participants and a fully-functioning application to study real-world usage behaviors. On average, the participants were able to reduce about 36% of manual unlock attempts by using our application for three weeks. 28 participants enduringly used registered locations to unlock their phones despite being able to delete them during the study and unlock manually instead. Worryingly, however, 23 participants registered at least one insecure location - defined as a location where an unwanted adversary can physically access their phones - as a trusted location mainly due to convenience or low (perceived) likelihood of phones being attacked. 52 out of 65 total registered locations were classified as insecure by the definition above. Interestingly, regardless of whether locations were considered secure or insecure, the participants preferred to select large phone unlock coverage areas.
UR - https://www.scopus.com/pages/publications/85114467295
M3 - Conference contribution
AN - SCOPUS:85114467295
T3 - Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021
SP - 1
EP - 15
BT - Proceedings of the 17th Symposium on Usable Privacy and Security, SOUPS 2021
PB - USENIX Association
T2 - 17th Symposium on Usable Privacy and Security, SOUPS 2021
Y2 - 9 August 2021 through 10 August 2021
ER -