Please note: This master’s thesis presentation will be given online.
Matthew Rafuse, Master’s candidate
David R. Cheriton School of Computer Science
Supervisor: Professor Urs Hengartner
In modern life, the usage of smart devices like smartphones and laptops that allow for access to information, communication with friends and colleagues and other indispensable services has become ubiquitous. People have gradually taken to performing more and more of their daily tasks on and through these devices. Therefore, all modern smart devices employ some form of authentication to ensure that access to this confidential data by the wrong person is avoided. This authentication method is usually some form of explicit authentication, which can be detrimental to the user’s experience, often leading to users forgoing authentication entirely.
Implicit authentication aims to limit the amount of explicit authentications that are necessary for the user, using passive approaches to authenticate the user instead. Context detection frameworks aim to reduce explicit authentications by disabling explicit authentication entirely when appropriate. Since these two approaches are not mutually exclusive, there exist frameworks that will use the context around them to make decisions when authenticating on which approach to use. This combination of context detection with implicit authentication is the approach taken in this work, though we focus mainly on the context detection part of this hybrid approach.
We aim to build upon existing works through wider applicability, better accuracy through numerous data sources, and most importantly, an optimistic approach to context detection. We build a framework based on the assumption that the absence of data can, in some cases, be taken as a sign the context is safe. This optimistic approach provides a less secure method of determining the context of the device, but simultaneously provides a significantly improved user experience.
In this thesis, we outline a theoretical context detection framework that is based on a novel set of values. These values are called privacy, unfamiliarity and proximity, each describing a different aspect of the current context. Privacy tracks the privacy of the current context, while unfamiliarity tracks how many unfamiliar people are around. Finally, proximity estimates the distance between the device and the user. These values are calculated using a method we devise that better adapts to different contexts. We provide an Android implementation of the framework, including an API that allows other developers to contribute modules to the system. These modules can provide additional input data for PUPy, or build functionality that uses the calculated values. Finally, we evaluate the theoretical framework, using two datasets — Cambridge/Haggle and the MDC dataset. We conduct visual and statistical analysis of how the system functions using data from the datasets. Through this analysis, we find that PUPy compares favourably to existing works, permitting a 77.2% reduction in the number of explicit authentications.
To join this master’s thesis presentation on BigBlueButton, please go to https://bbb.crysp.org/b/mat-mmh-9jk.
200 University Avenue West
Waterloo, ON N2L 3G1