CAREER: Science of Security for Mobile User Authentication

Mobile devices contain a collection of personal, private, and financial information that, if accessed by an unauthorized user, has the potential to be severely compromising. Thus, it is important for mobile devices to verify whether their users are allowed to access the device and its services. We call this mobile authentication, and it is frequent, prevalent, and necessary. The need to protect data from unauthorized access is important to understand, irrespective of whether an end-user ultimately opts out of using authentication. It is incumbent on manufacturers and researchers to provide usable and secure methods that everyone can use. To reach that point requires solid scientific understanding. This project will scientifically evaluate the metrics and measurement techniques for accurately assessing mobile authentication, and use those metrics to drive the design of new authentication systems.

The project is motivated by the following observations: 1) people are switching from desktops to smartphones as their main computing and Internet platform, 2) mobile platforms provide opportunities for ingenious authentication methods, and 3) although the scientific and engineering community is producing many solutions to mobile authentication, the underlying trade-offs and science behind mobile authentication are not well understood. This project uniquely integrates research and education and promotes underrepresented students in Science, Technology, Engineering and Mathematics (STEM) in K-12, high school, undergraduate and graduate studies. This is an interdisciplinary project that leverages several disciplines including security engineering, mobile computing and human-computer interaction. This project will advance fundamental knowledge on user authentication and security. Towards that end, the project will 1) develop a framework grounded in statistical error analysis for evaluating user authentication systems, 2) create guidelines on how to evaluate and design experiments to ensure comparability and reproducibility, 3) study the cognitive processes that impact secret-knowledge based authentication systems, 4) design, prototype, and implement, novel lightweight mobile-friendly authentication systems, and 5) explore innovative approaches that prevent cognitive overload and ensure security while mobile.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.