Towards Usable and Secure Location-based Smartphone Authentication

Authors: 

Geumhwan Cho, Sungkyunkwan University, South Korea; Sungsu Kwag and Jun Ho Huh, Samsung Research, South Korea; Bedeuro Kim, Sungkyunkwan University, South Korea; Choong-Hoon Lee, Samsung Research, South Korea; Hyoungshick Kim, Sungkyunkwan University, South Korea

Abstract: 

The concept of using location information to unlock smartphones is widely available on Android phones. To date, however, not much research has been conducted on investigating security and usability requirements for designing such location-based authentication services. To bridge this gap, we interviewed 18 participants, studying users' perceptions and identifying key design requirements such as the need to support fine-grained indoor location registration and location (unlock coverage) size adjustment. We then conducted a field study with 29 participants and a fully-functioning application to study real-world usage behaviors. On average, the participants were able to reduce about 36% of manual unlock attempts by using our application for three weeks. 28 participants enduringly used registered locations to unlock their phones despite being able to delete them during the study and unlock manually instead. Worryingly, however, 23 participants registered at least one insecure location - defined as a location where an unwanted adversary can physically access their phones - as a trusted location mainly due to convenience or low (perceived) likelihood of phones being attacked. 52 out of 65 total registered locations were classified as insecure by the definition above. Interestingly, regardless of whether locations were considered secure or insecure, the participants preferred to select large phone unlock coverage areas.

SOUPS 2021 Open Access Videos Sponsored by
Ethyca

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {274413,
author = {Geumhwan Cho and Sungsu Kwag and Jun Ho Huh and Bedeuro Kim and Choong-Hoon Lee and Hyoungshick Kim},
title = {Towards Usable and Secure Location-based Smartphone Authentication},
booktitle = {Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
year = {2021},
isbn = {978-1-939133-25-0},
pages = {1--16},
url = {https://www.usenix.org/conference/soups2021/presentation/cho},
publisher = {USENIX Association},
month = aug
}

Presentation Video