In this paper; we focus on usability of authentication for nomadic users in a ubiquitous computing environment. We identify requirements for authentication of nomadic users and propose an authentication framework for this class of users. A prototype of the proposed authentication framework has been developed; which supports persistent and multifactor authentication without the active intervention of a user.
We evaluate the usability of the developed mechanism by considering the time required to authenticate when logging in to a workstation and compare this to classic password based authentication. The evaluation shows that the proposed mechanism saves a significant amount of time for the nomadic users; which reduces the incentive to circumvent the authentication mechanism. Thus; the mechanism will both provide users with better job satisfaction and increased organizational efficiency; while at the same time increase the effective level of security of the system.
Keywords: Security; Usability; Ubiquitous Computing; Nomadic Users; Authentication
NODES 09: NOrdic workshop and doctoral symposium on DEpendability and Security; LinkĂ¶ping; Sweden; April 27; 2009
 Lin Hong; Anil K. Jain; and Sharath Pankanti; â Can multibiometrics improve performanceâ; Technical Report MSUCSE9939; Department of Computer Science; Michigan State University; 1999.
 Imran Naseem and Ajmal Mian; âUser Verification by Combining Speech and Face Biometrics in Videoâ; Advances in Visual Computing; ISBN 9783540896456; Pg. 482492; 2008.
 Sundararaman Jeyaraman and Umut Topkara ; âHave the cake and eat it too â Infusing usability into textpassword based authentication systemsâ; Proceedings of the 21st ACSAC; Pg. 473 â482; 2005.
 D. Davis; F. Monrose and M. K. Reiter; âOn User Choice in Graphical Password Schemes;â In Proceedings of the 13th UNIX Security Symposium; August 2004.
 Nicholas J. Hopper and Manuel Blum; âA secure human computer authentication schemesâ; CMUCS00139; School of Computer Science; Carneige Mellon University; May 2000.
 Cynthia Kuo; Sasha Romanosky and Lorrie Faith Cranor; âHuman Selection of Mnemonic Phrasebased Passwordsâ; ACM International Conference Proceeding Series Vol. 149; Pg. 67â78; 2006.
 Mark D. Corner and Brian D. Noble; âZerointeraction authenticationâ; Proceedings of the 8th annual international conference on Mobile computing and networking Atlanta; Georgia; Pg. 1â11; 2002.
 Einar Jonsson; âCoAuthentication A Probabilistic Approach to Authenticationâ; Master’s thesis; IMMThesis200783; Informatics and Mathematical Modeling; Technical University of Denmark; DTU; 2007.
 Bruce L. Riddle; Murray S. Miron; and Judith A. Semo; âPasswords in use in a university timesharing environmentâ; Computers and Security Vol 8 (7); Pg. 569 â 578; November 1989.
 Daniel V. Klein; âFoiling the cracker: A survey of; and improvements to; password securityâ; Proceedings of the second USENIX Workshop on Security; Pg. 514; July 1990.
 Jakob E. Bardram; Rasmus E. KjĂŠr; and Michael Ă. Pedersen; âContextAware User Authentication: Supporting ProximityBased Login in Pervasiveâ; UbiComp 2003: Ubiquitous Computing; Pg. 107123; 2003.
 Mark D. Corner; Brian D. Noble; âProtecting applications with transient authenticationâ; Proceedings of the 1st international conference on Mobile systems; San Francisco; California; Pg. 57 â 70; 2003.
 F. Bennett; T. Richardson; and A. Harter; âTeleportingMaking Applications Mobileâ; Proceedings of the IEEE Workshop on Mobile Computer Systems and Applications; Pg. 82â84; 1994.
 B. Brumitt; B. Meyers; J. Krumm; A. Kern and S. Shafer; âEasyLiving: Technologies for Intelligent Environmentsâ; Handheld and Ubiquitous Computing; Pg. 97119; 2000.
 A. Ward; A. Jones; and A. Hopper; âA new location technique for the active officeâ; IEEE Personal Communications; Vol. 4(5); Pg. 4247; October 1997.
 Daniel M. Russell and Rich Gossweiler; âOn the Design of Personal & Communal Large Information Scale Appliancesâ; Ubicomp 2001: Ubiquitous Computing; Pg. 354361; January 01; 2001.
 Xyloc family of products; Ensure Technologies (Ypsilanti; Michigan) ; <http://www.ensuretech.com>; Last visited March 24th; 2009.
 Ladislav Bodnar; âTop Ten Linux Distributionsâ; <http://distrowatch.com/>; Last visited April 1st; 2009.
 Lawrence OâGorman; âComparing Passwords; Tokens; and Biometrics for User Authenticationâ; Proceedings of the IEEE; Vol 91(12); Pg 20192040; 2003.
 K. Nagel; C. D. Kidd; O’Connell; T. OâConnell; A. Dey and G. D. Abowd; âThe Family Intercom: Developing a ContextAware Audio Communication Systemâ; Proceedings of UBICOMP; Pg. 176183; 2001.
 R. Want; A. Hopper; V. Falco; and J. Gibbons; âThe Active Badge Location System;â ACM Transaction on Information Systems; Vol 10(1); Pg. 91102; January1992.
 Science News University of California; San Francisco. "Agerelated Memory Loss Tied To Slip In Filtering Information Quickly." ScienceDaily dated 5 September 2008. <http://www.sciencedaily.com/releases/2008/09/080902143234.htm>; Last visited April 1st; 2009.
 Department of Defense; Trusted Computer System Evaluation Criteria dated 1985; <http://csrc.nist.gov/ publications/history/dod85.pdf>; Last visited March 30th; 2009.
 Lawrence A. Tomei ; âEncyclopedia of Information Technology Curriculum Integrationâ; Information Science Reference; illustrated edition ; ISBN13: 9781599048819; February 5; 2008.
 Mike Ebbers; Wayne OâBrien and Bill Ogden; âIntroduction to the New Mainframe: z/OS Basicsâ dated July 2006; <http://publibz.boulder.ibm.com/zoslib/pdf/zosbasic.pdf>; last visited March 26th; 2009.
 Pam Snaith and Rob Steiskal; âMainframes are still mainstreamâ; White paper by CA Inc; June 2007. <www.ca.com>; Last visited March 30th; 2009.
 Mark Weasor; âNomadic Issues in Ubiquitous Computingâ; Xerox PARC (Palo Alto Research Center); <http://www.ubiq.com/hypertext/weiser/NomadicInteractive> ; last visited March 26th; 2009.
 Marcia Riley; "Ubiquitous Computing: An Interesting New Paradigm"; <http://www.cc.gatech.edu/classes/cs6751_97_fall/projects/saycheese/ marcia/mfinal.html>;Last visited March 26th; 2009.
 J. Vollbrecht; P. Calhoun; S. Farrell; L. Gommans; G. Gross; B. de Bruijn; C. de Laat; M. Holdrege and D. Spence; âNetwork Working Group: RFC 2904â; August 2000.
 Charles P. Pfleeger and Shari Lawrence Pfleeger; âSecurity in Computingâ; Prentice Hall Professional Technical Reference; 2002.
 Stephan J. Engberg; Morten B. Harning and Christian Damsgaard Jensen; âZeroknowledge Device Authentication:Privacy & Security Enhanced RFID preserving Business Value and Consumer Convenienceâ; Proceedings of the 2nd Annual Conference on Privacy; Security and Trust (PSTâ04); 2004
 Martin Kirschmeyer; Mads S. Hansen and Christian D. Jensen; âPersistent Authentication in Smart Environmentsâ; 2nd International Workshop on Combining Context with Trust; Security and Privacy. Trondheim; Norway; 2008.
 J. Bardram; T. KjĂŠr and C. Nielsen; âMobility in Healthcare Reporting on our initial Observations and Pilot Studyâ;Technical report of a clinical study; CfPC 2003PB52; Center for Pervasive Computing; 2003.
 Jens BĂŠk JĂžrgensen and Claus Bossen; âExecutable Use Cases for Pervasive Healthcareâ; IEEE Software Volume 21 ; Issue 2; Pg. 34 â 41; ISSN:07407459; March 2004.
 Jakob Bardram; âThe trouble with login: on usability and computer security in ubiquitous computingâ; Personal and Ubiquitous Computing Vol9(6); Pg. 357â367; ISSN:16174909; November 2005
 Rachna Dhamija and Adrian Perrig; âDeja Vu: A user study using images for authenticationâ; In the Proceedings of the 9th USENIX Security Symposium; Denver; Colorado; August 2000.
 I. Jermyn; A. Mayer; F. Monrose; M. Reiter and A. Rubin. âThe Design and Analysis of Graphical Passwordsâ; Proceedings of the 8th UNIX Security Symposium; August 1999.
 Matt Bishop; âComputer Security: Art and Scienceâ ; book published by AddisonWesley Professional; ISBN13: 9780201440997; 2002.
 Computer Industry Almanac; â25Year PC Anniversary Statisticsâ; Press release August2006; <http://www.cia. com/pr0806.htm>; Last visited April 1st; 2009.
 Password Research; âAuthentication Statistic Indexâ maintained by Bruce K. Marshall; <http://passwordresearch.com/stats/statindex.html>; Last visited April 1st; 2009.