PRIVACY-BASED ADAPTIVE CONTEXT-AWARE AUTHENTICATION SYSTEM FOR PERSONAL MOBILE DEVICES
Keywords:
Adaptive Single Sign-On, Authentication Security, Ease of Use, Context-Aware, Privacy, Business ModelAbstract
Over the past decade, mobile devices such as smartphones have become increasingly common as a form of handheld computing platform. The use of mobile applications on these mobile devices is experiencing unprecedented rates of growth. However, when using mobile applications, users are often requested to give context information. Such requests have led to growing privacy concerns. This paper proposes the use of context-awareness to improve single sign-on (SSO) solutions so that mobile users can protect their private information. A privacy-based adaptive SSO (ASSO) may be able to increase users’ perceived ease of use of the system and give service providers the necessary authentication security for their applications. The study was based on data gathered from 168 participants as part of the Lausanne Data Collection Campaign. This was led by the Nokia research center in Switzerland and used Nokia N95 phones. The analysis of SVM showed our expectations to be correct. Consequently, a new business model for mobile platforms has been proposed to reinforce our claim that privacy-friendly value propositions are possible and can be used to obtain a competitive advantage.
Downloads
References
Abowd, G.D., Dey, A.K., Brown, P.J., Davies, N., Smith, M., and Steggles, P. Towards a better
understanding of context and context-awareness. Handheld and ubiquitous computing, Springer
(1999), 304–307.
Ackerman, M., Darrell, T., and Weitzner, D.J. Privacy in context. Human–Computer Interaction
, 2-4 (2001), 167–176.
Addo, A. The adoption of mobile phone: How has it changes us socially. Issues Bus. Manag. Econ
, 3 (2013), 47–60.
Al-Qirim, N. Context-Aware Mobile Business Model Discovery. Procedia Computer Science 10,
(2012), 1180–1187.
Anchan, D. and Pegah, M. Regaining single sign-on taming the beast. Proceedings of the 31st
annual ACM SIGUCCS fall conference on User services, ACM (2003), 166–171.
Becker, A., Mladenowa, A., Kryvinska, N., and Strauss, C. Evolving taxonomy of business
models for mobile service delivery platform. Procedia Computer Science 10, (2012), 650–657.
Belanger, F., Hiller, J.S., and Smith, W.J. Trustworthiness in electronic commerce: the role of
privacy, security, and site attributes. The Journal of Strategic Information Systems 11, 3 (2002),
–270.
Beresford, A.R. and Stajano, F. Location privacy in pervasive computing. IEEE Pervasive
computing 2, 1 (2003), 46–55.
Biegel, G. and Cahill, V. A framework for developing mobile, context-aware applications.
Proceedings of the Second IEEE Annual Conference on Pervasive Computing and
Communications, Percom 2004, IEEE (2004), 361–365.
Bolton, R.J. and Hand, D.J. Statistical fraud detection: A review. Statistical science 17, 3 (2002),
–249.
Bouwman, H., Zhengjia, M., Van der Duin, P., and Limonard, S. A business model for IPTV
service: a dynamic framework. info 10, 3 (2008), 22–38.
Chen, G., Kotz, D., and others. A survey of context-aware mobile computing research. Technical
Report TR2000-381, Dept. of Computer Science, Dartmouth College, Hanover, NH, USA, 2000.
Cortes, C. and Vapnik, V. Support-vector networks. Machine learning 20, 3 (1995), 273–297.
De Clercq, J. Single sign-on architectures. In Infrastructure Security. Springer, Bristol, UK, 2002,
–58.
De Reuver, M. and Haaker, T. Designing viable business models for context-aware mobile
services. Telematics and Informatics 26, 3 (2009), 240–248.
De Vos, H., Haaker, T., and Teerling, M. Consumer value of context aware and location based
mobile services. BLED 2008 Proceedings, (2008), 50–62.
Dey, A.K. Context-aware computing: The CyberDesk project. Proceedings of the AAAI 1998
Spring Symposium on Intelligent Environments, (1998), 51–54.
Freudiger, J., Manshaei, M.H., Hubaux, J.-P., and Parkes, D.C. On non-cooperative location
privacy: a game-theoretic analysis. Proceedings of the 16th ACM conference on Computer and
communications security, ACM (2009), 324–337.
Hull, R., Neaves, P., and Bedford-Roberts, J. Towards situated computing. First International
Symposium on Wearable Computers, IEEE (1997), 146–153.
Inglesant, P.G. and Sasse, M.A. The true cost of unusable password policies: password use in the
wild. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM
(2010), 383–392.
King, N.J. and Jessen, P.W. Profiling the mobile customer–Privacy concerns when behavioural
advertisers target mobile phones–Part I. Computer Law & Security Review 26, 5 (2010), 455–478.
Krumm, J. A survey of computational location privacy. Personal and Ubiquitous Computing 13, 6
(2009), 391–399.
Lewis, K.D. and Lewis, J.E. Web single sign-on authentication using SAML. International Journal
of Computer Science Issues 2, (2009), 41–48.
Lingras, P. and Butz, C.J. Precision and recall in rough support vector machines. IEEE
International Conference on Granular Computing, IEEE (2007), 654–654.
Liu, Z., Bonazzi, R., Fritscher, B., and Pigneur, Y. Privacy-friendly business models for locationbased
mobile services. Journal of theoretical and applied electronic commerce research 6, 2
(2011), 90–107.
McCole, P., Ramsey, E., and Williams, J. Trust considerations on attitudes towards online
purchasing: The moderating effect of privacy and security concerns. Journal of Business Research
, 9 (2010), 1018–1024.
Mizouni, R., Matar, M.A., Al Mahmoud, Z., Alzahmi, S., and Salah, A. A framework for contextaware
self-adaptive mobile applications SPL. Expert Systems with applications 41, 16 (2014),
–7564.
Moorman, C., Zaltman, G., and Deshpande, R. Relationships between providers and users of
market research: The dynamics of trust. Journal of marketing research 29, 3 (1992), 314–328.
Morris, M., Schindehutte, M., and Allen, J. The entrepreneur’s business model: toward a unified
perspective. Journal of business research 58, 6 (2005), 726–735.
Osterwalder, A. The business model ontology: A proposition in a design science approach. 2004.
Osterwalder, A. and Pigneur, Y. An e-Business Model Ontology for Mobile E-Business. 15th Bled
Electronic Commerce Conference e-Reality: Constructing the e-Economy, (2002), 429–436.
Osterwalder, A. and Pigneur, Y. Modeling value propositions in e-Business. Proceedings of the
th international conference on Electronic commerce, ACM (2003), 429–436.
Osterwalder, A. and Pigneur, Y. Business model generation: a handbook for visionaries, game
changers, and challengers. John Wiley & Sons, New York, USA, 2010.
Pathak, V. and Iftode, L. Byzantine fault tolerant public key authentication in peer-to-peer
systems. Computer Networks 50, 4 (2006), 579–596.
Pennanen, K., Kaapu, T., and Paakki, M.-K. Trust, Risk, Privacy, and Security in E-Commerce -
Google Search. Proceedings of the ICEB + eBRF Conference, (2006).
Pevzner, L. and Hearst, M.A. A critique and improvement of an evaluation metric for text
segmentation. Computational Linguistics 28, 1 (2002), 19–36.
Radha, V. and Reddy, D.H. A Survey on single sign-on techniques. Procedia Technology 4,
(2012), 134–139.
Rao, B. and Minakakis, L. Evolution of mobile location-based services. Communications of the
ACM 46, 12 (2003), 61–65.
Raphael, A. and Zott, C. Value creation in e-business. Strategic management journal 22, 6/7
(2001), 493–520.
Ryan, N., Pascoe, J., and Morse, D. Enhanced reality fieldwork: the context aware archaeological
assistant. Bar International Series 750, (1999), 269–274.
Sakimura, N., Jones, M., de Medeiros, B., and Mortimore, C. Openid connect basic client profile
0-draft 28. OpenID Connect Specs, 2013. http://openid.net/specs/openid-connect-basic-1_0-
html.
Schilit, B., Adams, N., and Want, R. Context-aware computing applications. in First workshop of
Mobile Computing Systems and Applications, IEEE (1994), 85–90.
Schilit, B.N. and Theimer, M.M. Disseminating active map information to mobile hosts. Network,
IEEE 8, 5 (1994), 22–32.
Sebastiani, F. Machine learning in automated text categorization. ACM computing surveys
(CSUR) 34, 1 (2002), 1–47.
Smith, H.J., Milberg, S.J., and Burke, S.J. Information privacy: measuring individuals’ concerns
about organizational practices. MIS quarterly, (1996), 167–196.
Sterngold, J. Say Goodbye to All Those Passwords-Businessweek. BusinessWeek: Online
Magazine, 2011.
Suriadi, S., Foo, E., and Jøsang, A. A user-centric federated single sign-on system. Journal of
Network and Computer Applications 32, 2 (2009), 388–401.
Vapnik, V. The nature of statistical learning theory. Springer Science & Business Media, 2013.
Wegmann, A. On the Systemic Enterprise Architecture Methodology (SEAM). Proceedings of the
th International Conference on Enterprise Information Systems, (2003), 483–490.
Westin, A.F. Privacy and freedom. Washington and Lee Law Review 25, 1 (1968), 166–170.
Xu, H., Teo, H.-H., Tan, B.C., and Agarwal, R. The role of push-pull technology in privacy
calculus: the case of location-based services. Journal of Management Information Systems 26, 3
(2009), 135–174.
Zott, C., Amit, R., and Massa, L. The business model: recent developments and future research.
Journal of management 37, 4 (2011), 1019–1042.
Nokia Siemens Networks: Privacy Survey 2009. 2009.
