Know your enemy: The risk of unauthorized access in smartphones by insiders

Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, Konstantin Beznosov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

42 Citations (Scopus)

Abstract

Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users' concerns about unauthorized data access on their smartphones (22 interviewed and 724 surveyed subjects). We found that users are generally concerned about insiders (e.g., friends) accessing their data on smartphones. Furthermore, we present the first evidence that the insider threat is a real problem impacting smartphone users. In particular, 12% of subjects reported a negative experience with unauthorized access. We also found that younger users are at higher risk of experiencing unauthorized access. Based on our results, we propose a stronger adversarial model that incorporates the insider threat. To better reflect users' concerns and risks, a stronger adversarial model must be considered during the design and evaluation of data protection systems and authentication methods for smartphones.

Original languageEnglish
Title of host publicationMobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services
Pages271-280
Number of pages10
DOIs
Publication statusPublished - 2013
Externally publishedYes
Event15th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2013 - Munich, Germany
Duration: 27 Aug 201330 Aug 2013

Other

Other15th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2013
CountryGermany
CityMunich
Period27/8/1330/8/13

Fingerprint

Smartphones
Data privacy
Electronic mail
Authentication

Keywords

  • insider
  • loss
  • physical threats
  • smartphone
  • stranger
  • theft
  • user study

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Software

Cite this

Muslukhov, I., Boshmaf, Y., Kuo, C., Lester, J., & Beznosov, K. (2013). Know your enemy: The risk of unauthorized access in smartphones by insiders. In MobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services (pp. 271-280) https://doi.org/10.1145/2493190.2493223

Know your enemy : The risk of unauthorized access in smartphones by insiders. / Muslukhov, Ildar; Boshmaf, Yazan; Kuo, Cynthia; Lester, Jonathan; Beznosov, Konstantin.

MobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services. 2013. p. 271-280.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Muslukhov, I, Boshmaf, Y, Kuo, C, Lester, J & Beznosov, K 2013, Know your enemy: The risk of unauthorized access in smartphones by insiders. in MobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services. pp. 271-280, 15th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2013, Munich, Germany, 27/8/13. https://doi.org/10.1145/2493190.2493223
Muslukhov I, Boshmaf Y, Kuo C, Lester J, Beznosov K. Know your enemy: The risk of unauthorized access in smartphones by insiders. In MobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services. 2013. p. 271-280 https://doi.org/10.1145/2493190.2493223
Muslukhov, Ildar ; Boshmaf, Yazan ; Kuo, Cynthia ; Lester, Jonathan ; Beznosov, Konstantin. / Know your enemy : The risk of unauthorized access in smartphones by insiders. MobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services. 2013. pp. 271-280
@inproceedings{3d03ded94e684580841d1fade4e823a5,
title = "Know your enemy: The risk of unauthorized access in smartphones by insiders",
abstract = "Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users' concerns about unauthorized data access on their smartphones (22 interviewed and 724 surveyed subjects). We found that users are generally concerned about insiders (e.g., friends) accessing their data on smartphones. Furthermore, we present the first evidence that the insider threat is a real problem impacting smartphone users. In particular, 12{\%} of subjects reported a negative experience with unauthorized access. We also found that younger users are at higher risk of experiencing unauthorized access. Based on our results, we propose a stronger adversarial model that incorporates the insider threat. To better reflect users' concerns and risks, a stronger adversarial model must be considered during the design and evaluation of data protection systems and authentication methods for smartphones.",
keywords = "insider, loss, physical threats, smartphone, stranger, theft, user study",
author = "Ildar Muslukhov and Yazan Boshmaf and Cynthia Kuo and Jonathan Lester and Konstantin Beznosov",
year = "2013",
doi = "10.1145/2493190.2493223",
language = "English",
isbn = "9781450322737",
pages = "271--280",
booktitle = "MobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services",

}

TY - GEN

T1 - Know your enemy

T2 - The risk of unauthorized access in smartphones by insiders

AU - Muslukhov, Ildar

AU - Boshmaf, Yazan

AU - Kuo, Cynthia

AU - Lester, Jonathan

AU - Beznosov, Konstantin

PY - 2013

Y1 - 2013

N2 - Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users' concerns about unauthorized data access on their smartphones (22 interviewed and 724 surveyed subjects). We found that users are generally concerned about insiders (e.g., friends) accessing their data on smartphones. Furthermore, we present the first evidence that the insider threat is a real problem impacting smartphone users. In particular, 12% of subjects reported a negative experience with unauthorized access. We also found that younger users are at higher risk of experiencing unauthorized access. Based on our results, we propose a stronger adversarial model that incorporates the insider threat. To better reflect users' concerns and risks, a stronger adversarial model must be considered during the design and evaluation of data protection systems and authentication methods for smartphones.

AB - Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users' concerns about unauthorized data access on their smartphones (22 interviewed and 724 surveyed subjects). We found that users are generally concerned about insiders (e.g., friends) accessing their data on smartphones. Furthermore, we present the first evidence that the insider threat is a real problem impacting smartphone users. In particular, 12% of subjects reported a negative experience with unauthorized access. We also found that younger users are at higher risk of experiencing unauthorized access. Based on our results, we propose a stronger adversarial model that incorporates the insider threat. To better reflect users' concerns and risks, a stronger adversarial model must be considered during the design and evaluation of data protection systems and authentication methods for smartphones.

KW - insider

KW - loss

KW - physical threats

KW - smartphone

KW - stranger

KW - theft

KW - user study

UR - http://www.scopus.com/inward/record.url?scp=84883667031&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883667031&partnerID=8YFLogxK

U2 - 10.1145/2493190.2493223

DO - 10.1145/2493190.2493223

M3 - Conference contribution

AN - SCOPUS:84883667031

SN - 9781450322737

SP - 271

EP - 280

BT - MobileHCI 2013 - Proceedings of the 15th International Conference on Human-Computer Interaction with Mobile Devices and Services

ER -