Robbie MacGregor, Dalhousie University
The Android Security Key scheme promises to provide users of Android handsets with strong, public key-based multi-factor authentication similar to that achieved via USB security keys. In this paper I present an evaluation of Android Security Keys using the usability, deployability, security (UDS) framework, as well as a consideration of security and privacy issues. A comparative analysis against other 2-factor schemes is also provided, with a focus on USB security keys. I argue that Android Security Keys differ from USB security keys in terms of both usability and deployability when a basic set of UDS benefits are considered. The convenience of using a mobile handset already in a user’s possession as a second factor is privileged over the efficiency of login tasks. A cursory assessment of Android Security Keys gives the impression they offer a similar set of security benefits to USB-based implementations, but I identify potential improvements during a closer analysis of the security model and associated threats.
@inproceedings{macgregor-19-uds-android-sec-key,
author = {MacGregor, Robbie},
title = {{Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis}},
booktitle = {Who Are You?! Adventures in Authentication Workshop},
year = {2019},
series = {WAY~'19},
pages = {1--6},
address = {Santa Clara, California, USA},
month = aug,
publisher = {}
} % No publisher