CS858 - User Authentication - Fall 2022

Course Description

How often have you authenticated today? You have probably authenticated to your smartphone, your laptop or desktop machine, and likely to several websites. In other words, we spend a lot of time authenticating to devices and services. Often, authentication is painful, like when having to enter a password for a website on a smartphone or when having to go through Waterloo's two-factor authentication system. You may have heard of new authentication schemes, like Apple/Google's passkeys or Microsoft's passwordless authentication, that promise to solve these problems. Well, do they? What are alternative authentication schemes proposed by researchers?

This graduate seminar studies research challenges raised by today's authentication systems. Moreover, the seminar examines to what degree newly proposed authentication systems from academia or industry address these challenges and identifies opportunities for research.

The seminar will primarily consist of reading, reviewing, and presenting research papers. There will be two papers assigned to each class period, selected from the following (incomplete) list of topics:

• • Passwords
• • Password managers
• • Two-factor authentication
• • Fallback authentication
• • Risk-based authentication
• • Phishing
• • FIDO2
• • Implicit authentication
• • Voice authentication
• • Deauthentication
• • Shoulder surfing
• • Biometrics
• • Cryptographic authentication

The course assumes a basic knowledge of computers, networks, and distributed systems, but does not assume any prior knowledge of security or cryptography.

Course Requirements

Paper Presentations and Discussion:

In every lecture, two students will each present a research paper and lead a short discussion on the paper. All students are expected to present two or three papers throughout the course. The presentation should be conference-style and take about 25 minutes, which will leave about 15 minutes for discussion. The presenter should be prepared with sufficient background knowledge of the related works in the area to answer broad questions and lead the class discussion. See the reading list for a list of the discussed topics. Each presenter should email their slides to the instructure before the lecture. A presenter may borrow, with attribution, figures and animations, but the slides should be created independently.

Giving oral presentations is an important skill that graduate students should train during graduate school. Feedback is essential for this training. Therefore, after every lecture, all students should submit a review for both presentations. (A presenter does not need to review their own presentation.) The review should answer some specific questions about the presentation. The reviews are due at 12:00pm (noon) the day after a presentation. A presenter will have access to their (anonymized) reviews.

Paper Reviews:

All students should read the two assigned papers prior to a lecture and submit a short review for one of them. The review should answer some specific questions about the paper. The reviews are due at 11:59pm (midnight) the day before a paper is presented in class. The (anonymized) reviews will be accessible by the other students. The student presenting a paper does not need to write a review for it or the other paper presented on the same day.

Projects:

Projects should undertake original research in the area of user authentication and may lead to workshop/conference submissions. Projects should ideally be done in groups of two. If you strongly prefer doing a project individually or in a larger group, send email to the instructor explaining your reasons. You are encouraged to discuss your project topic with the instructor before submitting your proposal.

• Project proposal (due Oct 19):
Project proposals should be emailed as a PDF to the instructor. These should be no more than two pages that succinctly describe what you plan to work on, the form of results you hope to have by the end of the term, and and some related work in the area.

• Project presentation (end of term):
Near the end of term, groups will present their work to the class in a 20-minute (including five minutes for questions) conference-style presentation.

• Final project report (due Dec 16):
The report should be formatted using one of the ACM templates. The report should not have more than 10 pages, excluding the bibliography. Appendices are permitted and do not count towards the page limit, but you should not expect the reader to read them.

Grading

Grades for this seminar will be calculated as follows:

Academic Integrity

Note that students are not generally permitted to submit the same work for credit in multiple classes. For example, if students have reviewed or presented one of the papers in another seminar class, they should avoid reviewing or presenting it again for this class.

General University Policy

• Academic Integrity: In order to maintain a culture of academic integrity, members of the University of Waterloo community are expected to promote honesty, trust, fairness, respect and responsibility. Check the Office of Academic Integrity's website for more information.

  All members of the UW community are expected to hold to the highest standard of academic integrity in their studies, teaching, and research. This site explains why academic integrity is important and how students can avoid academic misconduct. It also identifies resources available on campus for students and faculty to help achieve academic integrity in — and out — of the classroom.

• Grievance: A student who believes that a decision affecting some aspect of his/her university life has been unfair or unreasonable may have grounds for initiating a grievance. Read Policy 70 — Student Petitions and Grievances, Section 4. When in doubt please be certain to contact the department's administrative assistant who will provide further assistance.

• Discipline: A student is expected to know what constitutes academic integrity, to avoid committing academic offenses, and to take responsibility for his/her actions. Check the Office of Academic Integrity for more information. A student who is unsure whether an action constitutes an offense, or who needs help in learning how to avoid offenses (e.g., plagiarism, cheating) or about "rules" for group work/collaboration should seek guidance from the course professor, academic advisor, or the Undergraduate Associate Dean. For information on categories of offenses and types of penalties, students should refer to Policy 71 — Student Discipline. For typical penalties, check Guidelines for the Assessment of Penalties.

• Avoiding Academic Offenses: Most students are unaware of the line between acceptable and unacceptable academic behaviour, especially when discussing assignments with classmates and using the work of other students. For information on commonly misunderstood academic offenses and how to avoid them, students should refer to the Office of Academic Integrity's site on Academic Misconduct and the Faculty of Mathematics Cheating and Student Academic Discipline Policy.

• Appeals: A decision made or penalty imposed under Policy 70, Student Petitions and Grievances (other than a petition) or Policy 71, Student Discipline may be appealed if there is a ground. A student who believes he/she has a ground for an appeal should refer to Policy 72, Student Appeals.

Note for Students with Disabilities

AccessAbility Services, located in Needles Hall, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.

Mental Health Support

All of us need a support system. We encourage you to seek out mental health supports when they are needed. Please reach out to Campus Wellness and Counselling Services.
We understand that these circumstances can be troubling, and you may need to speak with someone for emotional support. Good2Talk is a post-secondary student helpline based in Ontario, Canada that is available to all students.

Territorial Acknowledgement

We acknowledge that we live and work on the traditional territory of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee peoples. The University of Waterloo is situated on the Haldimand Tract, the land promised to the Six Nations that includes ten kilometres on each side of the Grand River.

Credits

Thanks to Diogo Barradas for providing the template for this website.