Smartphones: Not Smart Enough?
Ian Fischer, Cynthia Kuo, Ling Huang and Mario Frank


Today's mobile devices are packed with sensors that are capable of gathering
rich contextual information, such as location, wireless device signatures,
ambient noise, and photographs. 
This paper exhorts the security community to re-design authentication
mechanisms for users on mobile devices.
Instead of relying on one simplistic, worst-case threat model, we should use
contextual information to develop more nuanced models that assess the risk
level of the user's current environment.
This would allow us to decrease or eliminate the level of user interaction
required to authenticate in some situations, improving usability without any
effective impact on security.
Ideally, authentication mechanisms will scale up or down to match users' own
mental threat models of their environments.
We sketch out several scenarios demonstrating how contextual information can be
used to assess risks and adapt authentication mechanisms.  
This is a research-rich area, and we outline future research directions for
developing and evaluating dynamic security mechanisms using contextual
information.