One User, Many Hats; and, Sometimes, No Hat: Towards a Secure Yet Usable PDA

  • Frank Stajano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3957)


How can we design a PDA that is at the same time secure and usable? In current implementations the two properties are mutually exclusive. Because normal users find password entry inconvenient, the balance usually shifts away from security, leaving the PDA vulnerable if lost or stolen.

We begin by envisaging what an ideal PDA authentication mechanism might look like and by carefully examining alternatives to passwords such as tokens and biometrics.

We then expose another aspect of the security vs. usability problem. In many cases, when we turn on our PDA, we only access functionality (dictionary, calculator, web browser...) that requires no access to private data stored in the machine; why, then, should we pay the usability penalty of authentication in such cases? Moreover, we may want to grant another person temporary access to such “harmless” functionality, but without being forced to grant them unrestricted access to the whole machine.

To solve this problem we describe a system in which we may assign more than one “hat” to the owner of this single-user device, with each hat having specific privileges. The machine supports concurrent graphical logins for several hats and a convenient mechanism to switch between them. There is also provision for a userid associated with “no hat”, to which one can switch without the need for authentication, and which can access all the harmless functionality. This scheme turns out to be applicable and useful well beyond the limited realm of PDAs.


Replay Attack Public Area Authentication Mechanism Iris Recognition Private Area 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Stajano, F.: Will Your Digital Butlers Betray You? In: Syverson, P., De Capitani di Vimercati, S. (eds.) Proceedings of the 2004 Workshop on Privacy in the Electronic Society, pp. 37–38. ACM, Washington (2004)Google Scholar
  2. 2.
    Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues in Ad-Hoc Wireless Networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–182. Springer, Heidelberg (2000), CrossRefGoogle Scholar
  3. 3.
    Sammes, T., Jenkinson, B.: Forensic Computing: A Practitioner’s Guide. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Scheeres, J.: Implantable Chip, On Sale Now (October 25, 2002),,1848,55999,00.html
  6. 6.
    Corner, M.D., Noble, B.D.: Zero-interaction authentication. In: Proceedings of the eighth Annual International Conference on Mobile Computing and Networking (MOBICOM 2002), pp. 1–11. ACM Press, New York (2002)CrossRefGoogle Scholar
  7. 7.
    Stajano, F.: Security for Ubiquitous Computing. John Wiley and Sons, Chichester (2002), CrossRefGoogle Scholar
  8. 8.
    Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of Artificial Gummy Fingers on Fingerprint Systems. In: Proceedings of SPIE. Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677 (2002),
  9. 9.
    Daugman, J.: How Iris Recognition Works. IEEE Transactions on Circuits and Systems for Video Technology 14(1) (January 2004),
  10. 10.
    Daugman, J.: How the Afghan Girl was Identified by Her Iris Patterns (2002),
  11. 11.
    Bond, M., Anderson, R.J.: API-Level Attacks on Embedded Systems. IEEE Computer 34(10), 67–75 (2001), CrossRefGoogle Scholar
  12. 12.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R.: Xen and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), pp. 164–177. ACM, Bolton Landing (2003)Google Scholar
  13. 13.
    Anderson, R., Kuhn, M.: Tamper Resistance—A Cautionary Note. In: Proc. 2nd USENIX Workshop on Electronic Commerce (1996), ISBN 1-880446-83-9,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Frank Stajano
    • 1
  1. 1.University of CambridgeUK

Personalised recommendations