July 9-11, 2014
Menlo Park


Call for papers





Who are you?! Adventures in Authentication: WAY Workshop


Submission Deadline: May 22, 2014, 5pm PDT
Notification Deadline: May 30, 2014 5pm PDT
Anonymization: Papers are NOT to be anonymized
Length: 1-2 page position statements
Formatting: Use SOUPS MS Word or LaTeX templates
Submission site: EasyChair WAY 2014 site
More guidance: Read this CFP in detail and see the common pitfalls document
Workshop Date: Wednesday, July 9, 2014


Authentication, or the act of proving that someone is who they claim to be, is a cornerstone of security. As more time is spent using computers, authentication is becoming both more common and increasingly important. Users must authenticate to prove their identity to maintain a continuous presence with a wide variety of computing services.

Our most common method of authentication continues to be based on the assumption of a person using a desktop computer and keyboard, or a person authenticating to their mobile phone -- what Bill Buxton has referred to as the "missionary position": one user and one computer face-to-face - no other position allowed. There has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions may no longer be valid.

In the era of mobile, embedded and ubiquitous computing, the time for each interaction with a device, application or service is becoming much briefer. The user's primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications.

The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable.

The goal of this workshop is to explore these and related topics across the broad range of contexts, including enterprise systems, personal systems, and especially mobile and embedded systems (such as automotive and wearable systems). This workshop provides an informal and interdisciplinary setting at the intersection of security, psychological, and behavioral science. Panel discussions may be organized around topics of interest where the workshop participants will be given an opportunity to give presentations, which may include current or prior work in this area, as well as pose new challenges in authentication. Topics of interest include:

  • Surveys and comparisons of known authentication techniques
  • Novel metrics or comparisons of metrics for authentication strength
  • Empirical evaluations of authentication techniques, including performance, accuracy, and the impact of authentication on a user's primary task
  • New authentication techniques that target emerging computing environments such as mobile and embedded systems
  • Approaches (including protocols) that enable weak authentication schemes to be more robust
  • Existing authentication techniques applied in new environments or usage contexts
  • Novel approaches to the design and evaluation of authentication systems

Researchers and practitioners interested in the topics outlined below. We expect that researchers from both industry and academia will find relevant material in the workshop.


We are soliciting 1-2 page position statements that express the nature of your interest in the workshop; these should include the aspects of authentication of interest to you, including the topic(s) that you would like to discuss during the workshop and panel discussions. Position statements must be in PDF format, preferably using the SOUPS formatting template (LaTeX or MS Word). Submissions should not be blinded.

Accepted submissions will be posted to the SOUPS workshop web site. We encourage participants to also make their workshop presentations available on the web site. These submissions will not be considered "published" works. As such, should not preclude publication elsewhere.

Submissions should be made via EasyChair WAY 2014 web site

Question about submissions should be directed to the Program chair at the gmail address at the end of this CFP.


Paper submission deadline - May 22, 2014, 5pm PDT
Notification of paper acceptance - May 30, 2014 5pm PDT


Workshop co-chairs

Larry Koved
IBM T. J. Watson Research Center

Elizabeth Stobert
Carleton University

Program chair

Elizabeth Stobert
Carleton University

Please send workshop inquiries to:


9:00 a.m. Introduction

9:15 a.m. Principles of Authentication

Session chair: Larry Koved

9:45 a.m. Biometric Authentication

Session chair: Larry Koved

10:30 a.m. Break

11 a.m. Working with Biometrics

Session chair: Elizabeth Stobert

11:30 a.m. Continuous and De-Authentication

Session chair: Elizabeth Stobert

12:15 p.m. Privacy

Session chair: Elizabeth Stobert

12:30 p.m. - Lunch

1:30 p.m. Passwords

Session chair: Larry Koved

3:00 p.m. Break

3:30 p.m. Non-WIMP Authentication and Accessibility

Session chair: Elizabeth Stobert

4:45 p.m. Workshop wrap-up