Call for Papers: Who Are You?! Adventures in Authentication (WAY 2017)

In cooperation with USENIX, the Advanced Computing Systems Association, SOUPS 2017 will be co-located with the 2017 USENIX Annual Technical Conference, July 12–14, 2017.

Important Dates

All dates are at 23:59 AoE (Anywhere on Earth) time.

  • Workshop paper submission deadline: Thursday, May 25, 2017 Sunday, May 28, 2017 Deadline Extended!
  • Workshop paper acceptance notification to authors: Friday, June 9, 2017
  • Workshop camera-ready papers due: Sunday, June 18, 2017

Workshop Organizers

Workshops Co-Chairs

Larry Koved, IBM T. J. Watson Research Center
Elizabeth Stobert, ETH Zürich

Program Committee

Heather Crawford, Florida Institute of Technology
Markus Dürmuth, Ruhr-University Bochum
Serge Egelman, University of Califorina, Berkeley
Lydia Kraus, Technische Universität Berlin
Sana Maqsood, Carleton University
Scott Ruoti, MIT Lincoln Laboratory
Raghav Sampangi, Dalhousie University
Kent Seamons, Brigham Young University
Jonathan Voris, New York Institute of Technology


The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable.

Authentication, or the act of proving that someone is who they claim to be, is a cornerstone of security. The importance of authentication continues to grow as users must prove their identity to maintain a continuous presence with a wide variety of computing devices and services.

Our most common method of authentication continues to be based on the outmoded assumption of a person using a keyboard or touchscreen device. As well, there has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions are no longer valid.

The time for each interaction with a device, application or service is becoming much briefer. The user’s primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications.

Target Audience

Researchers and practitioners interested in the topics outlined below. We expect that researchers from both industry and academia will find relevant material in the workshop. Topics of interest for this workshop include:

  • Surveys and comparisons of known authentication techniques
  • Novel metrics or comparisons of metrics for authentication strength
  • Empirical evaluations of authentication techniques, including performance, accuracy, and the impact of authentication on a user’s primary task
  • New authentication techniques that target emerging computing environments such as mobile and embedded systems
  • Approaches (including protocols) that enable weak authentication schemes to be more robust
  • Existing authentication techniques applied in new environments or usage contexts
  • Novel approaches to the design and evaluation of authentication systems

The goal of this workshop is to explore these and related topics across the broad range of contexts, including enterprise systems, personal systems, and especially mobile and embedded systems (such as healthcare, automotive, and wearable systems). This workshop provides an informal and interdisciplinary setting at the intersection of security, psychological, and behavioral science.

We are soliciting 4-5 page submissions. Submission may be formatted as either research papers, describing on-going or completed work, or position papers that take a stance on an issue relating to authentication. Submissions must be in PDF format, preferably using the SOUPS formatting template (LaTeX or MS Word). Submissions should not be blinded.

NEW THIS YEAR: We are seeking panel submissions. We would like to assemble one panel discussion with four speakers on a topic relating to authentication. Panel proposals should be formatted as 1-2 page abstracts, and contain the phrase “Panel Proposal” in the title.

Accepted submissions will be posted to the SOUPS workshop website. We encourage participants to also make their workshop presentations available on the website. These submissions will not be considered “published” works, and as such, should not preclude publication elsewhere.

Submissions should be made via the Web submission form. Please send workshop inquiries to or