Usability and Security

More documents

Recommendations

Info

Security aspects:• Confidentiality: in this aspect the property that information is not made available to unauthorizedindividuals is important. Passwords in the ‘high’ password complexity categories lead to behaviorforbidden by many security policies increasing the risk of being obtained by unauthorizedindividuals. This aspect is therefore only considered in the moderate-low password complexitycategory;• Integrity: in this aspect the property of safeguarding the accuracy and completeness of assets isimportant. Passwords in the ‘high’ password complexity categories lead to “work arounds”increasing the risk of being obtained by unauthorized individuals. This aspect is only considered inthe moderate-low and moderate-high password complexity categories;• Availability: in this aspect the property of being accessible and usable upon demand by anauthorized user, in this case the system is important. Passwords in the ‘high’ password complexitycategories lead to “work arounds” increasing the risk of being obtained by unauthorized individualswho can manipulate or remove data (= information) in the system, making the data unavailable.This aspect is therefore only considered in the moderate-low and moderate-high passwordcomplexity categories.As discussed in this paragraph, the goal is to get access to the system by means of password security. Wehave seen that users need to cope with complicated and/or complex passwords for different systems.Enforcing users to change their password periodically through the system makes it even more difficult forusers to remember their password. Passwords for systems that are not being used frequently are even moredifficult to remember. Users therefore behave in ways forbidden by security policies and ‘best practices’.We have also seen that there are ways to use both secure and usable passwords, but this is often notsupported by the system. Furthermore we think that the more complex and difficult to rememberpasswords are, the more ways users will find to make it more usable, thus decreasing the level of security.The table below illustrates the results of our classification based upon the analyses performed in thisparagraph:AspectsUsabilitySecurityEffectiveness Efficiency Satisfaction Level Confidentiality Integrity Availability LevelPassword complexity categoriesHigh X Low LowModerate-High X X Moderate X X ModerateModerate-Low X X X High X X X HighLow X X X High LowTable 2: Password levels3.3.2 Challenge questionsChallenge questions are amongst others used as an automated means of password or credential recovery.This can be performed by a help-desk call or performed automatically through confirmation of a user’sresponse to previously stored questions and answers. During recovery, the user is challenged with aquestion and therefore required to provide the correct answer. Challenge questions offer the same potential12
for abuse in case the system is not usable (e.g. writing down the password). And if not usable, then usersmay also be unwilling or unable to automatically recover, thereby triggering more expensive, manualrecovery. Thus, the security and usability of the system is a major concern. A poorly designed challengequestion system can dramatically weaken the security of an otherwise strong password system 26 . Withregards to the types of questions we are able to make a distinction between three types 27 :• Fixed: system provides a list of administrator-chosen questions to a user, where the user’s choice ofquestion can only be taken “as-is” from this list;• Open: a user has complete choice and control over the question; the question construction may beprovided to the user but the user enters the question in free-form text;• Controlled: it permits a shorter list of general questions to be constructed by the system manager.This inherently provides some guidance for the user (relative to an open question) and allowsfurther personal customization.According to Mike Just there are some issues related to the types of questions and answers 27 :Types of Questions• Security: With a fixed question, users are prevented from poor question selection, e.g. “Whatcolor is my car?” This is a poor question since the resulting answer space is insecure, resulting fromlow entropy. Therefore a security advantage is provided since the likelihood of choosing a“bad question” is reduced. With an open question, users might select a question that is “bad”,though capable users are able to select more secure questions. Controlled questions offer a balancedalternative helpful for question design in case an exhaustive list of suitable fixed questionscannot be constructed. However, controlled questions also share the weaknesses of openquestions as the question or hint entered by the user can be insecure;• Usability: With fixed questions, users are not required to construct their own questions atregistration. This offers both an advantage and disadvantage depending on the ability and desire of auser to choose their own questions. An open question would offer similar disadvantages andadvantages. As discussed above for the security issues, a controlled question allows someguidance to be provided for the user, in the form of a general yet partially focusedquestion, while allowing some flexibility via customization. Repeatability and memorability ofthe hint are not a concern since the hint is shown to the user upon answer presentation.Types of answersA fixed answer set involves user selection of an answer from a preset list of answers. The other extreme isan open answer, which involves a user manually entering his response. Guidance may be provided as partof answer registration, but the answer is entered in free-form by the user. A subtle variation is a controlledanswer, where the answer space is neither fixed nor open 26 :• Security: With a fixed answer set, users are prevented from selecting insecure answers. With openanswers, larger variation in the answer space is provided, though for certain questions, a userwould be able to select highly probable answers. There does not seem to be any significantsecurity advantages offered by using a controlled answer other than supporting a large answerspace.• Usability: With a fixed answer list, memorability and repeatability may be hampered if there isno unique answer to satisfy a user’s preference. With an open answer list, memorability andrepeatability may be better than fixed, though also problematic if the registered answer is13
Page 1 and 2: Usability and SecurityUniversity: V
Page 3 and 4: ACKNOWLEDGMENTSThis thesis covers t
Page 5 and 6: IntroductionThe developments in Inf
Page 7 and 8: idging the gap between theory and p
Page 9 and 10: 2.1.3 Usability componentsIn order
Page 11 and 12: custom approach 12 . An example of
Page 13: put usability and security amongst
Page 18 and 19: ambiguous. Controlled answers offer
Page 20 and 21: 3.3.3 TokensIn this paragraph the t
Page 22 and 23: Security aspects:• Confidentialit
Page 24 and 25: The strengths, weaknesses and usabi
Page 26 and 27: conclude that the most efficient bi
Page 28 and 29: e guessed, which results in a low s
Page 30 and 31: To answer our main research questio
Page 32 and 33: AppendixInterview with Martin Wijnm
Page 34 and 35: Sources1 ISO 9241-11, Part 11: Guid

Usability and Security

Create successful ePaper yourself

Delete template?

Save as template?