Usability and Security

More documents

Recommendations

Info

ambiguous. Controlled answers offer an alternative whereby a large answer space can beused, but control over the possible values improves repeatability.To investigate the tradeoffs between the usability and security aspects of the challenge questionsmechanisms a challenge question system was designed in support of Canada’s Government OnLinesolution 26 . Input to some of the design decisions came from a focus group consisting of 17 individualsfrom the general population that had Internet experience. The participants were provided with thefollowing three types of questions:• Question 1; consists of 15 fixed questions, where the focus group input was used to determineseveral of these questions. The corresponding answer is open, both at registration and recovery.Some of the fixed questions proposed for this fixed list included: "What was my first pet’s name?""Where did I first meet my significant other?" and "What was the last name of my childhood bestfriend?";• Question 2: consists of a controlled question, "Please choose a person who is memorable to you,"and an open hint. Originally, a fixed hint was used, but participants were not comfortable with thechoices it offered as they had difficulty mapping their desired hint to a single selection of a fixedhint;• Question 3: consists of a controlled question, "Please choose a date that is memorable to you," andan open hint. The corresponding answer is controlled at both registration and recovery, consisting ofdrop-down selections for each of year, month, and day.The lessons learned from the focus group include the following:• Although questions related to “first-time” events are good for repeatability, they can be moredifficult for older users to recall;• Regarding questions with calendar date answers, participants indicated an inability to recall morethan a half-dozen dates. However, even in this situation, such a question offers strength against arandom attack, while being more susceptible to a targeted attack. Thus, additional questions and/orcomplementary security techniques should also be used;• Although participants indicated a preference for open questions, the candidate list of questions theyprovided did confirm the designers’ assumptions that an insufficient level of security would beattained for open questions.3.3.2.1 Recapitulation & analysisIn this paragraph we recapitulate and analyze the case study discussed above. In this analysis we assumethat common users select bad questions and answers and that they prefer to choose. Furthermore weassume that IT Professionals select more secure questions and answers given their background. Hereafter,Question(s) and Answer(s) has been abbreviated as ‘Q&A’.Usability aspects:• Effectiveness: the users’ goal with effectiveness is to recover credentials as accurate and completeas possible. Regardless of the Q&A type, the right answer always needs to be provided. Users can14
eventually call the department in question or person responsible to retrieve their credentials, thusthis aspect is always considered;• Efficiency: the users’ goal with efficiency is to recover credentials as accurate and complete aspossible, using minimal resources (e.g. time). Users prefer to choose easy to remember Q&A andhave trouble with remembering fixed Q&A types and therefore prefer open Q&A types. This aspectis only considered in open and controlled Q&A types;• Satisfaction: the users’ goal with satisfaction is a positive attitude towards the use of the system, inthis case recovering credentials without encountering any discomfort. The fact that users prefer tochoose to be in control gives the most satisfaction during the whole process of the Q&A types. Thisaspect is therefore only considered in open and controlled Q&A types.Security aspects:• Confidentiality: in this aspect the property that information is not made available to unauthorizedindividuals is important. Having fixed Q&A types is the most secure, considering the fact that ITprofessionals select secure Q&A types. Users however choose “easy”/ poor Q&A types, which areeasily traceable/ guessable. Thus this aspect is only considered in fixed Q&A types;• Integrity: in this aspect the property of safeguarding the accuracy and completeness of assets isimportant. The fact that users choose “easy”/ poor Q&A types that are easily traceable/ guessableincreases the risk of it being obtained by unauthorized individuals. This aspect is thereforeconsidered in controlled and fixed Q&A types;• Availability: in this aspect the property of being accessible and usable upon demand by anauthorized user, in this case the ability to recover credentials and it being available to the right useris important. The fact that users choose “easy”/ poor Q&A types that are easily traceable/ guessableincreases the risk of it being obtained by unauthorized individuals who can manipulate or removedata (= information) in the system, making the data unavailable. This aspect is therefore consideredin controlled and fixed Q&A types.In this paragraph we have seen that there are three types of questions and answers, each with their set ofstrengths and weaknesses. Fixed questions prevent users from poor question selection and depends on theability and desire of the user to choose the right one. With open questions there is a risk that the user mightchoose a ‘bad’ question. This may differ depending the users background and knowledge. Controlledquestions offer a balanced alternative but share the same weakness as the open question which is thepossibility of the question or hint being insecure. With regards to the three types of answers, we have seenthat memorability and repeatability play an important factor in de type of answer that is being selected.The table below illustrates the results of our classification based upon the analyses performed in thisparagraph:AspectsUsabilitySecurityTypes of Q&AEffectiveness Efficiency Satisfaction Level Confidentiality Integrity Availability LevelFixed X Low X X X HighOpen X X X High LowControlled X X X High X X ModerateTable 3: Q&A levels15
Page 1 and 2: Usability and SecurityUniversity: V
Page 3 and 4: ACKNOWLEDGMENTSThis thesis covers t
Page 5 and 6: IntroductionThe developments in Inf
Page 7 and 8: idging the gap between theory and p
Page 9 and 10: 2.1.3 Usability componentsIn order
Page 11 and 12: custom approach 12 . An example of
Page 13: put usability and security amongst
Page 16 and 17: Security aspects:• Confidentialit
Page 20 and 21: 3.3.3 TokensIn this paragraph the t
Page 22 and 23: Security aspects:• Confidentialit
Page 24 and 25: The strengths, weaknesses and usabi
Page 26 and 27: conclude that the most efficient bi
Page 28 and 29: e guessed, which results in a low s
Page 30 and 31: To answer our main research questio
Page 32 and 33: AppendixInterview with Martin Wijnm
Page 34 and 35: Sources1 ISO 9241-11, Part 11: Guid

Usability and Security

Create successful ePaper yourself

Delete template?

Save as template?