Usability and Security

More documents

Recommendations

Info

3.3.3 TokensIn this paragraph the token authentication mechanism will come up for discussion. We will discuss twotypes of token-based authentication which are tokens and One Time Password Tokens, hereafter OTP. Wehave selected only these types of token-based authentication as they are most commonly used.Tokens have been used more commonly for the physical domain. Tokens can be used as a one factorauthentication process, e.g. swipe cards for door access. According to Sasse, this is a fairly weakmechanism since a token may be stolen or found by a potential attacker, who can use it until the loss/theftis discovered and the token is revoked 28 . Therefore, tokens are more often combined with anotherauthentication mechanism; e.g. the combination of bank cards and PINs for ATM being the most widelyused. OTP fall into the category of security devices that do not have to be plugged in 29 . Similar to theshape of a small pocket calculator, OTP display authentication data that users type in manually and theauthentication data changes each time a user authenticates. These tokens such as the SecurID have beenused, with apparent success, for remote access by financial institutions. On the other hand, the high cost ofreplacing lost tokens and/or lost working time has led companies in other sectors to abandon it 28 .The secureID by RSA, is one way of significantly reducing the risk of using passwords. Unlike passwordswhich are changed every 60-90 days or longer, a secureID token works differently. On the small screen ofthe key fob the user carries with them are numbers that change every 60 seconds. The numbers displayedon the screen change randomly to the end user are generated by a mathematical algorithm that is onlyknown to the enterprise security server 30 . There are however weaknesses by using only this approach. Forinstance, if someone is able to steal or fraudulently obtain the key fob and they also know the user's id,then they will be able to successfully masquerade as the identity 30 . According to Anderson, token-basedauthentication requires token construction and distribution, which is far from trivial and has led todocumented financial loss 31 .The token must be physically presented to the computer system, whichrequires additional hardware for reading the token. Both token and token reader cost money, and a readermust be available at every point a user might be authenticated. As costs of tokens and readers become less,this will be less of an issue. However, presentation of a valid token does not prove ownership; the tokenmay have been stolen. And although a token may be hard to forge, it does not mean it is impossible oruneconomic to do so 32 . Without two-factor authentication, stealing the device would allow an attacker toimpersonate the owner of the device; with two-factor authentication, the attacker would still have anotherauthentication burden to overcome 33 .The city of Turin had undertaken a trial to perform the first large-scale attempt to issue smartcards tocitizens for access to services and payment of local taxes (Torinofacile 2003). Based on 2,655 smartcardsissued, the number of tokens that were lost in the post/stolen in the first six months was low (16). Themajority of citizens who registered for the card were male, well educated and aged between 19 and 45; thenumber of cards issued to males was three times higher than for female citizens. Since most home andsmall business PCs are currently not fitted with smartcard readers, the trial issued digital certificates forusers who needed them. The initial phase has seen a high number of calls to the helpdesk, the majority ofwhich (83) were due to problems with using these digital certificates. The second most frequent problemwas that personal details registered about the owners of the cards were incorrect. These insights offersome pointers as to logistical aspects and the costs that are likely to be associated with issuing such tokens16
to a large number of citizens. At the same time, small businesses, single traders and professionals reportsignificant time savings and benefits from online access and payments compared to paper-based systemand access restricted to office hours. Smartcards can offer additional usability benefits: once the loginprocedure is completed, the token can be used to carry sessions from one machine to another, thusremoving the need to log out or lock the screen when leaving the machine unattended for brief periods.They can also offer additional security features for applications such as credit cards.One usability concern arising from the increasing popularity of tokens is that users may end up being‘weighed down’ by a collection of tokens that they find hard to manage. There are two possible ways inwhich this might be prevented 28 :• Single tokens carrying multiple credentials. A single token, such as a smartcard, could be used tostore users’ credentials for multiple systems. The single token could either store data for multipleidentification and verification mechanisms operated by different organizations (providing the userwith a personal ‘credential/password manager’), or have a single strong verification (providing theuser with a ‘magic key’). Both approaches would require an open standard for credentials, and thesecond would also require agreement on a single form of authentication and a high degree of trustbetween participating organizations. The ‘magic key’ model would create less work for the user, butalso create a single point of attack;• Miniaturization of tokens. Organizations continue to issue their own tokens and decide their ownaccess control mechanisms, but the tokens are so small (for example, RFID chips) that users cankeep all of their tokens on them at all times, for example, in a smartcard-type device to whichindividual chips can be added.3.3.3.1 Recapitulation & analysisUsability aspects:• Effectiveness: the users’ goal with effectiveness is to get access to a building or remote access asaccurate and complete as possible. If the token does not work, the user is able to get it solved by thedepartment in question or person responsible. With regards to an OTP, users in most cases receive anew token when having problems connecting. However, in a normal situation this aspect isapplicable for both types. This aspect is therefore considered when using tokens and OTP;• Efficiency: the users’ goal with efficiency is to get access to a building or remote access as accurateand complete as possible, using minimal resources (e.g. time). Users are able to use tokens forphysical access, using the swipe principle. With regards to an OTP token, a user needs to rememberhis/ her key fob and enter the code which is indicated on the screen of the OTP token. In this caseboth are efficient to use. This aspect is therefore considered when using tokens and OTP;• Satisfaction: the users’ goal with satisfaction is a positive attitude towards getting access to abuilding or remote access, without encountering any discomfort. Users use the token for physicalaccess and OTP for remote access. If the token does not work, the user is able to get it solved by thedepartment in question or person responsible within an acceptable timeframe. With regards to anOTP, users in most cases receive a new token when having problems connecting, thus the user willnot be able to get remote access. This aspect is therefore only considered for tokens.17
Page 1 and 2: Usability and SecurityUniversity: V
Page 3 and 4: ACKNOWLEDGMENTSThis thesis covers t
Page 5 and 6: IntroductionThe developments in Inf
Page 7 and 8: idging the gap between theory and p
Page 9 and 10: 2.1.3 Usability componentsIn order
Page 11 and 12: custom approach 12 . An example of
Page 13: put usability and security amongst
Page 16 and 17: Security aspects:• Confidentialit
Page 18 and 19: ambiguous. Controlled answers offer
Page 22 and 23: Security aspects:• Confidentialit
Page 24 and 25: The strengths, weaknesses and usabi
Page 26 and 27: conclude that the most efficient bi
Page 28 and 29: e guessed, which results in a low s
Page 30 and 31: To answer our main research questio
Page 32 and 33: AppendixInterview with Martin Wijnm
Page 34 and 35: Sources1 ISO 9241-11, Part 11: Guid

Usability and Security

Create successful ePaper yourself

Delete template?

Save as template?