Usability and Security

More documents

Recommendations

Info

1.3 Research scopeThe research questions formulated above limit the scope of the thesis to a large extent. The two mainsubjects discussed in this thesis are usability and security:1. Security; here we focus on techniques for identifying and authenticating computer users tosystems that are both local and remote, which are passwords, mechanisms with a challengequestion, tokens and biometrics. These authentication mechanisms are commonly used to protectphysical- and logical access;2. Usability; here we focus on the usability issues associated with each of the authenticationmechanisms. The human-interaction-processing (‘human factor’) characteristics will not come upfor discussion in this thesis. However, where necessary it will be outlined as many authenticationmechanisms require cognitive activity.1.4 Research method1.4.1 Literary studyThe purpose of the literary study is to obtain more information about the subject and to help find answersto the research questions. We will carry out a literary study on usability and security and the techniquesfor identifying and authenticating computer users to systems. The literary study will also serve as a basisfor performing different case studies and interviews. Studies will be performed in relation to:• Usability;• Security;• Authentication techniques;• Relationship between usability and security;• Latest trends and developments on subjects mentioned above.During the whole process we will make use of various types of literature such as:• Books;• Scholarly journals;• Whitepapers and fact sheets;• Articles;• Research Studies.1.4.2 Case studyThe case study is an in-depth, longitudinal examination of different events and will allow us to gain asharpened understanding of why the instance happened as it did, and what might become important tolook at more extensively in future research. The case studies will cover topics on the different types ofauthentication mechanisms as defined in our research scope and also the usability issues associated witheach. These ‘real world’ examples allow the application of theoretical concepts to be demonstrated, thus2
idging the gap between theory and practice. This will help us understand the relationship betweenusability and security and the common problems encountered in practice.1.4.3 InterviewsWe will conduct interviews to obtain more insight on how usability and security are dealt with in practice.We will ask a few questions on the subjects as defined in our research scope, and permit the interviewee totalk freely. We will only intervene to refocus the discussion or probe for additional insight into the keyareas (passwords, challenge questions, tokens and biometrics). Because we are choosing to interviewpeople with different backgrounds and experience, it is important to obtain insight from differentperspectives and what is important to them.2 Literary study2.1 What is usability?Usability has many different definitions. The English term usability is properly established (at least in thecomputer) when it comes to the usability of software interfaces and websites. The objective for usability isto enable users to achieve goals and meet needs in a particular context of use.2.1.1 DefinitionsWe have seen in the literature that the term usability has been used broadly and is defined in differentways:• ISO (the International Organization for Standardization), a worldwide federation of nationalstandards bodies defines usability as: “Extent to which a product can be used by specified users toachieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use” 1 .To obtain a better understanding of the definition it can be broken down into different ‘components’for which the following definitions apply:– product: part of the equipment (hardware, software and materials) for which usability is to bespecified or evaluated;– user: person who interacts with the product;– goal: intended outcome;– effectiveness: accuracy and completeness with which users achieve specified goals;– efficiency: resources expended in relation to the accuracy and completeness with which usersachieve goals;– satisfaction: freedom from discomfort, and positive attitudes towards the use of the product;– context of use: users, tasks, equipment (hardware, software and materials), and the physicaland social environments in which a product is used.3
Page 1 and 2: Usability and SecurityUniversity: V
Page 3 and 4: ACKNOWLEDGMENTSThis thesis covers t
Page 5: IntroductionThe developments in Inf
Page 9 and 10: 2.1.3 Usability componentsIn order
Page 11 and 12: custom approach 12 . An example of
Page 13: put usability and security amongst
Page 16 and 17: Security aspects:• Confidentialit
Page 18 and 19: ambiguous. Controlled answers offer
Page 20 and 21: 3.3.3 TokensIn this paragraph the t
Page 22 and 23: Security aspects:• Confidentialit
Page 24 and 25: The strengths, weaknesses and usabi
Page 26 and 27: conclude that the most efficient bi
Page 28 and 29: e guessed, which results in a low s
Page 30 and 31: To answer our main research questio
Page 32 and 33: AppendixInterview with Martin Wijnm
Page 34 and 35: Sources1 ISO 9241-11, Part 11: Guid

Usability and Security

Create successful ePaper yourself

Delete template?

Save as template?