Usable Privacy-Enhancing Identity Management: Challenges and Approaches

A critical success factor for Privacy-Enhancing Technologies (PETs), and for Privacy-Enhancing Identity Management in particular, will be user-friendly and intelligible user interfaces that are legally compliant and convey trust. Such user interfaces have to meet challenges such as the user-friendly representation of complex PET concepts (such as “pseudonyms”, “unlinkabilty” or “anonymous credentials”) that are unfamiliar to many users, the provision of security, the enforcement of legal privacy principles, such as informed consent or transparency, as well as the mediation of reliable trust to the end users. In this paper, we will discuss such challenges for usable privacy-enhancing identity management and will provide some HCI guidelines for addressing those challenges.

[1]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[2]  Andrew S. Patrick,et al.  From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions , 2003, Privacy Enhancing Technologies.

[3]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[4]  Martin Rost,et al.  Exploring the Feasibility of a Spatial User Interface Paradigm for Privacy-Enhancing Technoloqy , 2006 .

[5]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[6]  Oliver Günther,et al.  RFID and the Perception of Control: The Consumer's View , 2005, IEEE Engineering Management Review.

[7]  Abhi Shelat,et al.  Securing user inputs for the web , 2006, DIM '06.

[8]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[9]  Simson L. Garfinkel,et al.  Design principles and patterns for computer systems that are simultaneously secure and usable , 2005 .

[10]  John Sören Pettersson,et al.  Outlining “Data Track”: Privacy-friendly Data Maintenance for End-users , 2007 .

[11]  Siani Pearson,et al.  Towards Automated Evaluation of Trust Constraints , 2006, iTrust.

[12]  Simone Fischer Hübner,et al.  Evaluation of early prototypes (D[6-12].1.a) : Public EU6FP IST deliverable , 2004 .

[13]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[14]  C. Andersson,et al.  Trust in PRIME , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[15]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † , 2007 .

[16]  Jakob Nielsen,et al.  Heuristic Evaluation of Prototypes (individual) , 2022 .

[17]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[18]  John Sören Pettersson,et al.  Making PRIME usable , 2005, SOUPS '05.

[19]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).