A conceptual framework for evaluating usable security in authentication mechanisms - usability perspectives

Little research has been focused on the balance between usability and security in authentication mechanisms when evaluating the effectiveness of these systems. Most of the current authentication mechanisms rely on character-based passwords with a number of alternative suggestions claiming to improve some usability aspects of the authentication mechanism concept. This paper presents a conceptual framework for assessing usable security in authentication mechanisms with the purpose of guiding the usability and security evaluation process in a given environment by balancing quality metrics. The framework defines quality criteria which are quantified according to two principles: participation and categorization. Building on previous works we focus on usability perspectives in more detail. To conclude we present a mathematical approach that derives a total quality score for usable security in a security system.

[1]  Alan J. Parkin Memory: Phenomena, Experiment and Theory , 1993 .

[2]  Karen Renaud,et al.  Quantifying the quality of web authentication mechanisms: a usability perspective , 2004 .

[3]  Borka Jerman-Blazic,et al.  Quantifying Usability and Security in Authentication , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[4]  Vernon H. Gregg,et al.  Introduction to Human Memory , 1986 .

[5]  F. Craik,et al.  Depth of processing and the retention of words , 1975 .

[6]  William A. Ward,et al.  Some observations on software quality , 1999, ACM-SE 37.

[7]  Herbert A. Simon,et al.  Models of Man: Social and Rational. , 1957 .

[8]  Kenneth S. Hendis Quantifying software quality , 1981, ACM '81.

[9]  D. Norman,et al.  Memory And Attention , 1968 .

[10]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[11]  Tom Gilb,et al.  Principles of software engineering management , 1988 .

[12]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[13]  Konstantin Rozinov krozinov Are Usability and Security Two Opposite Directions in Computer Systems ? , 2004 .

[14]  Zheng Wang,et al.  Using latency to evaluate interactive system performance , 1996, OSDI '96.

[15]  Ching Y. Suen,et al.  Pattern Recognition. The Journal of the Pattern Recognition Society , 1968 .

[16]  Gavriel Salvendy,et al.  Usability and Security An Appraisal of Usability Issues in Information Security Methods , 2001, Comput. Secur..

[17]  D. Norman Memory and attention: An introduction to human information processing. , 1994 .

[18]  Hermann Ebbinghaus (1885) Memory: A Contribution to Experimental Psychology , 2013, Annals of Neurosciences.

[19]  Julian Fiérrez,et al.  Bayesian adaptation for user-dependent multimodal biometric authentication , 2005, Pattern Recognit..

[20]  Michael W. Eysenck,et al.  Processing Depth, Elaboration of Encoding, Memory Stores, and Expended Processing Capacity. , 1979 .