A Brief Introduction to Usable Security

Researchers have studied usable computer security for more than 20 years, and developers have created numerous security interfaces. Here, the authors examine research in this space, starting with a historical look at papers that address two consistent problems: user authentication and email encryption. Drawing from successes and failures within these areas, they study several security systems to determine how important design is to usable security. Their discussion offers guidelines for future system design.

[1]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[2]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[3]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[4]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[5]  Marc Reisch,et al.  SIGNED, SEALED,AND DELIVERED: A seal of approval for dietary supplements and ingredients can mean different things , 2002 .

[6]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[7]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[8]  Diana K. Smetters,et al.  Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute , 2004, USENIX Security Symposium.

[9]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[10]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[11]  Rob Miller,et al.  Johnny 2: a user test of key continuity management with S/MIME and Outlook Express , 2005, SOUPS '05.

[12]  James A. Haskett,et al.  Pass-algorithms: a user validation scheme based on knowledge of secret algorithms , 1984, CACM.

[13]  Ka-Ping Yee Secure Interaction Design , 2004, Financial Cryptography.

[14]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[15]  Stephen T. Kent,et al.  Internet Privacy Enhanced Mail , 1993, CACM.

[16]  Robert W. Reeder,et al.  User interface dependability through goal-error prevention , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[17]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[18]  Moshe Zviran,et al.  Cognitive passwords: The key to easy access control , 1990, Comput. Secur..

[19]  Nathaniel Good,et al.  Usability and privacy: a study of Kazaa P2P file-sharing , 2003, CHI '03.

[20]  Ben F. Barton,et al.  User-friendly password methods for computer-mediated information systems , 1984, Comput. Secur..

[21]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[22]  Simson L. Garfinkel,et al.  Design principles and patterns for computer systems that are simultaneously secure and usable , 2005 .

[23]  Sig Porter,et al.  A password extension for improved human factors , 1982, Comput. Secur..

[24]  Julie Thorpe,et al.  Graphical Dictionaries and the Memorable Space of Graphical Passwords , 2004, USENIX Security Symposium.