6.4. Environmental Considerations This section explains how to determine a ranking of the criteria introduced in the previous section. To help the system developer make a decision, it is necessary to rank the criteria so that deficiencies in the more important criteria will tend to carry more weight. We will use the characteristics of the environment to classify criteria as critical, vital, significant, or incidental. All criteria will be initially assigned to the significant category, and moved into the other categories based on an environmental analysis. There may be certain situations where a large deficiency of a particular aspect or dimension can completely disqualify the authentication mechanism for use in a particular environment. For example, the developer may decide that the system controls access to such critical data that only a completely nonpredictable mechanism will suffice. These criteria are termed critical. Mechanisms with unacceptable deficiencies in these criteria can be withdrawn from consideration if requirements are stringent. Environmental factors are identified in terms of the category in which they fall, provided in the following subsections. The list of environmental factors given here does not attempt to be exhaustive but, rather, is intended merely to give an example of the kinds of environmental factors that can affect the relative importance of the different criteria. 6.4.1. 6.4.1.1 Accessibility
Control of environment For example, a web environment is completely uncontrolled, whereas an ATM is an example of a moderately controlled environment because the network used to communicate with the server is not public, and it is a relatively easy matter to control extra hardware and software that is required by the mechanism. This factor determines how important all the criteria in the accessibility category will be in the calculation of the final quality measure because accessibility barriers can be partially alleviated in a controlled environment. If the environment is uncontrolled, these criteria become vital, and if the environment is controlled, these criteria remain significant.
Range of users For example, if the users are a small group of technically competent individuals who can be accommodated on a one-on-one basis if they are unable to use the authentication system, inclusivity may be merely incidental. If, on the other hand, we need to ensure that members of the general public must be able to use the authentication system without additional accommodation, inclusivity becomes vital.
6.4.1.2 Memorability
Frequency of use Usage can be categorized as low (less often than once a month), medium (once a week), or high (daily) because more frequently used items are remembered more easily.[31] This factor determines how important all criteria in the memorability category will be. Thus, high usage makes memorability criteria incidental; medium usage makes them significant; and infrequent usage makes them vital. [31] M. Kinsbourne and J. George, "The Mechanisms of the Word-Frequency Effect on Recognition Memory," Journal of Verbal Learning and Verbal Behaviour 13 (1974), 6369.
Forced renewal This refers to the organizational rules, which require users to change authentication keys regularly. This factor determines how important all criteria in the memorability category will be. A forced renewal policy will make the memorability criteria vital, whereas no forced renewal policy will make these criteria only significant.
6.4.1.3 Security
Access This refers to the information being protected or the kind of access being granted. If the access being provided is noncritical, the security deficiency becomes less important; but if the data being protected or the access being provided is potentially damaging, the security deficiency becomes more important. If it will not be damaging to the user if another user gains access, predictability and abundance become incidental; if wrongful access can affect only the user himself, predictability and abundance become significant; and if wrongful access can affect more than one user, predictability and abundance become vital. If a particular user has authorized access to many users' details, breakability and crackability become vital because illegal access in this person's name could be very damaging.
Trust This refers to how much the user trusts the person or organization requesting authentication. If there is trust between them, as there is between an employer and an employee, or between a patient and a doctor, privacy and confidentiality become incidental. If, however, the user does not have any firsthand knowledge of the organization or the host of an e-commerce web site, these criteria become significant. If the user is being asked to authenticate for a system hosted by another country, such as a web site, which means that it is more difficult for the user to be protected by her own country's legislation, these criteria become vital.
Security motivation This refers to the degree to which the environment can put measures in place to require the user to act in a secure and responsible way. If some sanction can be applied to a user who behaves irresponsibly, the disclosure criteria is only significant; if no sanction can be applied, it becomes vital.
Auditing A system that actively audits in real time can be less vulnerable to attacks. Such auditing procedures can activate some other security measure if something suspicious is detected. If no auditing is done, the breakability and crackability criteria become vital; if auditing is carried out, it becomes merely significant.
6.4.1.4 Cost If there are financial constraints on the person commissioning the system, cost is significant; otherwise, it becomes incidental. If the authentication system is protecting finances, cost becomes vital. |
