Section 12.1. Introduction

Previous page
Table of content
Next page

12.1. Introduction

A variety of hardware devices are employed to increase computer security. This chapter focuses on those portable devices designed to increase the security of authentication systems. Smart cards and "one-time password" tokens are perhaps the best-known examples of security devices; they fit easily in pockets or on keychains, embed an integrated circuit, and are used to log into networks or web sites securely.

Vendors of security devices strive for a design that is both secure and usable. But are they successful? In this chapter, we will attempt to address this question by suggesting an experimental approach to evaluating security devices as a whole, then applying that approach to a particular subclass of security devices: smart cards and USB tokens.

Previous work on the usability of identification and authentication mechanisms, particularly in the area of password usability, emphasizes the importance of a systemic approach to usability.[1], [2] We believe the same holds true for security devices. We cannot speak about the usability of these devices without taking into account their social contexts, physical characteristics, and software, as well as typical users and applications. This systemic view of usability is essential to defining a comprehensive set of usability attributes.

[1] A. Adams and M. A. Sasse, "Users Are Not the Enemy," Communications of the ACM 42:12 (1999). See also Chapter 32, this volume.

[2] M. A. Sasse, S. Brostoff, and D. Weirich, "Transforming the 'Weakest Link': A Human-Computer Interaction Approach to Usable and Effective Security," BT Technology Journal 19:3 (1999), 122131.

Defining these attributes represents the first step of our proposed approach to assessing usability. The second step is the objective measurement of these attributes, as many usability claims are not supported by any research or experimental evidence.

The primary purpose of our approach is for evaluation. However, experimental studies are valuable not only for evaluation and comparison purposes, but also as a source of suggestions for better system design. Indeed, this process may provide larger insights into system design beyond the hardware security device itself. For example, a security device may be used in conjunction with email software. A proper design of both could help avoid or limit usability problems. Similarly, an experimental study of usability may help the designer identify the weak components or interactions between components, and may thus inform a redesign process.


Previous page
Table of content
Next page
Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295
Authors: Lorrie Faith Cranor, Simson Garfinkel
BUY ON AMAZON
Java I/O
CompTIA Project+ Study Guide: Exam PK0-003
C++ How to Program (5th Edition)
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Special Edition Using Crystal Reports 10
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy