Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

Security and Usability:The Case of the User Authentication Methods

Christina Braz

Université du Québec à Montréal

C.P. 8888, succ. Centre-villeMontreal, QC H3C 3P8 Canada

braz.christina@courrier.uqam.ca

Jean-Marc Robert

École Polytechnique de Montréal

C.P. 6079, succ. Centre-villeMontreal, QC H3C 3A7 Canada

jean-marc.robert@polymtl.ca

ABSTRACT

The usability of security systems has become a major is-sue in research on the efficiency and user acceptance of security systems. The authentication process is essentialfor controlling the access to various resources and facili-ties. The design of usable yet secure user authenticationmethods raises crucial questions concerning how to solveconflicts between security and usability goals.

KEYWORDS:

Security Usability, User Authentication,Human Factors, Access Control, User Interface design.

RESUME

L'utilisabilité des systèmes de sécurité informatique estdevenue un des problèmes majeurs sur la recherche del'efficacité et l'acceptation des utilisateurs/trices des sys-tèmes de sécurité informatique. Le processus d'authenti-fication est ainsi crucial pour le contrôle d'accès à dis-tance aux ressources et à des installations. La conceptiondes méthodes d'authentification d'utilisateur/trice quisoient faciles à utiliser soulève alors des questions impor-tantes telles que: Comment résoudre les conflits existantsentre les objectifs d'utilisabilité et de la sécurité appli-qués aux systèmes informatiques?

CATEGORIES AND SUBJECT DESCRIPTORS:

H.1.2[User/Machine Systems]: Human factors; K.6.5 [Securityand Protection]: Authentication; D.4.6 [Security and Pro-tection]: Access controls

Authentication.

GENERAL TERMS:

Security in HCI, Usability vs Secu-rity, Biometric Data.

INTRODUCTION

User authentication is the entry point to different com-puting networks or facilities in which a set of services arerendered to users or a set of tasks can be performed.Once authenticated, the user can gain access for exampleto a company’s Intranet to consoles, databases, buildings,vehicles, etc. Usability of the authentication mechanismshas seldom been investigated and since security mecha-nisms are conceived, implemented, put into practice andviolated by people, human factors should be taken intoaccount in their design [1]. Usability becomes a strategicissue in the establishment of user authentication methods.Usability can be defined as "the extent to which a prod-uct can be used by specified users to achieve specifiedgoals with effectiveness, efficiency and satisfaction in aspecified context of use" [5]. Security usability is con-cerned with the study of how security information shouldbe handled in the user interface [6] and how securitymechanisms and authentication systems themselvesshould be easy of use. This paper presents the usabilitysecurity issues of the user authentication methods in thecomputer security and access control domains. It aims attackling this growing problem, contributing to the dis-cussions and helping systems developers to make deci-sions concerning the usability of security systems.

HUMAN FACTORS ASPECTS OF USER AUTHENTI-CATION METHODS

Presently there has been very little research on securityusability, as a consequence both suitable specific usabil-ity design methods and a model of Graphical User Inter-face (GUI) for authentication methods are needed. Theprimary data that were gathered on the security usabilitywere concerned with the usability evaluation of PrettyGood Privacy (PGP) [11], a public key encryption pro-gram primarily intended for authentication and email pri-vacy, a rule-based authorization engine called MAP [13],previous work on design of secure user interface for net-work applications (i.e. authentication of the communica-tion) [6], and finally a few generic white papers regard-ing the matter. In a nutshell, research on Human Com-puter Interaction (HCI) and Security has been sporadic,even worse on user authentication methods.

Security and usability are both essential in the authenti-cation process. However the requirements for a highlevel of security while maintaining adequate usability arefrequently in conflict with each other and a suitable bal-ance has to be found. The potential conflicts betweensecurity and usability might be minimized by making use

Reserve this space for the copyright notice

of some general design

heuristics

principles such asminimize the user input, make decisions in the name of the user, notify the user of actions taken upon her/is be-half, and provide the user the capability to undo those ac-tions when possible, and if not to minimize their impact.However, as we have stated earlier, there is no set of us-ability recognized principles and standards for authenti-cation methods. We will present in the next section of thepaper some Human Factors issues of the authenticationmethods.

Password Complexity

Passwords are the first line of defence against attacks to acomputer system. The rules for password choice can becertainly a cumbersome problem for a user and a securityproblem for a system. For instance, very trivial choicesthat are ease to guess are broken within seconds usingpassword cracking techniques – the longer the passwordthe more difficult it is to crack. To prevent hackers fromgaining access to our computer or files, experts recom-mend using complicated passwords which can in a firstinstance increases the short-term memory load of userscausing frequent errors. In fact, the capacity of short-term memory is normally limited to 7+ 2 items (e.g. let-ters, digits, words, etc.) [7]. Traditional password sys-tems include many design features for the purpose of making trial-and-error attacks as difficult as possible.Actually, they violate most of the recognized usabilitystandards for computer systems. From the eight "GoldenRules" for interface design recommended by Shneider-man [9], password interactions break six of them (Table1). Table 2 mostly shows how to minimize the securityusability conflict dealing with these golden rules. In addi-tion, users should follow a set of rules (i.e. password se-curity policy) especially related to password creation:"All passwords must be at least six characters long; In-clude numbers and letters; Include a mix of upper andlower case; Use different passwords for each system;Change once a month; Do not write anything down" [10].In a highly networked world, wherein users must accessto multiple applications, password protection is consid-ered as costly, awkward and insecure. The requirementof authentication to access different applications, ser-vices, or facilitities might generate frustration among us-ers on a day-to-day basis, because users might need tofrequently access the same secured applications in a shortperiod of time.Golden Rules of User Interface Design Adequate forPasswords?1. Strive for consistency Yes2. Frequent users can use shortcuts (A) No3. Provide informative feedback (B) No4. Dialogs should yield closure Yes5. Prevent errors and provide simpleerror handling (C)No6. Easy reversal of any action (D) No7. Put the user in charge (E) No8. Reduce short-term memory load (F) No

Table 1:

Do the 8 golden Rules of User Interface Designapply to security systems?

Item Usability Security(A) Users can't take shortcuts:the system won't match thefirst few letters typed andfulfill in the rest.Prevents dic-tionary

andeavesdropping

attacks.(B) Users hardly see the pass-word they type: they can'tfind out repeated let-ters/accidental misspellings.Prevents guess-ing attacks andSocial Engi-neering

.(C) Most systems only mentionsuccess or failure: theydon't show how close thepassword guess was, oreven discern between amistyped username andpassword.Prevents guess-ing, eavesdrop-ping and socialengineering at-tacks.(D) Most systems keep track of incorrect guesses and takeirreparable action (lockingthe user's account) if sev-eral bad guesses happen.Prevents guess-ing, eavesdrop-ping, and socialengineering at-tacks.(E) The system makes users be"responders" of actionsrather than the initiators.Prevents guess-ing, eavesdrop-ping, and socialengineering at-tacks.(F) Users must follow a set of security policies related topassword creation recom-mended by [10]. Short-termmemory is normally limitedto 7+ 2 items.Prevents guess-ing, eavesdrop-ping, and socialengineering at-tacks.

Table 2:

How to deal with the golden rules using heuristics.

A form of attack in which an attacker uses a large set of likely com-binations to guess a secret.

Electronic eavesdropping is the intentional surveillance of data:voice, fax, e-mail, mobile telephones, etc. often for nefarious purposes.

To infiltrate a physical building or information systems using non-technical means (e.g. searching user desks for passwords on notes).

Locking Pin Systems

A classic strategy to defend against Personal Identifica-tion Number (PIN) guessing attacks in authentication to-kens is to lock the system after three consecutive invalidPIN attempts. However, this classic strategy could seri-ously undermine the system usability. After the PIN hasbeen locked, it can only be unlocked by the token Ad-ministrator. Actually, that is the worse-case scenario of usability once the administrator is not available, the useris blocked and no reversible action is possible.

Cumbersome Data Input of Challenge ResponseCalculators

Challenge-response calculators (CRC) require even moredata input in comparison with other authentication meth-ods such as a user ID, a password, a PIN and a "chal-lenge" (e.g. an authentication server creates a "chal-lenge", which is typically a random number sent to theclient machine). Therefore, the difficulty and the prob-ability of data input errors are higher (i.e., CRC do notecho the password back on the screen as it is typed, orthey only display asterisks in place of the actual charac-ters).

No Usability Features of Public Key Infrastruc-ture (PKI)

In order to illustrate the usability issues in a user authen-tication method, let’s briefly present the "Usability of Security: A Case Study" [11] which was performed toevaluate the usability of Pretty Good Privacy (PGP) 5.0.The PGP is a standard software, which uses Public KeyInfrastructure to encrypt, decrypt, and digitally sign data,for the encryption of Electronic Mail developed by PhilZimmermann [12]. The authors choose PGP because ithas a good user interface according to established stan-dards, and they claimed to find out whether that was suf-ficient to allow non-programmers who know little aboutsecurity to use it effectively. The results obtained througha cognitive walkthrough and user testing show that usershad difficulty to: avoid dangerous errors, encrypt a mes-sage, understand the public key model, figure out thecorrect key to encrypt with and how to encrypt with anykey, decrypt a message, publish the public key, and fi-nally verify a signature on an email message. These are just the basics tasks to be performed in order to executecorrectly the program. Therefore, PGP is not sufficientlyusable to provide effective security for most email users,according to the authors, because of the fact there is a"mismatch between the design philosophy behind its userinterface, and the usability needs of a security utility".

Redundancy Factor of Biometrics Systems

The best practices in the authentication area state thatmulti-factor authentication (i.e. more than one form of credential to identify a user) is generally stronger thanany single-factor authentication method. Biometrics (i.e.recognition of one’s hand, iris, voice, etc.) is generallyrecognized as a "good candidate" to be used with anotherauthentication technique – a two-factor authentication; ina two-factor technique (e.g. coupling biometrics withsmart card technology) the "redundancy" of the authenti-cation augments the security level, but at the same timediminishes the user experience. Furthermore, there canbe serious limitations with some biometric measures (e.g.there is a range of eye diseases that affect the capabilityof iris recognition system to capture an appropriate im-age of the eye [4]) and the level of social acceptability.In such cases, the authentication process must be built in

redundancy,

so that a second method must be providedin order to confirm the identity's user. However, an au-thentication process also involves a user being enrolledand verified. Hence, we should focus on enhancing userexperience and convenience when choosing an authenti-cation method.

Comparative Analysis of the Authenticationmethods

As part of this project, we developed a comparativeanalysis of the different features encountered in authenti-cation methods according to Table 3. To describe the fol-lowing features we make use of subjective rating scales:"Security" and "Usability" (ranging from 1=Minimum to5=Maximum in order to measure the degree of severityissues related to each authentication method), and"Automatism versus Human" (ranging from 1=Human isbetter; 5=Machine is better). The feature "Accuracy" hastwo measure rates of authentication by biometrics:(i) False Reject Rate (FRR) where a legitimate user is re- jected by the acquisition device; (ii) False AcceptanceRate (FAR) where a false user is accepted. The "AverageAttack Space" (AAS) corresponds to the number of guesses made by an attacker in order to disclose the se-cret (e.g. passwords, PINs, etc.). Abbreviations used inthe Table 3: PK=Public Key; PRK=Private Key;SSO= Single-Sign-On; TGS=Ticket Granting Service.

Authentication Methods - Vulnerabilities stillremain

Despite the efforts that were made by organizations toprovide suitable authentication methods, vulnerabilitiesstill remain. Mechanisms and models that are compli-cated to the user will be misused. When an authentica-tion method is too demanding the user might not keep upwith the increasing workload (e.g. a user might refuse tochange her/is password each time s/he logs on). Thus,organizations tend to blame mostly users for the humanfailure of not handling complex and demanding technicalsystems. However, Norman argues that what we oftenview as human error is the result of design flaws that maybe surmounted [8]. According to Computing TechnologyIndustry Association CompTIA [3], the human errorturns out to be the principal cause of security breaches inthe computing security sector of organizations; they ac-count for 84% of security breaches in 900 private andpublic American organizations.

of 00

Security and Usability: The Case of the User Authentication Methods

ABSTRACT
The usability of security systems has become a major issue in research on the efficiency and user acceptance of
security systems. The authentication process is essent... (More)

Download or Print

2,075 Reads

Info and Rating

Category:	Research > Internet & Technology
Rating:
Upload Date:	06/21/2009
Copyright:	Attribution Non-commercial
Tags:	usability user authentication usability user authentication (fewer)