Integrating a Usable Security Protocol into User Authentication Services Design Process

There is an intrinsic conflict between creating secure systems and usable systems. But usability and security can be made synergistic by providing requirements and design tools with specific usable security principles earlier in the requirements and design phase. In certain situations, it is possible to increase usability and security by revisiting design decisions made in the past; in others, to align security and usability by changing the regulatory environment in which the computers operate. This book addresses creation of a usable security protocol for user authentication as a natural outcome of the requirements and design phase of the authentication method development life cycle.

Why this Book?

Acknowledgments

1 Usability and Security: Conflicts and Interdependencies

2 Panoramic Overview of User Authentication Techniques

3 Usable Security Concerns Related to Authentication Methods

4 Fundamentals of the Usable Security Protocol for User Authentication

5 The Usable Security Protocol Methodology: Define, Identify, and Develop

6 The Usable Security Protocol Methodology: Assess and Generate

7 The Usable Security Protocol Methodology: Formulate

8 The Usable Security Protocol Methodology: Demonstrate

Appendix 1: Authentication Risk-Assessment Matrix

Appendix 2: Usability Severity Ratings and Recommendations for MTM

Appendix 3: Security Severity Ratings and Recommendations for MTM

Additional Reading

References

Index

Christina Braz has been working with usable security in the area of computer security (particularly user authentication and identity management) since 2002. She earned her PhD in Cognitive Computing from the University of Quebec, Montreal, and Master of Science in Electronic Commerce from the Department of Computer Science and Applied Research, University of Montreal. Dr. Braz work experience spans over 15 years in Computer Security, Finance, Mobile Computing, and Telecommunications industries working in consultancy and corporate environments such as Scotiabank, Citibank, Symantec, RSA Security, VeriSign, and Roger Telecommunications. She has also held positions as Information Assurance Instructor at Northeastern University in Boston, MA and Graduate Teaching Assistant at HEC Montreal, QC, Canada. She has been publishing papers in the field of Human Computer Interaction Security (HCISec) for the past 10 years. Some of her main projects are investments and banking mobile applications; usable security symmetry: a security and usability inspection method; GlancePass: a usable, single-factor, and yet strong biometric authentication method; MobiTicket: a Wireless-based (SMS) auction application for selling concert tickets through mobile devices; and finally, AuthenLink, an authentication system to automatically authenticate mobile users through an implantable RFID chip. Dr. Braz currently works for Scotiabank in the Research & Development division in Toronto, Canada.

Ahmed Seffah is a professor of human-centric Software Engineering at Lappeenranta University of technology, Finland. Previously, he was a faculty member and the Concordia university research chair on human-centered software engineering. Professor Seffah was a visiting professor in various universities and research Centre including IBM, University of Lausanne, Daimler Chrysler and the Computer research institute of Montreal. He co-authored five research books and essays, the latest one on the "P