There is an intrinsic conflict between creating secure systems and usable systems. But usability and security can be made synergistic by providing requirements and design tools with specific usable security principles earlier in the requirements and design phase. In certain situations, it is possible to increase usability and security by revisiting design decisions made in the past; in others, to align security and usability by changing the regulatory environment in which the computers operate. This book addresses creation of a usable security protocol for user authentication as a natural outcome of the requirements and design phase of the authentication method development life cycle.
There is an intrinsic conflict between creating secure systems and usable systems. But usability and security can be made synergistic by providing requirements and design tools with specific usable security principles earlier in the requirements and design phase. In certain situations, it is possible to increase usability and security by revisiting design decisions made in the past; in others, to align security and usability by changing the regulatory environment in which the computers operate. This book addresses creation of a usable security protocol for user authentication as a natural outcome of the requirements and design phase of the authentication method development life cycle.
This book constitutes the refereed post-conference proceedings of the 7th IFIP WG 13.2 International Conference on Human-Centered Software Engineering, HCSE 2018, held in Sophia Antipolis, France, in September 2018. The 11 full papers and 7 short papers presented together with 5 poster and demo papers were carefully reviewed and selected from 36 submissions. The papers focus on the interdependencies between user interface properties and contribute to the development of theories, methods, tools and approaches for dealing with multiple properties that should be taken into account when developing interactive systems. They are organized in the following topical sections: HCI education and training; model-based and model-driven approaches; task modeling and task-based approaches; tools and tool support; and usability evaluation and UI testing.
This book describes cyber-security issues underpinning several cyber-physical systems and several application domains, proposing a common perspective able to collect similarities as well as depict divergences and specific solution methods. Special attention is given to those approaches and technologies that unleash the power of collaboration among stakeholders, in a field based often developed in isolation and segregation of information. Given the pervasively growing dependency of society on IT technology, and the corresponding proliferation of cyber-threats, there is both an imperative need and opportunity to develop a coherent set of techniques to cope with the changing nature of the upcoming cyber-security challenges. These include evolving threats and new technological means to exploit vulnerabilities of cyber-physical systems that have direct socio-technical, societal and economic consequences for Europe and the world. We witness cyber-attacks on large scale infrastructures for energy, transport, healthcare systems and smart systems. The interplay between security and safety issues is now paramount and will be even more relevant in the future. The book collects contributions from a number of scientists in Europe and presents the results of several European Projects, as NeCS, SPARTA, E-CORRIDOR and C3ISP. It will be of value to industrial researchers, practitioners and engineers developing cyber-physical solutions, as well as academics and students in cyber-security, ICT, and smart technologies in general.
If there is any one element to the engineering of service systems that is unique, it is the extent to which the suitability of the system for human use, human service, and excellent human experience has been and must always be considered. An exploration of this emerging area of research and practice, Advances in the Human Side of Service Engineering covers a broad spectrum of ergonomics and human factors issues highlighting the design of contemporary service systems.
Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them. But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computerinteraction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research. Security & Usability groups 34 essays into six parts: Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic. Authentication Mechanisms-- techniques for identifying and authenticating computer users. Secure Systems--how system software can deliver or destroy a secure user experience. Privacy and Anonymity Systems--methods for allowing people to control the release of personal information. Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability. The Classics--groundbreaking papers that sparked the field of security and usability. This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.
This book constitutes the proceedings of the Second International Conference on HCI for Cybersecurity, Privacy and Trust, HCI-CPT 2020, held as part of the 22nd International Conference, HCI International 2020, which took place in Copenhagen, Denmark, in July 2020. The total of 1439 papers and 238 posters included in the 37 HCII 2020 proceedings volumes was carefully reviewed and selected from 6326 submissions. HCI-CPT 2020 includes a total of 45 regular papers; they were organized in topical sections named: human factors in cybersecurity; privacy and trust; usable security approaches. As a result of the Danish Government's announcement, dated April21, 2020, to ban all large events (above 500 participants) until September 1, 2020, the HCII 2020 conference was held virtually.
Text passwords are still the primary authentication mechanism for computers and online systems world-wide. Prior work indicates that they would likely persist in the foreseeable future, despite alternative proposals. Therefore, it is crucial to examine the open issues in text passwords. In addition, instead of replacing text passwords entirely, alternatives could be proposed for use under specific context. Under such premises, this thesis focused on (1) to demonstrate the field performance of a serious alternative method for mobile authentication and (2) to propose a systematic experiment design to study password memorability. Designed to be used for desktop computers originally, text passwords are not suitable for modern platforms such as mobile devices. Using text passwords on mobile devices is a drastically different experience, because of the different form factor and context. From a between-group lab study comparing passwords usage on different devices, we learned that the form factor alone already has an effect on aspects of passwords such as the amount of lowercase letters used per password. Meanwhile, recent studies suggest that free-form gesture passwords are a viable alternative as an authentication method on touchscreen devices. However, little is known about the actual advantages they carry when deployed for everyday mobile use. We performed the first field study (N=91) of mobile authentication using free-form gestures, with text passwords being the baseline. Motivated by Experience Sampling Method (ESM), our study design aimed at increasing ecological validity while still maintaining control of the experiment. We found that, with gesture passwords, participants gen- erated new passwords and authenticated faster with comparable memorability, while being more willing to retry. Our analysis of the gesture password dataset indicated the choice of gestures varied across categories. Our findings demonstrated gesture passwords are a serious alternative for mobile context. A major struggle people have with text passwords is to create ones that are both secure and memorable. Although there has been research on measuring password security, we have yet to systematically discover the factors to affect password memorability. By combining existing memory findings and password specific contexts, we proposed a field experiment design centering on two major factors that affect password memorability: log-in frequency and password condition. Log-in frequency defines the frequency of log-in tasks, and password condition defines the condition each password was created. The result of the experiment revealed that potential effects of our factors exist and pointed out directions for future studies.
There has been roughly 15 years of research into approaches for aligning research in Human Computer Interaction with computer Security, more colloquially known as ``usable security.'' Although usability and security were once thought to be inherently antagonistic, today there is wide consensus that systems that are not usable will inevitably suffer security failures when they are deployed into the real world. Only by simultaneously addressing both usability and security concerns will we be able to build systems that are truly secure. This book presents the historical context of the work to date on usable security and privacy, creates a taxonomy for organizing that work, outlines current research objectives, presents lessons learned, and makes suggestions for future research.
