a security usability protocol for user authentication - uqama security usability protocol for user...

A Security Usability Protocol for UserAuthentication

University of Quebec at Montreal, Quebec (Canada) 8-Nov.-07

Jury Members

A Security Usability Protocol for User AuthenticationUniversity of Quebec at Montreal

Prof. Dr. Mounir Bokadoum• Director of Cognitive Computing Program

Dept. of Computer ScienceUniversity of Quebec at Montreal, Quebec (Canada)

Prof. Dr. Ghislain Lévesque• Dept. of Computer Science

University of Quebec at Montreal, Quebec (Canada)

Prof. Dr. Albert Lejeune• Dept. of Management and Technology


8-Nov.-07 02/59

Doctoral Thesis Project Team

A Security Usability Protocol for User AuthenticationUniversity of Quebec at Montreal

Christina Braz, PhD Candidate in Cognitive Computing• Dept. of Computer Science


Prof. Dr. Pierre Poirier, Research Director• Dept. of Philosophy


• Cognitive Axis

Prof. Dr. Ahmed Seffah, Research Director• Dept. of Engineering and Computer Science

Concordia University, Quebec (Canada)

• Computer Science Axis

8-Nov.-07 03/59

Presentation Outline

Introduction

Challenging Issues

Security Usability

Research Objectives

Methodology

Theoretical Approach: Cognitive Science

Experimental Approach: Computer Science

Outputs of the Research

Project Schedule

A Security Usability Protocol for User AuthenticationUniversity of Quebec at Montreal8-Nov.-07 04/59

Introduction | challenges | security usability | research objectives | methodology | cognition | computer science | outputs | project schedule

Introduction

Introduction (1)Definition

Authentication is the verification of a claimed identity,and the door-entry of any computer system in which aset of services are rendered to users.

Once authenticated, users can for instanceaccess network resources.

Comprises two procedures: Identification andVerification.

When an individual attempts to access security sensitivebuildings, computer systems, or data, an access controldecision must be made. An accurate determination ofidentity is needed to make sound access controldecisions.



Introduction (2)User Authentication Method

Authentication with RSA Authentication Manager. Adapted from [RSA07].



SiteKey for online banking [BofA07].

Introduction (3)Web Authentication



Introduction (4)Authentication factors

Types of authentication factors. Adapted from [NCS83].

Authentication Methods for identifying and authenticating users [NCSC91].



Introduction (5)Types of Authentication Methods

Passwords and PINs (authentication tokens)

One-Time Password (OTP)

Public Key Authentication

Biometrics

Out-of-Band Authentication (OOBA)



Challenging Issues

Challenging Issues (1)

Authentication systems do not fail gracefully[Cranor&Garfinkel05].

Organizations struggle in providing usable and secureaccess of users to systems (e.g. by enforcing the use ofstrong passwords).

Some systems allow insufficient protection while othersare too complex for most computer users.

Without a proper user authentication systemorganizations are led to potential attackers.

Networks are incorporating a new "identity layer" that willredefine security (e.g. token provisioning).



Challenging Issues (2)

Most usability inspection techniques do not overtly takeinto account users’ thinking, “even though psychology-based inspection techniques supplied key insights intohow thinking shapes interaction” [Hornbæk&Frøkjær04].

The pure theory of knowledge-based authentication doesnot take into account how people think [Sasse&Adams99].

Security designers do not have background in usability todesign user authentication methods that are easy-to-use.

Conflicts between security and usability goals are oftenencountered within the organization’ system.



Challenging Issues (3)Internal Policies Present Biggest Compliance Challenges

"Thinking specifically about data security, to what extent do thefollowing regulations or mandates represent a challenge to you?"

Encryption Key Management study of 199 IT decision-makers responsible for security [Forrester07].



Challenging Issues (4)Encryption and Information Leak Protection are Important Initiatives

Encryption key management study of 199 ITdecision-makers responsible for security [Forrester07].

"What are your top data security initiatives over the next 12 months?"



Security Usability

Security Usability (1)

Security Usability according to [Jøsang&Patton01] isconcerned with the study of how security informationshould be handled in the User Interface (UI).

Both usability and security can vary depending on thecontext of use that includes user profiles (i.e., who are theusers), task characteristics, hardware (including networkequipment), software, and physical or organizationalenvironments.

Usability is a strategic issue in the development of userauthentication methods.

Security Usability is the study of how security informationand usability factors should be handled in the system bothuser interface and back-front-end process taking intoconsideration resources and costs.




Human Computer Interaction in Security (HCISec)research work has been emerging.

Usability of authentication mechanisms has, though,seldom been investigated.

Neither, user-centred design methods for authenticationmechanisms

A suitable security usability protocol for userauthentication method is therefore required.




Security Usability Symmetry (SUS) [Braz&Seffah07]



Research Objectives

Research Objectives

Integrate security usability into the requirements anddesign process• Help security designers and engineers to make decisions when

designing an authentication mechanism for a particular system.

Investigate computer science as well as the cognitivedimensions of security usability of user authenticationmethods.

Develop standards in security usability (taking into accountspecific constraints of security) to those involved in thedesign (e.g. guidelines), specification, and assessment ofuser authentication methods.



Methodology

Methodology (1)Diagram

CognitiveModel

ComputerScienceModel

Validation&

Verification

Security UsabilityProtocol

Version 1.0

Primary,Secondary,

TertiaryData

Security UsabilityProtocol

Version 0.1



TheoreticalApproach

ExperimentalApproach

Methodology (2)International Norms and Standards

[ISO13407:99]: Human Centered Design Processes forInteractive Systems: Understand and specify the contextof use, specify the user and organizational requirements,produce design solutions, evaluate designs againstrequirements.

[ISO/IEC 9126] Software engineering:• Product quality, Part 1: Quality model: Edition1, 2001.

• Product quality, Part 3: Internal metrics, ISO/IEC TR 9126-3:2003

• Product quality, Part 4: Quality in use metrics, ISO/IEC TR 9126-4:2004

[ISO9241-11:98]: Ergonomic Requirements for OfficeWork with Visual Display Terminals (VDTs –Part 11:Guidance in Usability).



Methodology (3)Security Usability Inspection Methods

Computer Security Design Principles [Saltzer&Schroeder00].

Guidelines for designing and evaluating usable secure software (Yee,Ka-Ping in [Cranor&Garfinkel05]):

• Match the most comfortable way to do tasks with the least granting ofauthority (e.g. human preferences).

Ergonomic Criteria for the Evaluation of Human-Computer Interfaces[Bastien&Scapin93].

General usability principles ("heuristics") for UID [Molich&Nielsen90/94].

Security Usability Symmetry (SUS) [Braz&Seffah07].

Other usability methods:

• Software Usability Measurement Inventory (SUMI) [Kirakowski01].

• Alternative usability methodologies: Condensed Contextual Inquiry,Ethnographic Interviewing, and Field Usability Testing [Kantner&al03].



Theoretical Approach

Cognitive Science

Theoretical Approach (1) COGSIntroduction

Authentication systems are used by people, so their easeof use, understandability, satisfaction and their cognitivefactors must be addressed.• Cognitive process (e.g. users retrieve a password stored in their

memory).

Cognitive model will specify the cognitive dimensions ofthe different categories of user authentication techniques.• Security usability principles when relevant, will be confronted

against their cognitive dimensions.

Cognitive sciences literature will be used to explain andjustify cognitive aspects of security usability principles.



Theoretical Approach (2) COGSCognitive Areas of Research

Perception and recognition• Key axes [Marr&Nishihara78]:

─Key axes of an object are used to recognize anobject (e.g. stick figure).

• Object viewed as a whole/template [Biederman87]:

─ Template theorists claim that an object is viewed as a whole, and isthen compared to various existing templates in memory to becapable of recognizing what has been seen (e.g. graphicalpassword).

• Seeing is a way of acting [O’Regan&Noë01]:

─Experience of seeing occurs when the organismmasters the governing laws ofsensorimotor contingencies (e.g. when you move your eyes)

─Password strength



Theoretical Approach (3) COGSCognitive Areas of Research

Mental representation of concepts• Tasks modality (visual and auditory) [Wickens84]:

─ Interference between the tasks will be minimal when they usedifferent mental processes.

• Outside world as "external memory" [O’Regan&Noë01]:

─ An "external memory" store, where information is accessible forsearching by means of eye movements and shifts of attention(e.g. SiteKey).

• Working memory and iconic memory [Cowan88], [Sperling60]:

─ Short lived form of memory, that is richer, yet less stable, thanworking memory.

─ Very temporary and fade quickly.



Theoretical Approach (4) COGSResearch Cognitive Areas

Attention and memory• Linguistic and graphical representation: images and digits stocked

up as it was seen like digits or images? [Alkhalifa06],[Kosslyn80/83] (tokencode).

─ e.g. PIN "3265" can be stocked up as a number or an image takinginto consideration how the individual would portray it.

• Imagery Debate:

• Mental images have a spatial format and share representations withthose used during perception [Kosslyn80].

• Mental images are symbolic, like language, and therefore do notshare representations with perception [Pylyshyn81].



Theoretical Approach (5) COGSResearch Cognitive Areas

Metaphors-of-human-thinking [Naur98/00], [James90]:• Metaphor of Habit Formation (password/day).

• Metaphor of the Stream of Thought (ATM).

• Metaphor of the Dynamics of Thinking(OOBA).

• Metaphor of the Incompleteness ofUtterances.

• Metaphor of Knowing (security toolbar).



Theoretical Approach (6) COGSCognition Dimension Example



Scenario• A knowledge-based user authentication.

Principle• Visibility of system status.

Description• The system should always keep users informed about what is

going on, through appropriate feedback within reasonable time.

Cognitive dimension:• Password prompt does not display anything while the user is

typing it in (keyboard does not stop working in PuTTY*);

• Prevent someone from watching over your shoulder (SocialEngineering).

*http://www.chiark.greenend.org.uk/~sgtatham/putty/

Theoretical Approach (7) COGSModel of User Authentication



User

KB

B

RFID

Stimulusfrom

externalenvironment

(authenticationmethod)

PerceptualMemory

Short-TermMemory

Control System

Authentication method objective:

INPUT

AuthenticationType

Se

nso

ryIn

pu

t

OUTPUT

SignalProcessingOUTPUT

OpticEchoicHaptic

Emanation

INPUT

INPUT

OUTPUT

Long-TermMemory

(repository ofknowledge/visuospatial

phonological)

- Short Term- Long Term- Conscious

- Attention- Unconscious- Physical

Experimental Approach

Experimental Approach (1) CSIntroduction

Encompass logical (e.g. access to a computer network)and physical authentication (e.g. access to a facility) -wired or wireless - of human users.

Task, usability and security scenarios will be developed forthe prototyping phase.

Verification & Validation will be undertaken through aprototype composed of four functions using a Challenge-Response authentication method.



Experimental Approach (2) CSUse Cases

Design: a Security Designer creates an authenticationmethod using the Security Usability Symmetry (SUS)design method.

Specification: a Security Services Buyer specifies anew authentication method in an organization using theRSA Authentication Scorecard [RSA07].

Assessment: a Security Consultant evaluates an existingimplemented authentication method of a client using theRSA Authentication Scorecard.

Usage: an end-user authenticates her/himself to acomputer system.



Experimental Approach (3) CSFunctions to be simulated



Experimental Approach (4) CSChallenge-Response Authentication

Challenge-Response Authentication [RSA07].



Experimental Approach (5) CSSecurity Usability Symmetry(SUS)

Help usability specialists and security designers to design,inspect, and evaluate a GUI to identify security usabilityproblems and check for conformance with itscorresponding usability and security criteria.

An improved variant of the Heuristic Evaluation method[Molich&Nielsen90/94].

Usability and security criteria can be used to guide adesign decision or to assess a design that has alreadybeen created.

To date, SUS is the only available check-list forassessment of security usability of user authenticationmethods in the HCISEC.




Identify the security usability problems in the GUI withregard to those security and usability criteria that wereviolated by the design in the evaluator standpoint.• Product Rating severity of the identified usability problems

(Frequency/Consequence/Persistence).

• Product Rating severity representation (Minor to Major).

• Product Rating severity of the identified security problems.

• Product Rating severity representation (Minor to Major).

The usability problems can greatly be eliminated orreduced through the severity rates where we are able toidentify those problems that should be tackled and fixed.




Usability Techniques - Heuristic Evaluation: A System Checklist [Pierotti96].



Y N N/A


A sample of the Security Usability Symmetry Version 1.0 review check-list for MTMs [Braz&Seffah07].


8-Nov.-07 43/59A Security Usability Protocol for User Authentication

University of Quebec at Montreal


Security Usability Symmetry Version 2.0.

Cognitive Sciences model.

Computer Science model.

Publishing:• Scientific papers in conference proceedings and journals

(six papers already published in the HCISEC) Designing a Trade-off

Between Usability and Security: A Metrics Based-Model [Braz&Seffah07]

• A book regarding the design of GUI targeted to Security & ITadministrators (1st draft ready to go).



Project Schedule

Project Schedule (1)

00/0022-Sep-07A Security Usability Protocol for User Authentication

University of Quebec at Montreal


47/59

References

References (1)

[Alkhalifa06] Alkhalifa, E.M.: Cognitively Informed Systems: UtilizingPractical Approaches to Enrich Information Presentation and Transfer. IdeaGroup Publishing, 2006.

[Bastien&Scapin93] Bastien, J.M.C & Scapin, D.L.: Ergonomic Criteria for TheEvaluation of Human-Computer Interfaces”, Technical report N° 156, INRIA(France) 1993. Retrieved on February 9, 2006<http://hci.cs.concordia.ca/www/hcd/article/criteres_scapin.pdf>

[Biederman87] Biederman, I.: Recognition-by-Components: A Theory ofHuman Image Understanding. Psychological Review Journal, Volume 94, 1987.

[BofA07] Bank of America: SiteKey online banking. Retrieved on October 15,2007 <http://www.bankofamerica.com/privacy/sitekey/>

[Braz& Aïmeur03] Braz, C. & Aïmeur, E.: AuthenLink: A User-CentredAuthentication System for a Secure Mobile Commerce. Dept. of ComputerScience, University of Montreal, Quebec (Canada) 2003.


References (2)

[Braz&Seffah07] Braz, C.1, Seffah, A.2 & M’Raihi, D.3: Designing a Trade-offbetween Usability and Security: A Metrics Based-Model. In Proceedingsof the Interact 2007-Socially Responsible Interaction, IFIP TC.13 IFIP TechnicalCommittee on Human Computer Interaction. 1Dept. of Computer Science,University of Quebec at Montreal, QC (Canada); 2Dept. of ComputerScience and Software Engineering, Concordia University, Montreal, QC(Canada); 3Innovation Group, VeriSign Inc., Mountain View, CA (USA) 2007.

[Cowan88] Cowan, N.: Evolving conceptions of memory storage, selectiveattention, and their mutual constraints within the human information processingsystem. Psychological Bulletin, 104, 163–191.


References (3)

[Cranor&Garfinkel05] Cranor, L. & Garfinkel, S.L.: Security and Usability.O'Reilly & Associates, Inc., Cambridge, MA (USA) 2005.

[Ferber99] Ferber, J.: Multiagent Systems - A Introduction to Distributed ArtificialIntelligence. Addison-Wesley Pearson Ed. Ltd., London, England (UK) 1999.

[Forrester07] Forrester Consulting: The State Of Data Security In North America –A commissioned study conducted by Forrester Consulting on behalf of RSA, theSecurity Division of EMC, Cambridge, MA (USA) 2007.

[Hornbæk&Frøkjær04] Hornbæk, K.1 & Frøkjær, E.2: Two psychologyBased usability inspection techniques studied in a diary experiment.NordiCHI 04, October 23-27, Tampere, Finland; 1Natural Sciences ICTCompetence Center, University of Copenhagen (Denmark); 2DatalogiskInstitut Københavns Universitet (Denmark) 2004.


References (4)

[ISO13407:99] International Organization for Standardization: ISO13407: Humancentred design processes for interactive systems, 1999.

[ISO9126:01/02/04] International Organization for Standardization: SoftwareEngineering -Product quality - Part 1: Quality model, ISO/IEC 91261:2001 Edition 1; (2003) “Software engineering - Product quality - Part 2: Externalmetrics” ISO/IEC TR 9126-2:2003 Edition 1; (2004) Software engineering –Product quality - Part 4: Quality in use metrics, ISO/IEC TR 9126-4:2004 Ed. 1,2001.

[ISO9241-11:98] International Organization for Standardization: ISO924111: Ergonomic requirements for office work with visual display terminals(VDTs - Part 11: Guidance on Usability, 1998.

[James90] James, W.: Principles of Psychology, Henry Holt & Co., 1890.

[Jøsang&Patton01] Jøsang, A. & Patton, M.: User Interface Requirementsfor Authentication of Communication. Security Usability White Paper, DistributedSystems Technology Centre, QUT, Brisbane, Qld 4001 (Australia) 2001.


References (5)

[Kantner&al03] Kantner, L. Sova, D. H. & Rosenbaum, S.: Alternative Methods foField Usability Research, SIGDOC 2003 Proceedings, (San Francisco, CA),Published by Association for Computing Machinery, Inc., 2003.

[Kirakowski01] Kirakowski,J.: SUMI Questionnaire”, Human Factors ResearchGroup, University College Cork, Enterprise Centre, North Mall, Cork (Ireland)2001.

[Kosslyn80] Kosslyn, S.M.: Image and Mind. Cambridge, MA: HarvardUniversity Press (USA).[Kosslyn83] Kosslyn, S.M. (1983) “Ghosts in the Mind'sMachine: Creating and Using Images in the Brain. Norton, New York, NY (USA)1980.

[Marr&Nishihara78] Marr, D. & Nishihara, H. K.: Representation andRecognition of the Spatial Organization of Three-Dimensional Shapes.Proceedings of the Royal Society B200:269—294, 1978.

[Molich&Nielsen90/94] Molich, R. & Nielsen, J.: Revised Edition Nielsen, J. TenUsability Heuristics, 1990/94.

[Naur98] Naur, P.: Human knowing, language, and discrete structures, inNaur, P. 1992, “Computing: A Human Activity”, ACM Press/Addison Wesley. 518535, 1998.


References (6)


[Naur00] Naur, P.: CHI and Human Thinking”, in Proceedings of TheFirst Nordic Conference on Computer-Human Interaction (NordiCHI 2000,Stockholm, Oct. 23-25, 2000). Retrieved on July15, 2007 <www.naur.com>

[NCSC91] National Computer Security Center within the Guide to UnderstandingIdentification & Authorization in Trusted Systems. Version 1, Library No. 5235,479, National Security Agency (NSA), U.S. government (USA) 1991.

[O’Regan&Noë01] O'Regan, J.K. & Noë, A.: A Sensorimotor Account ofVision and Visual Consciousness. Behavioural and Brain Sciences, 24, 9391031, Cambridge University Press (US) 2001.

[Pierotti96] Pierotti, D.: Usability Techniques - Heuristic Evaluation: ASystem Checklist. Xerox Corporation, Version 1.0. (USA) 1996Retrieved on October 7, 2007 <http://www.stcsig.org/usability/topics/articles/hechecklist.html>

[Poirier&Meunier07] Poirier, P. & Meunier, J.-G.: DIC8100/9000 Mise à niveauen sciences cognitives. Department of Computer Science, Cognitive ComputingPhD Program, University of Quebec at Montreal, Quebec (Canada) 2007.

References (7)

[Pylyshyn81] Pylyshyn, Z.: Is the imagery debate over? If so, what was it about?Rutgers Center for Cognitive Science, Rutgers University, New Brunswick, NJ(USA) 1981.

[RSA07] RSA Security Inc.: Hardware Authenticators, RSA Security Website.Retrieved on October 2, 2007 <http://www.rsa.com/node.aspx?id=1158>Bedford, MA (USA).

[Saltzer&Schroeder00] Saltzer, J. & Schroeder, M.D.: The Protection ofInformation in Computer Systems. University of Virginia, Department of ComputerScience CS551: Security and Privacy on the Internet, 2000.

[Sasse&Adams99] M.A. Sasse & A. Adams: Users are Not the Enemy:Why Users Compromise Security Mechanisms and How to TakeRemedial Measures. Comm. ACM, vol. 42, no.12, pp. 41–46, 1999.

[Sperling60] Sperling, G.: The Information Available in Brief VisualPresentations. Psychological Monographs, 74 (Whole No. 498, pp. 1-29), 1960.

[Wickens84] Wickens, C. D.: Engineering Psychology andHuman Performance. Columbus, OH, Charles E. Merrill Publishing Co., 1984.


Thank you for your time!

8-Nov.-07

57/59

Questions? Comments?

8-Nov.-07

58/59

A Security Usability Protocol for UserAuthenticationChristina [email protected]@rsasecurity.comwww.er.uqam.ca/nobel/d362040/accueil2.htm

8-Nov.-07

59/59

Comparative Analysis of User Authentication

A Security Usability Protocol for User AuthenticationUniversity of Quebec at Montreal8-Nov.-07

Complete comparative analysis of the main user authentication methods

a security usability protocol for user authentication - uqama security usability protocol for user...

Documents