Designing Usable, Yet Secure Authentication Services: A User-Centric Protocol

Abstract

User authentication is a vital and critical service in many modern interactive applications including online banking, commerce, government as well as critical infrastructures protection. Such critical software systems should provide highly secure services for establishing if user access should be granted or not. As it will be highlighted in this paper, there is an intrinsic conflict between creating user authentication services that are secure, yet easy to use by the end-users. Our main goal is to adopt a human-centric approach which consists to study the intimate relationship between usability and security before the user authentication service has been implemented and deployed. We propose a framework that models the usability and security symmetry meaning the security consequences of usability issues. It suggests a novel usable security protocol through an inspection method named Usable Security Symmetry for dealing with usable security of user authentication methods that in turns will guide the development of truly secure and usable user authentication systems. The framework uses NGOMSL (Natural Goals, Methods, and Selection Language) to understand the user cognitive processes involved in user authentication while helping to identify and model the diverse situations of conflict between usability and security attributes.

Keywords: Security Usability, User Authentication, Information Security, Human Computer Interaction.

DOI: 10.54941/ahfe100257