There is an intrinsic conflict between creating secure systems and usable systems. But usability and security can be made synergistic by providing requirements and design tools with specific usable security principles earlier in the requirements and design phase. In certain situations, it is possible to increase usability and security by revisiting design decisions made in the past; in others, to align security and usability by changing the regulatory environment in which the computers operate. This book addresses creation of a usable security protocol for user authentication as a natural outcome of the requirements and design phase of the authentication method development life cycle.
Table of Contents:
Why this Book?
Acknowledgments
1 Usability and Security: Conflicts and Interdependencies
2 Panoramic Overview of User Authentication Techniques
3 Usable Security Concerns Related to Authentication Methods
4 Fundamentals of the Usable Security Protocol for User Authentication
5 The Usable Security Protocol Methodology: Define, Identify, and Develop
6 The Usable Security Protocol Methodology: Assess and Generate
7 The Usable Security Protocol Methodology: Formulate
8 The Usable Security Protocol Methodology: Demonstrate
Appendix 1: Authentication Risk-Assessment Matrix
Appendix 2: Usability Severity Ratings and Recommendations for MTM
Appendix 3: Security Severity Ratings and Recommendations for MTM
Additional Reading
References
Index
About the Author :
Christina Braz has been working with usable security in the area of computer security (particularly user authentication and identity management) since 2002. She earned her PhD in Cognitive Computing from the University of Quebec, Montreal, and Master of Science in Electronic Commerce from the Department of Computer Science and Applied Research, University of Montreal. Dr. Braz work experience spans over 15 years in Computer Security, Finance, Mobile Computing, and Telecommunications industries working in consultancy and corporate environments such as Scotiabank, Citibank, Symantec, RSA Security, VeriSign, and Roger Telecommunications. She has also held positions as Information Assurance Instructor at Northeastern University in Boston, MA and Graduate Teaching Assistant at HEC Montreal, QC, Canada. She has been publishing papers in the field of Human Computer Interaction Security (HCISec) for the past 10 years. Some of her main projects are investments and banking mobile applications; usable security symmetry: a security and usability inspection method; GlancePass: a usable, single-factor, and yet strong biometric authentication method; MobiTicket: a Wireless-based (SMS) auction application for selling concert tickets through mobile devices; and finally, AuthenLink, an authentication system to automatically authenticate mobile users through an implantable RFID chip. Dr. Braz currently works for Scotiabank in the Research & Development division in Toronto, Canada.
Ahmed Seffah is a professor of human-centric Software Engineering at Lappeenranta University of technology, Finland. Previously, he was a faculty member and the Concordia university research chair on human-centered software engineering. Professor Seffah was a visiting professor in various universities and research Centre including IBM, University of Lausanne, Daimler Chrysler and the Computer research institute of Montreal. He co-authored five research books and essays, the latest one on the "Patterns of HCI Design Patterns and the HCI Design of Patterns." His main research interest is to understanding human aspects and the measures for quantifying the software quality from a human perspective as well as avenues for integrating HCI design, user-centric engineering, UX design practices and all similar ones into the wider software and systems engineering processes. Visible contributions of his includes the gaps and bridges between HCI design practices and software engineering methodologies such as agile, model-driven and service-oriented to building a unifying theory of human-centric software design and engineering.
Bilal Naqvi is a Registered Computer Software Engineer and an expert in Information Security. Besides research he has been holding a full-time teaching position in an Engineering university in Pakistan. He is currently doing PhD Software Engineering from Finland with focus on human-aspects related to computer security. The main goal of the research is development of design patterns for addressing the usability and security conflicts.
