Return to search

Usability and security of human-interactive security protocols

We investigate the security and usability of Human-Interactive Security Protocols (HISPs); specifically, how digests of 4 or more digits can be compared between two or more sys- tems as conveniently as possible while ensuring that issues such as user complacency do not compromise security. We address the research question: given different association scenarios and modes of authentication in HISPs, how can we improve on existing, or design new, empirical channels that suit human and contextual needs to achieve acceptable effective security? We review the literature of HISPs, proposed empirical channels,and usability studies of HISPs; we follow by presenting the methodology of the research reported in this thesis. We then make a number of contributions discussing the effectiveness of empirical channels and address the design, analysis, and evaluation of these channels. In Chapter 4 we present a user study of pairwise device associations and discuss the factors affecting effective security of empirical channels in single-user scenarios. In Chapter 5 we present a user study of group device associations and discuss the factors affecting effective security of empirical channels in multi-user scenarios. In Chapter 7 we present a framework designed for researchers and system designers to reason about empirical channels in HISPs. The framework is grounded in experimental data, related research, and validated by experts. In Chapter 8 we present a methodology for analysing and evaluating the security and usability of HISPs. We validate the methodology by applying it in laboratory experiments of HISPs. Finally, in Chapter 6 we present a set of principles for designing secure and usable empirical channels. We demonstrate the effectiveness of these principles by proposing new empirical channels.

Identiferoai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:547472
Date January 2011
CreatorsKainda, Ronald
ContributorsRoscoe, Andrew William : Flechais, Ivan
PublisherUniversity of Oxford
Source SetsEthos UK
Detected LanguageEnglish
TypeElectronic Thesis or Dissertation
Sourcehttp://ora.ox.ac.uk/objects/uuid:ea14d34a-d232-4c8b-98ab-abbf0d7a5d36

Page generated in 0.0018 seconds