This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Brief Introduction to Usable Security
May/June 2008 (vol. 12 no. 3)
pp. 13-21
Bryan D. Payne, Georgia Institute of Technology
W. Keith Edwards, Georgia Institute of Technology
Researchers have studied usable computer security for more than 20 years, and developers have created numerous security interfaces. Here, the authors examine research in this space, starting with a historical look at papers that address two consistent problems: user authentication and email encryption. Drawing from successes and failures within these areas, they study several security systems to determine how important design is to usable security. Their discussion offers guidelines for future system design.

1. R. Morris and K. Thompson, "Password Security: A Case History," Comm. ACM, vol. 22, no. 11, 1979, pp. 594–597.
2. S. Wiedenback et al., "Authentication using Graphical Passwords: Effects of Tolerance and Image Choice," Proc. Symp. Usable Privacy and Security, ACM Press, 2005, pp. 1–12.
3. S.N.A. Porter, "A Password Extension for Improved Human Factors," Computers &Security, vol. 1, no. 1, 1982, pp. 54–56.
4. J.A. Haskett, "Pass-Algorithms: A User Validation Scheme Based on Knowledge of Secret Algorithms," Comm. ACM, vol. 27, no. 8, 1984, pp. 777–781.
5. B.F. Barton and M.S. Barton, "User-Friendly Password Methods for Computer-Mediated Information Systems," Computers &Security, vol. 3, no. 3, 1984, pp. 186–195.
6. M. Zviran and W.J. Haga, "Cognitive Passwords: The Key to Easy Access Control," Computers &Security, vol. 9, no. 8, 1990, pp. 723–736.
7. S. Brostoff and A.M. Sasse, "Are Passfaces More Usable than Passwords? A Field Trial Investigation," Proc. Human-Computer Interactions (CHI 00), ACM Press, 2000, pp. 405–424.
8. I. Jermyn et al., "The Design and Analysis of Graphical Passwords," Proc. 9th Usenix Security Symp., Usenix Assoc., 2000, pp. 1–14.
9. R. Dhamija and A. Perrig, "Deja Vu: A User Study Using Images for Authentication," Proc. 9th Usenix Security Symp.," Usenix Assoc., 2000, pp. 45–58.
10. D. Davis, F. Monrose, and M.K. Reiter, "On User Choice in Graphical Password Schemes," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 151–164.
11. J. Thorpe and P.C.V. Oorschot, "Graphical Dictionaries and the Memorable Space of Graphical Passwords," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 135–150.
12. S.T. Kent, "Internet Privacy Enhanced Mail," Comm. ACM, vol. 36, no. 8, 1993, pp. 48–60.
13. L. Lundblade, "A Review of E-Mail Security Standards," Proc. 7th Ann. Conf. Internet Soc. (INET 97), 1997; www.isoc.org/inet97/proceedings/A4A4_1.HTM .
14. S. Garfinkel, "Signed, Sealed and Delivered," CSO Online, April 2004, www.csoonline.com/read/040104shop.html.
15. B. Schneier, Applied Cryptography, 2nd ed., Wiley, 1996.
16. S.L. Garfinkel, Design Principles and Patterns for Computer Systems that Are Simultaneously Secure and Usable, PhD thesis, Mass. Inst. of Technology, 2005.
17. A. Whitten and J.D. Tygar, "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0," Proc. 8th Usenix Security Symp., Usenix Assoc., 1999, pp. 169–184.
18. S.L. Garfinkel and R.C. Miller, "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express," Proc. Symp. Usable Privacy and Security, ACM Press, 2005, pp. 13–24.
19. K.-P. Yee, "User Interaction Design for Secure Systems," Proc. 4th Int'l Conf. Information and Communications Security, Springer-Verlag, 2002, pp. 278–290.
20. K.-P. Yee, "Secure Interaction Design," 2007, http://zesty.casid.
21. R.W. Reeder and R.A. Maxion, "User Interface Dependability through Goal-Error Prevention," Proc. Int'l Conf. Dependable Systems &Networks, IEEE CS Press, 2005, pp. 60–69.
22. N. Borizov, I. Goldberg, and D. Wagner, "Intercepting Mobile Communications: The Insecurity of 802.11," Proc. Int'l Conf. Mobile Computing and Networking (Mobicom 01), ACM Press, 2001, pp. 180–189.
23. S. Fluhrer, I. Mantin, and A. Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4," Proc. 8th Ann. Workshop Selected Areas in Cryptography, Springer, 2001, pp. 1–24.
24. D. Balfanz et al., "Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute," Usenix Security Symp., Usenix Assoc., 2004, pp. 207–222.
25. N.S. Good and A. Krekelberg, "Usability and Privacy: A Study of Kazaa P2P File-Sharing," Proc. Human-Computer Interactions (CHI 03), vol. 5, ACM Press, 2003, pp. 137–144.

Index Terms:
useable computer security, user interface, user authentication, email encryption
Citation:
Bryan D. Payne, W. Keith Edwards, "A Brief Introduction to Usable Security," IEEE Internet Computing, vol. 12, no. 3, pp. 13-21, May-June 2008, doi:10.1109/MIC.2008.50
Usage of this product signifies your acceptance of the Terms of Use.