Académique Documents
Professionnel Documents
Culture Documents
1
A form of attack in which an attacker uses a large set of likely com-
binations to guess a secret.
2
Electronic eavesdropping is the intentional surveillance of data:
voice, fax, e-mail, mobile telephones, etc. often for nefarious purposes.
3
To infiltrate a physical building or information systems using non-
technical means (e.g. searching user desks for passwords on notes).
Locking Pin Systems authentication technique – a two-factor authentication; in
A classic strategy to defend against Personal Identifica- a two-factor technique (e.g. coupling biometrics with
tion Number (PIN) guessing attacks in authentication to- smart card technology) the "redundancy" of the authenti-
kens is to lock the system after three consecutive invalid cation augments the security level, but at the same time
PIN attempts. However, this classic strategy could seri- diminishes the user experience. Furthermore, there can
ously undermine the system usability. After the PIN has be serious limitations with some biometric measures (e.g.
been locked, it can only be unlocked by the token Ad- there is a range of eye diseases that affect the capability
ministrator. Actually, that is the worse-case scenario of of iris recognition system to capture an appropriate im-
usability once the administrator is not available, the user age of the eye [4]) and the level of social acceptability.
is blocked and no reversible action is possible. In such cases, the authentication process must be built in
redundancy, so that a second method must be provided
Cumbersome Data Input of Challenge Response in order to confirm the identity's user. However, an au-
Calculators thentication process also involves a user being enrolled
Challenge-response calculators (CRC) require even more and verified. Hence, we should focus on enhancing user
data input in comparison with other authentication meth- experience and convenience when choosing an authenti-
ods such as a user ID, a password, a PIN and a "chal- cation method.
lenge" (e.g. an authentication server creates a "chal-
lenge", which is typically a random number sent to the Comparative Analysis of the Authentication
client machine). Therefore, the difficulty and the prob- methods
ability of data input errors are higher (i.e., CRC do not As part of this project, we developed a comparative
echo the password back on the screen as it is typed, or analysis of the different features encountered in authenti-
they only display asterisks in place of the actual charac- cation methods according to Table 3. To describe the fol-
ters). lowing features we make use of subjective rating scales:
"Security" and "Usability" (ranging from 1=Minimum to
No Usability Features of Public Key Infrastruc- 5=Maximum in order to measure the degree of severity
ture (PKI) issues related to each authentication method), and
In order to illustrate the usability issues in a user authen- "Automatism versus Human" (ranging from 1=Human is
tication method, let’s briefly present the "Usability of better; 5=Machine is better). The feature "Accuracy" has
Security: A Case Study" [11] which was performed to two measure rates of authentication by biometrics:
evaluate the usability of Pretty Good Privacy (PGP) 5.0. (i) False Reject Rate (FRR) where a legitimate user is re-
The PGP is a standard software, which uses Public Key jected by the acquisition device; (ii) False Acceptance
Infrastructure to encrypt, decrypt, and digitally sign data, Rate (FAR) where a false user is accepted. The "Average
for the encryption of Electronic Mail developed by Phil Attack Space" (AAS) corresponds to the number of
Zimmermann [12]. The authors choose PGP because it guesses made by an attacker in order to disclose the se-
has a good user interface according to established stan- cret (e.g. passwords, PINs, etc.). Abbreviations used in
dards, and they claimed to find out whether that was suf- the Table 3: PK=Public Key; PRK=Private Key;
ficient to allow non-programmers who know little about SSO= Single-Sign-On; TGS=Ticket Granting Service.
security to use it effectively. The results obtained through
a cognitive walkthrough and user testing show that users Authentication Methods - Vulnerabilities still
had difficulty to: avoid dangerous errors, encrypt a mes- remain
sage, understand the public key model, figure out the Despite the efforts that were made by organizations to
correct key to encrypt with and how to encrypt with any provide suitable authentication methods, vulnerabilities
key, decrypt a message, publish the public key, and fi- still remain. Mechanisms and models that are compli-
nally verify a signature on an email message. These are cated to the user will be misused. When an authentica-
just the basics tasks to be performed in order to execute tion method is too demanding the user might not keep up
correctly the program. Therefore, PGP is not sufficiently with the increasing workload (e.g. a user might refuse to
usable to provide effective security for most email users, change her/is password each time s/he logs on). Thus,
according to the authors, because of the fact there is a organizations tend to blame mostly users for the human
"mismatch between the design philosophy behind its user failure of not handling complex and demanding technical
interface, and the usability needs of a security utility". systems. However, Norman argues that what we often
view as human error is the result of design flaws that may
Redundancy Factor of Biometrics Systems be surmounted [8]. According to Computing Technology
The best practices in the authentication area state that Industry Association CompTIA [3], the human error
multi-factor authentication (i.e. more than one form of turns out to be the principal cause of security breaches in
credential to identify a user) is generally stronger than the computing security sector of organizations; they ac-
any single-factor authentication method. Biometrics (i.e. count for 84% of security breaches in 900 private and
recognition of one’s hand, iris, voice, etc.) is generally public American organizations.
recognized as a "good candidate" to be used with another
Feature/ Pass- PIN Prox- One Chal- Multi Pub- Ker- Finger Voice Sig- Ret- Key- Un-
print stroke
Acquisition words imity Time lenge func- lic beros nature ina/ der-
Device (PW) card Gen- Re- tion Key or Rec- the-
Hand Iris
era- sponse card (PK) ogni- skin
or tion
tors ID
Face
chip
Definition Know Know Au- Au- Au- Au- Cryp- Key Bio- Bio- Bio- Bio- Bio- RFID
ledge ledge then- then- then- then- togra- Distri- met- met- met- met- met- based
based based tica- tica- tica- tica- phy bution rics rics rics rics rics
Center
8 to 4 dig- tion tion tion tion (PK User User Lengt Pat- User's
12 its Token Token Token Token and scan- voice h- tern typ-
digits PRK) ning when /widt of ing
speak h pen blood rhyth
ing pres- vessels m
sure
Advantages Ease Net- Last PW No Built- User Mu- Ease No High Un- No Forger,
of de- work- longer diffi- syn- in dy- credent tual to PWs defi- chang enrol- steal
ploy- less (con- cult to chro- namic ials Au- col- nition eable ment chip is
once pretty
ment tact- guess niza- data per
then- lect graph (life- hard
less) tion proc- login tica- ic time)
essing session tion
Disadvan- Can Can Theft, Brute Users Need PK is Scal- Crimi Chan Can Exces Mas- Mas-
tages be be fraud, force, shares of a single abil- nal ges change sive quer- quer-
for- for- coun- dic- their smart point ity affilia over signa- user ade ade
gotten gotten terfeit tion- ac- card of at- tion time ture at coop- (spoof (spoof
ary cess reader tack any era- ing) ing)
attack per- time tion
mis-
sions
Security 2 2 3 3 3 5 5 5 4 1 3 5 3 4
Usability 21 2 3 3 3 3 3 3 3 5 3 2 3 3
Human 43 53 5 5 5 5 5 5 1 44 4 1 1 3
versus
Automa-
2
tism
Data collec- Com- Com- Site- Com- Com- PK PK Dis- Site- Tele- Com- Com- Com- RFID
tion envi- puter- puter- based puter- puter- infra- infra- trib- based com/ puter- puter- puter- based
ronment based based (Ac- based based struc- struc- uted- (Ac- com- based based based
net- net- cess net- net- ture- ture- based cess puter- net- net- net-
work work Con- work work based based net- Con- based work work work
trol) work trol) net-
work
Input Process 7-20 5-10 2-5 15s- 15s- 7-20 7-20 7-20 <5 <5 5-15 5secs <5 <5
Time 7
secs5 secs5 secs6 5m5 5m5 s5,6 secs5 secs5 secs7 secs7 secs7 -15m secs
8
secs
9
Industrial Unix RSA Xy- RSA, Crypto Ax- Pretty Ker- Digital Apple Cyber Pri- Net Not
Application [10], Secur Loc- Se- Card, alto Good beros Per- Mac Sign vateI Nann yet
10 Ac- sonna imple-
Win- ID Sage- cure Gem- Pri- 5 OSX, D, y’s
dows ID, Com- tivCar plus, vacy , Vi- Voice Ex- Bio mented
Re-
NT00 etc. put- d, etc. etc. (PGP) sion- Secu- clé, Pass- [2]
lease
/keyC ing, 1.3.2 ics rity etc. word
hain etc.
Accuracy AAS AAS Up to AAS AAS No AAS Clock FRR FRR FRR FRR Aver- No
15 10cm 19 syn- age
= 2 13-bit =2 =54 avail- =102 =1 to =10 =2- =2 to data
23 of the 63 bit able 4 bit chro- 20%; to try 10%; 98% avail-
to 2 [10] to 2
reader niza- rate in
(dic- [10] [10] data PK= FAR 20%; 10%; FAR able
(fre- 86 tion12 rec-
tionary
quency 2 = FAR FAR ≥ ogniz-
attack) = 0,001 =2 to =2- 0,001
13.56 [10] ing
[10] 11 5m to %
mhz) 5% try indi-
5% [10] 0,58 [10] vidu-
[10] % als13
[10]
Table 3: Comparative Analysis of the Authentication Methods.
1
Software generated, more robust and break six rules of User Interface 3. Computing Technology Industry Association
2
Design [9] ; Automatism is related to the "acquisition device or data (CompTIA) (2002) Committing to Security: A
generator" presented by the user (e.g., PIN, memory card, fingerprint, CompTIA Analysis of IT Security and the Work-
3
etc.); Machines generate more secure and automatic passwords; force, Oakbrook Terrace, IL (US).
4
Novel Neural Net Recognizes Spoken Words Better Than Human
Listeners (2003) University of Southern California (US). Retrieved 4. Daugman, J. (2005) Results from 200 Billion Iris
January, 2006 <http://www.usc.edu/ext-relations/news_service/real Cross-comparisons, Technical Report, Computer
5 6
_video.html>; User average speed tapping; Average swiping speed Laboratory, University of Cambridge Computer
(i.e. the ideal swiping speed has to do with your self-confidence: timid Laboratory (UK). Retrieved on February 21, 2006
people swipe slower, nervous people swipe too fast, and confident
7 <http://www.cl.cam.ac.uk/TechReports/UCAM-CL-
people swipe at the ideal speed); User data collection is the time pe-
riod a person must spend to have her/is biometric reference template
TR-635.pdf>
successfully created (i.e. enrolment and verification time) but can vary 5. International Organization for Standardization
8
dramatically; Verification is built up on the concept that the rhythm
9 (1998) ISO 9241-11: Ergonomic requirements for
with which the user types is distinguishing; System processing time;
10 office work with visual display terminals (VDTs -
RSA Security SecurID Token. Retrieved February 21, 2006
Part 11: Guidance on Usability).
http://www.rsasecurity.com/node.asp?id=1156; 11 Cards are intended
to operate within up to 10cm of the reader antenna at a frequency of 6. Jøsang, A. & Patton, M. (2001) User Interface Re-
13.56 MHz (ISO/IEC 14443-1:2000); 12 Maximum tolerance for com- quirements for Authentication of Communication,
puter clock synchronization: this is the maximum time skew that can
be tolerated between a ticket's timestamp and the current time at the
Security Usability White Paper, Distributed Systems
Kerberos Distribution Center (KDC); 13 Net Nanny’s BioPassword Re- Technology Centre, QUT, Brisbane, Qld 4001 (Aus-
trieved February 21, 2006 <http://www.netnanny.com/> tralia).
7. Miller, G. A. (1956) The magical number seven plus
User satisfaction can be reached if the system is in ac-
or minus two: Some limits on our capacity for proc-
cordance with the user mental model of the task. For in-
essing information, Psychological Review, 63, 81-
stance, the user might regularly use the password-based
97.
authentication method which must be easy to learn and
remember, requiring a little memory from them whose 8. Norman, Donald A. (2001) The Psychology of the
minds are already concerned with the task itself and Everyday Things, Basic Books, Inc., Publishers New
whose time is valuable. York, NY (US).
9. Shneiderman, B. (1998) Designing the User Inter-
Conclusion
face: Strategies for Effective Human Computer In-
There is more and more research and development on
teraction. Chapter 2, Addison-Wesley, Reading, MA
computer system security, but still very few researches
(US).
on the usability issues of security mechanisms and tech-
niques. To be able to build reliable, effective and usable 10. Smith, R. (2002) Authentication: From Passwords
security systems, we need specific guidelines that take to Public Keys, Addison-Wesley, 1st edition (US).
into account the specific constraints of security mecha-
11. Whitten, A. & Tygar, J. D. (1998) Usability of Secu-
nisms. Systems should be built so as to be easy to learn
rity: A Case Study, School of Computer Science
and use by users with different backgrounds and skills.
EECS Carnegie Mellon University Pittsburgh, PA
Human factors should be incorporated into the develop-
and University of California SIMS, Berkeley, CA
ment of security solutions where usability is central dur-
(US).
ing the whole development process.
12. Zimmermann, P. (2004) Phil Zimmermann's Home
REFERENCES Page. Phil Zimmermann & Associates LCC. Re-
1. Adams, A. & Sasse, M. (1999) Users Are Not the trieved on February 11, 2006
Enemy, Communications of the ACM, vol.42, nº 12. <http://www.philzimmermann.com/EN/background/i
ndex.html>
2. Braz, C. (2003) AuthenLink: A User-Centred Au-
thentication System for a Secure Mobile Commerce, 13. Zurko, M. & Simon, R. (1997) User-Centered Secu-
Master Thesis, Department of Computer Science rity, The Pen Group Research Institute, Cambridge,
and Operations Research, Université de Montréal MA (US).
(Canada).