Exploring User-Centered Security Design for Usable Authentication Ceremonies

要旨

Security technology often follows a systems design approach that focuses on components instead of users. As a result, the users' needs and values are not sufficiently addressed, which has implications on security usability. In this paper, we report our lessons learned from applying a user-centered security design process to a well-understood security usability challenge, namely key authentication in secure instant messaging. Users rarely perform these key authentication ceremonies, which makes their end-to-end encrypted communication vulnerable. Our approach includes collaborative design workshops, an expert evaluation, iterative storyboard prototyping, and an online evaluation. While we could not demonstrate that our design approach resulted in improved usability or user experience, we found that user-centered prototypes can increase the users' comprehension of security implications. Hence, prototypes based on users' intuitions, needs, and values are useful starting points for approaching long-standing security challenges. Applying complementary design approaches may improve usability and user experience further.

著者
Matthias Fassl
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Lea Theresa. Gröber
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Katharina Krombholz
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
DOI

10.1145/3411764.3445164

論文URL

https://doi.org/10.1145/3411764.3445164

動画

会議: CHI 2021

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2021.acm.org/)

セッション: Developers / Authentication / Privacy Risks from Children to Adults

[A] Paper Room 12, 2021-05-12 17:00:00~2021-05-12 19:00:00 / [B] Paper Room 12, 2021-05-13 01:00:00~2021-05-13 03:00:00 / [C] Paper Room 12, 2021-05-13 09:00:00~2021-05-13 11:00:00
Paper Room 12
11 件の発表
2021-05-12 17:00:00
2021-05-12 19:00:00
日本語まとめ
読み込み中…