Advertisement

An Integration of Usable Security and User Authentication into the ISO 9241-210 and ISO/IEC 25010:2011

  • Paulo Realpe-Muñoz
  • Cesar A. Collazos
  • Julio Hurtado
  • Toni Granollers
  • Jaime Velasco-Medina
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9750)

Abstract

Currently, computer security is one of the most important tasks. However, although there are works on the interfaces design secure and usable, it is necessary to perform an investigation to integrate these two attributes in a more easy way. Security problems for computer systems include vulnerabilities because they are hard to use and have poor user interfaces due to security constraints. Nowadays, finding a good trade-off between security and usability is a challenge, mainly for user authentication services. This paper presents an integration between the ISO 9241-210 standard to find a development process and a tool for evaluating qualitative and quantitatively usable security and user authentication, taking into account some aspects, attributes and characteristics of the ISO/IEC 25010:2011 allowing that the design requirements and its heuristic evaluation are suitable for the system.

Keywords

Usable security Authentication Attributes Principles Standards Guidelines 

Notes

Acknowledgement

Paulo Realpe-Muñoz thanks to Colciencias for the scholarship and to University of Lleida for the internship.

References

  1. 1.
    Yeratziotis, A., Greunen, D., Pottas, D.: A framework for evaluating usable security: the case of online health social networks. In: 6th International Symposium on Human Aspects of Information Security and Assurance (2012)Google Scholar
  2. 2.
    Payne, B., Edwards, W.: A Brief Introduction to Usable Security. IEEE Comput. Soc. 12, 13–21 (2008)CrossRefGoogle Scholar
  3. 3.
    International Standard ISO: ISO 9241–210 Ergonomics of Human-System Interaction - Part 210: Human-Centered Design for Interactive Systems. International Organization for Standardization ISO (2010)Google Scholar
  4. 4.
    International Standard ISO: ISO/IEC 25010–2011. Systems and software engineering - Systems and software Quality Requirements and Evaluation (SQuaRE) - System and software quality models. International Organization for Standardization ISO (2011)Google Scholar
  5. 5.
    Wilson, C.: Credible Checklists and Quality Questionnaires: A User-Centered Design Method, 1st edn. Morgan Kaufmann, San Francisco (2013)Google Scholar
  6. 6.
    Sim, G., Read, J.C., Cockton, G.: Evidence based design of heuristics for computer assisted assessment. In: Gross, T., Gulliksen, J., Kotzé, P., Oestreicher, L., Palanque, P., Prates, R.O., Winckler, M. (eds.) INTERACT 2009. LNCS, vol. 5726, pp. 204–216. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Mujinga, M., Eloff, M., Kroeze, J.: Towards a heuristic model for usable and secure online banking. In: 24th Australian Conference on Information Systems (ACIS), RMIT University, pp. 1–13 (2013)Google Scholar
  8. 8.
    Shneiderman, B., Leavitt, M.: Research-Based Web Design and Usability Guidelines. US Government Printing Office, Whashington D.C. (2006)Google Scholar
  9. 9.
    Vidal, D., Ibarra, J., Flores, B., Lopez, G.: Adoption of the Standard ISO 9241–21: 2010 on construction of interactive systems based in software. In: International Conference on Research and Innovation in Software Engineering. CANISOFT (2012)Google Scholar
  10. 10.
    Fidas, C., Hussmann, H., Belk, M., Samaras, G.: iHIP: towards a user centric individual human interaction proof framework. In: CHI Extended Abstracts, pp. 2235–2240. ACM (2015)Google Scholar
  11. 11.
    Haiyun, X., Heijmans, H., Visser, J.: A practical model for rating software security. In: 7th International Conference on Software Security and Reliability-Companion (SERE-C), pp. 231–232. IEEE (2013)Google Scholar
  12. 12.
    Colombo, R., Guerra, A., Balcao, A., Caruso, C.: Prioritization of software security intangible attributes. SIGSOFT Software Engineering Notes, pp. 1–7. ACM (2012)Google Scholar
  13. 13.
    Zapata, L.: Development of a Model for Security and Usability. Master Thesis. Universidad Politecnica de Madrid (2013)Google Scholar
  14. 14.
    Realpe, P., Collazos, C., Hurtado, J., Granollers, T.: Towards an integration of usability and security for user authentication. In: 16th International Conference on HCI, pp. 43:1–43:6 (2015)Google Scholar
  15. 15.
    Leventhal, L., Barnes, J.: Usability Engineering: Process, Products and Examples. Prentice Hall, Upper Saddle River (2007)Google Scholar
  16. 16.
    Ibrahim, T., Furnell, S., Papadaki, M., Clarke, N.: Assessing the usability of end-user security software. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) Trust, Privacy and Security in Digital Business. LNCS, vol. 6264, pp. 177–189. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Nurse, J., Creese, S., Goldsmith, M., Lamberts, K.: Guidelines for usable cybersecurity: past and present. In: Third International Workshop on Cyberspace Safety and Security (CSS), pp. 21–26. IEEE (2011)Google Scholar
  18. 18.
    Katsabas, D., Furnell, S., Downland, P.: Using human computer interaction principles to promote usable security. In: 5th International Network Conference (2005)Google Scholar
  19. 19.
    Bonastre, L., Granollers, T.: A set of heuristics for user experience evaluation in e-commerce websites. In: 7th International Conference on Advances in Computer-Human Interactions, IARIA, pp. 27–34 (2014)Google Scholar
  20. 20.
    Cranor, L., Garfinkel, S.: Security and Usability: Designing Secure Systems that People can Use. O’Reilly Media, California (2005)Google Scholar
  21. 21.
    Johnston, J., Eloff, J., Labuschagne, L.: Security and human computer interfaces. Comput. Secur. 22, 675–684 (2003)CrossRefGoogle Scholar
  22. 22.
    Nielsen, J., Molich, R.: Heuristic evaluation of user interfaces. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 249–256. ACM (1990)Google Scholar
  23. 23.
    Renaud, K.: Quantifying the quality of web authentication mechanisms a usability. Perspect. J. Web Eng. 3, 95–123 (2003)Google Scholar
  24. 24.
    Braz, C., Seffah, A., Poirier, P.: Designing usable, yet secure user authentication services: a user authentication protocol. In: 5th International Conference on Applied Human Factors and Ergonomics, vol. 20, AHFE, pp. 155–165 (2014)Google Scholar
  25. 25.
    Fritsch, L., Fuglerud, K., Solheim, I.: Towards inclusive identity management. Identity Inf. Soc. 3, 515–538 (2010)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Paulo Realpe-Muñoz
    • 1
  • Cesar A. Collazos
    • 1
  • Julio Hurtado
    • 1
  • Toni Granollers
    • 2
  • Jaime Velasco-Medina
    • 3
  1. 1.IDIS Research GroupUniversity of CaucaPopayánColombia
  2. 2.GRIHO Research GroupUniversity of LleidaLleidaSpain
  3. 3.Bionanoelectronics Research GroupUniversity of ValleCaliColombia

Personalised recommendations