Abstract
Besides the pure technical features, the usability of a PKI-enabled application plays a crucial role since the best security application will fail in practice if its usability is insufficient.
We present a generic framework to evaluate the usability and utility of PKI-enabled applications with respect to their security features. Our approach is modeled on the Common Criteria methodology and consists of 15 evaluation categories that cover all the relevant topics, namely deployment, ergonomics, and technical features.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, A., Sasse, M.A.: Users are Not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures. Communications of the ACM 42(12), 41–46 (1999)
Buchmann, J., Baier, H., Straub, T.: Absicherung von Anwendungen mit der Unterstützung von Public-Key-Infrastrukturen – Benutzbarkeitsstudie im Auftrag der Microsoft Deutschland GmbH (2003) (in German)
Davis, D.: Compliance Defects in Public-Key Cryptography. In: 6th USENIX Security Symposium, San Jose, USA (1996)
Gerd tom Markotten, D., Kaiser, J.: Usable Security – challenges and model for e-commerce systems. Wirtschaftsinformatik (6), 531–538 (2000)
Holmström, U.: User-centered design of security software. In: 17th International Symposium on Human Factors in Telecommunications, Copenhagen, Denmark (1999)
ISO 15408: Common Criteria for Information Technology Security Evaluation (CC) Version 2.0 (1998)
ISO 9241: Ergonomic requirements for office work with visual display terminals
Kaiser, J., Reichenbach, M.: Evaluating security tools towards usable security. In: IFIP 17th World Computer Congress, Montreal, Canada (2002)
Nielsen, J.: Usability Engineering. AP Professional, Cambridge (1993)
Sasse, M.A.: Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery. In: CHI 2003, Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, USA (2003)
Schneier, B.: Secrets and Lies. Wiley, Chichester (2000)
Voßbein, J., Voßbein, R.: KES/KPMG-Sicherheitsstudie: Lagebericht zur ITSicherheit. kes 3 and 4 (2002), available online http://www.kes.info (in German)
Whitten, A., Tygar, J.D.: Why Johnny Can’t Encrpyt: A Usability Evaluation of PGP 5.0. In: 8th USENIX Security Symposium, Washington DC, USA (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Straub, T., Baier, H. (2004). A Framework for Evaluating the Usability and the Utility of PKI-enabled Applications. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive