%0 Conference Proceedings
%T A Generic Multimodels-Based Approach for the Analysis of Usability and Security of Authentication Mechanisms
%+ Interactive Critical Systems (IRIT-ICS)
%+ Scalable and Pervasive softwARe and Knowledge Systems (Laboratoire I3S - SPARKS)
%+ Web-Instrumented Man-Machine Interactions, Communities and Semantics (WIMMICS)
%+ VTT Technical Research Centre of Finland (VTT)
%A Broders, Nicolas
%A Martinie, Célia
%A Palanque, Philippe
%A Winckler, Marco
%A Halunen, Kimmo
%< avec comité de lecture
%( HCSE 2020: Human-Centered Software Engineering
%B HCSE 2020 - 8th International Conference on Human-Centered Software Engineering - IFIP WG 13.2 International Working Conference
%C Eindhoven/ Online, Netherlands
%Y IFIP : international federation for information processing
%I Springer
%3 Lecture Notes in Computer Science book series (LNCS)
%V 12481
%P 61-83
%8 2020-11-30
%D 2020
%R 10.1007/978-3-030-64266-2_4
%K Usability
%K Security
%K Tasks descriptions
%K Authentication
%Z Computer Science [cs]/Human-Computer Interaction [cs.HC]Conference papers
%X Authentication is a security function, added on top of an interactive system, whose role is to reduce organizations and users’ risks to grant access to sensitive data or critical resources to unauthorized users. Such a security function interfere with users’ goals and tasks by adding articulatory activities, which affect each dimension of usability. In order to mitigate their negative effect on usability, security functions must be designed following a User Centered Approach. In order to ensure their efficiency in terms of security, security processes have to be followed. With this respect, this paper focuses on the representation of user tasks (using task modelling techniques) to be performed during authentication. For security aspects, we propose the use of an approach called “attack trees” which represents threats and their effect. To integrate both aspects in a single framework, we propose an extended task modelling technique that is able to represent explicitly security threats and their potential effect together with users’ tasks performed during authentication. We show how such models can be used to compare the usability and the security of different authentication mechanisms and to make explicit conflicts between these properties. We exemplify the use of the approach on two sophisticated authentication mechanisms demonstrating its applicability and its usefulness for representing and assessing in a single framework, usability and security of these security mechanism.
%G English
%2 https://hal.science/hal-03079818/document
%2 https://hal.science/hal-03079818/file/A%20Generic%20Multimodels-Based%20Approach%20for%20the%20Analysis%20of%20Usability%20and%20Security%20of%20Authentication%20Mechanisms.pdf
%L hal-03079818
%U https://hal.science/hal-03079818
%~ UNICE
%~ UNIV-TLSE2
%~ UNIV-TLSE3
%~ CNRS
%~ INRIA
%~ INRIA-SOPHIA
%~ I3S
%~ INRIASO
%~ INRIA_TEST
%~ TESTALAIN1
%~ SMS
%~ WIMMICS
%~ UT1-CAPITOLE
%~ IFIP-LNCS
%~ IFIP
%~ INRIA2
%~ IFIP-TC13
%~ IFIP-HCSE
%~ IFIP-WG13-2
%~ UNIV-COTEDAZUR
%~ IRIT
%~ IRIT-ICS
%~ TEST-HALCNRS
%~ IRIT-FSL
%~ IRIT-UT3
%~ IFIP-LNCS-12481
%~ TOULOUSE-INP
%~ UNIV-UT3
%~ UT3-INP
%~ UT3-TOULOUSEINP