Abstract
Security and usability are often horn locked and system administrators tend to configure systems so that
they favor security over usability. In many cases, however, the increased security results in usability that is so
poor that users feel the need to circumvent the security mechanisms. This is probably best explained by
considering password based authentication, where a user is actively involved in the process. If the time
required to log in to an account is considered too high, users tend to leave their terminals logged in
throughout the day and share their account with other users. This is particularly true for nomadic users who
move around in ubiquitous computing environments and avail from different IT services from many different
locations. In many ubiquitous computing environments, where information processing is not considered the
main priority, management often accepts this practise in order to increase productivity, e.g., in a hectic
hospital environment, medical staff has to login and logout of various machines several times in an hour, but
the repeated interactions consume a considerable amount of time, causing organizational inefficiency, job
frustration and a tendency towards defeating the obstacle by leaving terminals logged in or choosing short
and easy to type passwords. Therefore, a password based authentication mechanism, which is quite simple
and secure in personal computing, has become too cumbersome for nomadic users, which means that other
means of authentication must be developed for nomadic users.
In this paper, we focus on usability of authentication for nomadic users in a ubiquitous computing
environment. We identify requirements for authentication of nomadic users and propose an authentication
framework for this class of users. A prototype of the proposed authentication framework has been developed,
which supports persistent and multifactor authentication without the active intervention of a user.
We evaluate the usability of the developed mechanism by considering the time required to authenticate
when logging in to a workstation and compare this to classic password based authentication. The evaluation
shows that the proposed mechanism saves a significant amount of time for the nomadic users, which reduces
the incentive to circumvent the authentication mechanism. Thus, the mechanism will both provide users with
better job satisfaction and increased organizational efficiency, while at the same time increase the effective
level of security of the system.
Original language | English |
---|---|
Publication date | 2009 |
Publication status | Published - 2009 |
Event | Nordic Workshop and Doctoral Symposium on Dependability and Security - Linköping, Sweden Duration: 27 Apr 2009 → … |
Workshop
Workshop | Nordic Workshop and Doctoral Symposium on Dependability and Security |
---|---|
Country/Territory | Sweden |
City | Linköping |
Period | 27/04/2009 → … |
Keywords
- Security, Usability, Ubiquitous Computing, Nomadic Users, Authentication.