Security and usability are often horn locked and system administrators tend to configure systems so that they favor security over usability. In many cases, however, the increased security results in usability that is so poor that users feel the need to circumvent the security mechanisms. This is probably best explained by considering password based authentication, where a user is actively involved in the process. If the time required to log in to an account is considered too high, users tend to leave their terminals logged in throughout the day and share their account with other users. This is particularly true for nomadic users who move around in ubiquitous computing environments and avail from different IT services from many different locations. In many ubiquitous computing environments, where information processing is not considered the main priority, management often accepts this practise in order to increase productivity, e.g., in a hectic hospital environment, medical staff has to login and logout of various machines several times in an hour, but the repeated interactions consume a considerable amount of time, causing organizational inefficiency, job frustration and a tendency towards defeating the obstacle by leaving terminals logged in or choosing short and easy to type passwords. Therefore, a password based authentication mechanism, which is quite simple and secure in personal computing, has become too cumbersome for nomadic users, which means that other means of authentication must be developed for nomadic users. In this paper, we focus on usability of authentication for nomadic users in a ubiquitous computing environment. We identify requirements for authentication of nomadic users and propose an authentication framework for this class of users. A prototype of the proposed authentication framework has been developed, which supports persistent and multifactor authentication without the active intervention of a user. We evaluate the usability of the developed mechanism by considering the time required to authenticate when logging in to a workstation and compare this to classic password based authentication. The evaluation shows that the proposed mechanism saves a significant amount of time for the nomadic users, which reduces the incentive to circumvent the authentication mechanism. Thus, the mechanism will both provide users with better job satisfaction and increased organizational efficiency, while at the same time increase the effective level of security of the system.
|Publication status||Published - 2009|
|Event||Nordic Workshop and Doctoral Symposium on Dependability and Security - Linköping, Sweden|
Duration: 27 Apr 2009 → …
|Workshop||Nordic Workshop and Doctoral Symposium on Dependability and Security|
|Period||27/04/2009 → …|
- Security, Usability, Ubiquitous Computing, Nomadic Users, Authentication.