Usability and verifiability of secure features for authenticating identity
Partanen, Teemu (2018)
2018
Tietojenkäsittelytieteiden tutkinto-ohjelma - Degree Programme in Computer Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2018-06-04
Julkaisun pysyvä osoite on
http://urn.fi/URN:NBN:fi:uta-201806262087
http://urn.fi/URN:NBN:fi:uta-201806262087
Tiivistelmä
Almost all financial transactions and personal data is nowadays online. A world with easy access to data and finances simplifies everyday life. Matters can be handled at ease where ever there is an internet connection. Contacting others can be done in ways unimaginable a decade or two ago. Instant messaging apps and video meetings bring the whole world close when working. If an end user finds something hard to handle they start sabotaging it with their personal behavior. They use less secure methods to keep their data secure because it is more convenient.
The world of software security is a balancing act between designing features secure enough and being able to verify the functionality of secure features against malicious attackers and making secure features usable. Usability improves the chances that the end user complies to use of every day security. Designing features secure enough to fight against malicious attackers has gained too large proportion of the effort. According to literature reviewed in this thesis usability of the secure features has not been seen as a priority.
This thesis examines usability and verifiability of secure features and methods. It is important to study the usability in this context, as better usability will allow secure features to appeal to a larger end user base, and adding the overall security. It will go through typical authentication methods and assesses their usability based on literature about usability and every day observations. It follows a high-level approach to secure features to be able to see what an end user encounters when using secure features. This is done to better evaluate the usability of the features. Especially when specifications are not fully available.
The thesis also introduces a formal testing process structure that can be used as a guideline in planning and executing tests for any software feature. Helpful toolsets to aid in creating functional test environments and support functions are presented. The thesis introduces different kinds of existing and future method that will make security and usability of the authentication
methods better.
The world of software security is a balancing act between designing features secure enough and being able to verify the functionality of secure features against malicious attackers and making secure features usable. Usability improves the chances that the end user complies to use of every day security. Designing features secure enough to fight against malicious attackers has gained too large proportion of the effort. According to literature reviewed in this thesis usability of the secure features has not been seen as a priority.
This thesis examines usability and verifiability of secure features and methods. It is important to study the usability in this context, as better usability will allow secure features to appeal to a larger end user base, and adding the overall security. It will go through typical authentication methods and assesses their usability based on literature about usability and every day observations. It follows a high-level approach to secure features to be able to see what an end user encounters when using secure features. This is done to better evaluate the usability of the features. Especially when specifications are not fully available.
The thesis also introduces a formal testing process structure that can be used as a guideline in planning and executing tests for any software feature. Helpful toolsets to aid in creating functional test environments and support functions are presented. The thesis introduces different kinds of existing and future method that will make security and usability of the authentication
methods better.