认证过程的可用安全性:新方法和实用评估

Maha M. Althobaiti, P. Mayhew
{"title":"认证过程的可用安全性:新方法和实用评估","authors":"Maha M. Althobaiti, P. Mayhew","doi":"10.1109/ICITST.2015.7412083","DOIUrl":null,"url":null,"abstract":"Authentication mechanisms are considered the typical method to secure financial websites. Context authentication has become increasingly important in the arena of online banking, which involves sensitive data that belong to users who trust their banks. Multifactor authentication is the most commonly used method of strengthening the log-in process in e-banking. Developing a usable and secure authentication approach and method is the most challenging area for researchers in the fields of security and Human-Computer Interaction (HCI). This paper describes a work-in-progress towards a new approach for authenticating users when access online banking by giving them the opportunity to choose their preferred method to log into e-banking. In our complex experiment with 100 online banking customers, we simulate an original online banking platform based on the proposed approach; then, we evaluate the usability and security of three different methods and assess user awareness of the most visible security design flaws. The initial result shows that the new system model was able to assess the usability and security of different multifactor authentication methods and it is considered a first attempt towards a usable and secure authentication approach.","PeriodicalId":249586,"journal":{"name":"2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Usable security of authentication process: New approach and practical assessment\",\"authors\":\"Maha M. Althobaiti, P. Mayhew\",\"doi\":\"10.1109/ICITST.2015.7412083\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Authentication mechanisms are considered the typical method to secure financial websites. Context authentication has become increasingly important in the arena of online banking, which involves sensitive data that belong to users who trust their banks. Multifactor authentication is the most commonly used method of strengthening the log-in process in e-banking. Developing a usable and secure authentication approach and method is the most challenging area for researchers in the fields of security and Human-Computer Interaction (HCI). This paper describes a work-in-progress towards a new approach for authenticating users when access online banking by giving them the opportunity to choose their preferred method to log into e-banking. In our complex experiment with 100 online banking customers, we simulate an original online banking platform based on the proposed approach; then, we evaluate the usability and security of three different methods and assess user awareness of the most visible security design flaws. The initial result shows that the new system model was able to assess the usability and security of different multifactor authentication methods and it is considered a first attempt towards a usable and secure authentication approach.\",\"PeriodicalId\":249586,\"journal\":{\"name\":\"2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICITST.2015.7412083\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2015.7412083","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7

摘要

身份验证机制被认为是保护金融网站安全的典型方法。上下文认证在网上银行领域变得越来越重要,这涉及到属于信任其银行的用户的敏感数据。多因素认证是电子银行中最常用的加强登录过程的方法。开发一种可用且安全的身份验证方法是安全和人机交互(HCI)领域研究人员面临的最大挑战。本文描述了一种正在进行的新方法,通过让用户有机会选择登录电子银行的首选方法来对访问网上银行的用户进行身份验证。在我们对100个网上银行客户的复杂实验中,我们基于所提出的方法模拟了一个原始的网上银行平台;然后,我们评估了三种不同方法的可用性和安全性,并评估了用户对最明显的安全设计缺陷的认识。初步结果表明,新系统模型能够评估不同多因素身份验证方法的可用性和安全性,被认为是向可用和安全的身份验证方法的第一次尝试。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Usable security of authentication process: New approach and practical assessment
Authentication mechanisms are considered the typical method to secure financial websites. Context authentication has become increasingly important in the arena of online banking, which involves sensitive data that belong to users who trust their banks. Multifactor authentication is the most commonly used method of strengthening the log-in process in e-banking. Developing a usable and secure authentication approach and method is the most challenging area for researchers in the fields of security and Human-Computer Interaction (HCI). This paper describes a work-in-progress towards a new approach for authenticating users when access online banking by giving them the opportunity to choose their preferred method to log into e-banking. In our complex experiment with 100 online banking customers, we simulate an original online banking platform based on the proposed approach; then, we evaluate the usability and security of three different methods and assess user awareness of the most visible security design flaws. The initial result shows that the new system model was able to assess the usability and security of different multifactor authentication methods and it is considered a first attempt towards a usable and secure authentication approach.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信