Getting Rid of the Usability/Security Trade-Off: A Behavioral Approach

Nocera, Francesco Di; Tempestini, Giorgia

doi:10.3390/jcp2020013

Cited by 6 publications

(4 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The issue of passwords is one of the most researched topics in usable security [26]. In our approach, the keys stored in the database are further protected using the Transparent Data Encryption (TDE) facility provided by Oracle Database 11g Release 2 as part of the Oracle Advanced Security option [73].…”

Section: Encryption Key Storagementioning

confidence: 99%

“…However, building a cryptographic solution is not about implementing encryption alone, as the associated challenges need to be addressed, namely, concurrency, key management, and ensuring solution usability through various GIS applications and protocol services. According to the literature, efforts to integrate security with usability often focus on enhancing the openness of security processes rather than making the system itself more useful [26].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Usable Encryption Solution for File-Based Geospatial Data within a Database File System

Sharma,

Govorov,

Martin

2024

JCP

View full text Add to dashboard Cite

Developing a security solution for spatial files within today’s enterprise Geographical Information System (GIS) that is also usable presents a multifaceted challenge. These files exist in “data silos” of different file server types, resulting in limited collaboration and increased vulnerability. While cloud-based data storage offers many benefits, the associated security concerns have limited its uptake in GIS, making it crucial to explore comparable alternative security solutions that can be deployed on-premise and are also usable. This paper introduces a reasonably usable security solution for spatial files within collaborative enterprise GIS. We explore a Database File System (DBFS) as a potential repository to consolidate and manage spatial files based on its enterprise document management capabilities and security features inherited from the underlying legacy DBMS. These files are protected using the Advanced Encryption Standard (AES) algorithm with practical encryption times of 8 MB per second. The final part focuses on an automated encryption solution with schemes for single- and multi-user files that is compatible with various GIS programs and protocol services. Usability testing is carried out to assess the solution’s usability and focuses on effectiveness, efficiency, and user satisfaction, with the results demonstrating its usability based on the minimal changes it makes to how users work in a collaborative enterprise GIS environment. The solution furnishes a viable means for consolidating and protecting spatial files with various formats at the storage layer within enterprise GIS.

show abstract

Section: Encryption Key Storagementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Usable Encryption Solution for File-Based Geospatial Data within a Database File System

Sharma,

Govorov,

Martin

2024

JCP

View full text Add to dashboard Cite

show abstract

“…There is always a trade-off between security and usability. The more secure a system is, the less usable it is and vice versa [58]. Usability is a vital part of any system's development [59].…”

Section: Usable Securitymentioning

confidence: 99%

Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 Websites

Albesher

2023

Sustainability

View full text Add to dashboard Cite

A sustainable online environment is essential to protecting businesses from abuse and data breaches. To protect sustainability, websites’ authentication procedures should continuously keep up with new technologies and the ways in which these technologies are used. Thus, a continuous assessment of these authentication procedures is required to ensure their usability. This research aimed to compare the status of the sign-up, sign-in, and password recovery processes on 20 websites. The researcher checked every website in a separate session and used the “think-aloud” technique while recording the screen to ensure accurate data analysis. Specific items were checked during every session to detect the similarities and differences between the tested websites in their authentication processes. The results led to valuable discussions and recommendations for improving authentication procedures. Some of these recommendations include best practices for better design of password rules, determining when two-factor authentication should be compulsory, and understanding how to improve password reset processes and keep accounts secure.

show abstract

“…In contrast, Di Nocera and Tempestini [60] recently attempted to resolve the trade-off issue by proposing to exploit this compromise rather than fighting it. Particularly, in a single-case study in which an individual discriminated between suspicious and nonsuspicious emails, they introduced a usability feature as a reinforcer for secure behavior.…”

mentioning

confidence: 99%

Usable Security: A Systematic Literature Review

Di Nocera,

Tempestini,

Orsini

2023

Information

Self Cite

View full text Add to dashboard Cite

Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed this balance. These studies, spanning psychology and computer science/engineering, contribute diverse perspectives, necessitating a systematic review to understand strategies and findings in this area. This systematic literature review examined articles on usable security from 2005 to 2022. A total of 55 research studies were selected after evaluation. The studies have been broadly categorized into four main clusters, each addressing different aspects: (1) usability of authentication methods, (2) helping security developers improve usability, (3) design strategies for influencing user security behavior, and (4) formal models for usable security evaluation. Based on this review, we report that the field’s current state reveals a certain immaturity, with studies tending toward system comparisons rather than establishing robust design guidelines based on a thorough analysis of user behavior. A common theoretical and methodological background is one of the main areas for improvement in this area of research. Moreover, the absence of requirements for Usable security in almost all development contexts greatly discourages implementing good practices since the earlier stages of development.

show abstract

Getting Rid of the Usability/Security Trade-Off: A Behavioral Approach

Cited by 6 publications

References 42 publications

A Usable Encryption Solution for File-Based Geospatial Data within a Database File System

A Usable Encryption Solution for File-Based Geospatial Data within a Database File System

Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 Websites

Usable Security: A Systematic Literature Review

Contact Info

Product

Resources

About