Usable Security – Results from a Field Study

  • 1 University of Applied Sciences, Cologne, Germany
  • 2 HK Business Solutions GmbH, Sulzbach/Saar, Germany
Luigi Lo Iacono
  • Corresponding author
  • Email
  • Further information
  • Luigi Lo Iacono studied computer science with a major in systems and security engineering and received the PhD degree from the University of Siegen (Germany) in 2005. He has previously worked in academic and industry research labs including Siemens Corporate Technology and NEC Laboratories Europe and is currently a full professor at the Cologne University of Applied Sciences, Germany. His research interests are focused on the security of distributed systems and the usability of those security mechanisms.
  • Search for other articles:
  • degruyter.comGoogle Scholar
, Hoai Viet Nguyen
  • Email
  • Further information
  • Hoai Viet Nguyen received his Master of Science in Media Technology at University of Applied Science, Cologne, Germany. Since 2013, he has been a Research Assistant at the Data and Application Security Group of the University of Applied Sciences, Cologne, Germany. His research interests include Service Security and usable security.
  • Search for other articles:
  • degruyter.comGoogle Scholar
and Hartmut Schmitt
  • Email
  • Further information
  • Hartmut Schmitt is a research project coordinator at HK Business Solutions GmbH (Sulzbach/Saar, Germany), a provider of business software and hardware solutions for SMEs. Since 2006 he has been working on research projects in the fields of human-computer interaction, usability, user experience, and requirements engineering, including project supervision for several joint projects. At present, he is leading and participating in the research project “USecureD – Usable Security by Design”.
  • Search for other articles:
  • degruyter.comGoogle Scholar

Abstract

Security has evolved into an essential quality factor of software systems. However, security features in software applications are often time-consuming, error-prone and too complicated for common users. This is mainly due to a limited consideration and integration of usability. As a consequence, users either circumvent security features or do not utilize them at all. Usable security is an advanced quality topic and an important research area of software systems. This area combines usability and security with the objective of making the use of security features in software effective, efficient and satisfying. In order to meet this challenge, the research project USecureD aims at supporting small and medium-sized enterprises (SMEs) in facilitating the selection and incorporation of usable security by developing, evaluating and collecting principles, guidelines, patterns and tools for merging usability and security engineering. During the initiation phase of the USecureD project, an online study (N = 118) in conjunction with 10 interviews and 2 workshops have been conducted in order to identify the relevance and requirements of usability, security and usable security with a specific focus on SMEs. The obtained results are presented and derived implications are discussed in this paper.

  • [1]

    Garfinkel, S. L.; Lipford, H. R.: Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Morgan & Claypool Publishers, 2014.

    • Crossref
    • Export Citation
  • [2]

    Garfinkel, S. L.; Margrave, D.: Schiller, J. I.; Nordlander, E.; Miller, R. C.: How to make secure email easier to use. Conference on Human Factors in Computing Systems (SIGCHI), 2005.

  • [3]

    Kapadia, A.: A Case (Study) For Usability in Secure Email Communication. IEEE Security & Privacy, Volume 5, 2007.

    • Crossref
    • Export Citation
  • [4]

    Li, Q.; Clark C.: Mobile Security: A Look Ahead. IEEE Security & Privacy, Volume 11, 2013.

    • Crossref
    • Export Citation
  • [5]

    Nguyen, H. V.; Lo Iacono, L.: Auswertung der Online-Studie. USecureD-Deliverable, 2016. Online available at: https://www.usecured.de/UseWP/wp-content/uploads/2015/04/USecureD-Anforderungsanalyse-Online-Studienergebnisse-V.1.pdf.

  • [6]

    Schmitt, H.: Anforderungsanalyse (Interviewergebnisse). USecureD-Deliverable, 2016. Online available at: https://www.usecured.de/UseWP/wp-content/uploads/2016/02/USecureD-Anforderungsanalyse-Interviewergebnisse-V.1.pdf.

  • [7]

    Toxboe, A.: User Interface Design patterns, 2016. Online available at: http://ui-patterns.com.

  • [8]

    U. S. Department of Health & Human Services: HHS Web Standards and Usability Guidelines, 2016. Online available at: http://webstandards.hhs.gov.

  • [9]

    van Welie, M.: A Pattern Library for Interaction Design, 2008. Online available at: http://www.welie.com.

  • [10]

    Whitten, A.; Tygar, J. D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. 8th Usenix Security Symposium, 1999.

  • [11]

    Yee, K.-P.: Aligning security and usability. IEEE Security & Privacy, Volume 2, 2004.

    • Crossref
    • Export Citation
Purchase article
Get instant unlimited access to the article.
$42.00
Log in
Already have access? Please log in.


or
Log in with your institution

Journal + Issues

i-com - Journal of Interactive Media is devoted to human-computer interaction, media design, usability, engineering and systems evaluation, software ergonomics, cooperative systems, e-learning, mobile and ubiquitous systems, user-adaptive systems, agent development tools and methods for media in different application fields, barrier-free systems design, and the social aspects of information and communication technologies.

Search