Integrating a Usable Security Protocol Into User Authentication ...
  • Members

  • Objectives

  • Ongoing Projects

  • Publications (Online Library)

  • Events organized by the Network

  • Information for members only

  • Instructions for Membership (Join Us)

  • PhD Initiative

Welcome to the GCC-European Network of Research Excellence in

User Experience and Usable Security Systems and Services (UX-SECURE)

The Network for Designing and Engineering Security Technologies, Services and Systems for Users, with Users and by Users

The fundamental questions addressed by this Network are: At the Cloud services and IoT services, how often usability quantities are in conflict with security attributes?

  1. What are the industry practices of developing, using and managing usable, yet secure services, for example authentication and identity management services?
  2. What are the measures of the security and usability conflicts?
  3. How to capture and disseminate these practices and measures to the benefits of the software development and security management industry and their users from private corporations, public and governmental agencies?

The Internet of things (IoT) is the network of physical devices, vehicles, home appliances, and other items embedded with electronics, digital software services, sensors, actuators, and network connectivity which enable these objects to connect and exchange data. The IoT provide a new vehicle with interacting with digital objects and the huge among of data being created. An interactive service can be defines as “The capability provided to the consumers and stakeholders to remotely manage and use data available on the IoT.  Interactive services features various user interfaces including Web browsers and smartphones, as well as emerging ones such wearable and tangible UI”.

It’s widely recognized that developing secure cloud services is not enough, they should be easy to use for their end users in order to allow them to accomplish their tasks in an effective and appropriate manner (Schneier, 2017). The International Organization for Standardization (ISO) has largely discussed both security and usability factors through its standards. ISO 25010 standard (ISO, 2011) defines usability as “The degree to which a product or system can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use”. Whereas ISO 27000 standard (ISO/IEC, 2014) has been specifically dedicated to information security matters. This series defines security as “The degree to which a product or system protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization”. Unfortunately, security and usability goals are often in conflict (Jøsang et al., 2007; Nielsen, 2017). Such conflict has not been considered in ISO standards.  It can be resolved to the mutual benefit of both parties, resulting in a usability and security trade-off as early as possible, for example in the design process (Yee, 2016).

The overall research objective can be stated as follow:

Identify and model the intimate relationships between usability and security characteristics in Web and cloud services, and develop concepts, metrics, patterns, methods and tools all embedded into an integrative human-centric design framework to supporting rich user experience and usability without compromising the security of the overall services system.

Our position is that we should consider this intrinsic conflict between creating, for example Web and cloud services that are usable and designing underlying systems and cloud computing platforms that are secure. We aim to make usability and security synergistic by providing a new generation of design and engineering tools with specific usability and security principles, measures and heuristics. We will investigate avenues to concurrently increase usability and security by revisiting projects and situations where the interplay between usability and security can be observed. We also try to align security and usability by promoting policies and design standards. The main focus is on early design phases to make the security and usability interplay an outcome of the requirements definition and concept design phase

The  network is a capacity building projects aiming at supporting the design of interactive, Web and cloud service-oriented systems as well as the evaluation of the interrelated usability and security quality attributes. This overall goal can be depicted in the following specific objectives addressed by the different work packages:

The practical measurable consequences of the Network include: