An adjustable usable security approach for a continuous user authentication scheme
The advent of the internet and associated technologies have revolutionized the way we live and work. Today, organizations both public and private rely heavily on computer-human interaction systems to deliver services. The quality and reliability of services delivered by these systems depends on controlled access to these systems. Within this realm, security issues of interactive systems are gaining more than ever the attention not only from a technical and security perspective but also from the user's point of view. The security community has come to understand the critical importance of usable security, which is primarily focused on designing secure systems that people can use. In mission, critical systems like online examination and military intelligence, there is need to verify constantly the identity of the user throughout the session of interaction (referred to as “continuous user authentication”). Design and development of continuous user authentication schemes represents a cross-roads priority problem, between security and usability, which emerge from contradictory requirements posed by different stakeholders, inherent to the function and purpose of each security mechanism. Information security experts and information security researchers’ goal is to ensure a high security continuous user authentication scheme while at the same time user experience design experts and researchers (UX) envisage an adaptable, user-friendly solution. This makes the service providers of continuous authentication schemes find a viable balance among security and usability attributes. Accordingly, researchers have proposed a number of approaches to address the issues of continuous user authentication. However, these approaches require user collaboration, which affects user performance on the core tasks in the business processes because of user task interruptions. Thus, the approaches have usability challenges. Henceforth, this work attempts to revisit the definition of usable security by advocating for an alternative approach that enhances the alignment of security and usability attributes to achieve a better synergetic relationship in continuous user authentication schemes. The main focus is to improve usability of user interactions in continuous user authentication schemes according to a user perceived trust obtained from a user dynamic behavior and cognitive-centered technique that reduces disruption of a user during re-authentication. The high level objectives of this thesis are (i) to develop an adjustable threshold approach for a continuous user authentication scheme that enhances synergetic relationship between usability and security attributes; (ii) to develop a low disruptive re-authentication technique that applies when the trustworthiness of a user is below the adjustable threshold; (iii) to validate the re-authentication technique.