Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness

Fast computation of the performance evaluation of biometric systems: application to multibiometric

The performance evaluation of biometric systems is a crucial step when designing and evaluating such systems. The evaluation process uses the Equal Error Rate (EER) metric proposed by the International Organization for Standardization (ISO/IEC). The EER metric is a powerful metric which allows easily comparing and evaluating biometric systems. However, the computation time of the EER is, most of the time, very intensive. In this paper, we propose a fast method which computes an approximated value of the EER. We illustrate the benefit of the proposed method on two applications: the computing of non parametric confidence intervals and the use of genetic algorithms to compute the parameters of fusion functions. Experimental results show the superiority of the proposed EER approximation method in term of computing time, and the interest of its use to reduce the learning of parameters with genetic algorithms. The proposed method opens new perspectives for the development of secure multibiometrics systems by speeding up their computation time.Comment: Future Generation Computer Systems (2012

Design of a secure unified e-payment system in Nigeria: A case study

The automatic teller machine (ATM) is the most widely used e-Payment instrument in Nigeria. It is responsible for about 89% (in volume) of all e-Payment instruments since 2006 to 2008. Some customers have at least two ATM cards depending on the number of accounts operated by them and they represent the active users of the ATM cards. Furthermore, identity theft has been identified as one of the most prominent problems hindering the wider adoption of e-Business, particularly e-Banking, hence the need for a more secure platform of operation. Therefore, in this paper we propose a unified (single) smart card-based ATM card with biometric-based cash dispenser for all banking transactions. This is to reduce the number of ATM cards carried by an individual and the biometric facility is to introduce another level of security in addition to the PIN which is currently being used. A set of questionnaire was designed to evaluate the acceptability of this concept among users and the architecture of the proposed system is presented

Evaluation of Biometric Systems

International audienceBiometrics is considered as a promising solution among traditional methods based on "what we own" (such as a key) or "what we know" (such as a password). It is based on "what we are" and "how we behave". Few people know that biometrics have been used for ages for identification or signature purposes. In 1928 for example, fingerprints were used for women clerical employees of Los Angeles police department as depicted in Figure 1. Fingerprints were also already used as a signature for commercial exchanges in Babylon (-3000 before JC). Alphonse Bertillon proposed in 1879 to use anthropometric information for police investigation. Nowadays, all police forces in the world use this kind of information to resolve crimes. The first prototypes of terminals providing an automatic processing of the voice and digital fingerprints have been defined in the middle of the years 1970. Nowadays, biometric authentication systems have many applications [1]: border control, e-commerce, etc. The main benefits of this technology are to provide a better security, and to facilitate the authentication process for a user. Also, it is usually difficult to copy the biometric characteristics of an individual than most of other authentication methods such as passwords. Despite the obvious advantages of biometric systems, their proliferation was not as much as attended. The main drawback is the uncertainty of the verification result. By contrast to password checking, the verification of biometric raw data is subject to errors and represented by a similarity percentage (100% is never reached). Others drawbacks related to vulnerabilities and usability issues exist. In addition, in order to be used in an industrial context, the quality of a biometric system must be precisely quantified. We need a reliable evaluation methodology in order to put into obviousness the benefit of a new biometric system. Moreover, many questions remain: Shall we be confident in this technology? What kind of biometric modalities can be used? What are the trends in this domain? The objective of this chapter is to answer these questions, by presenting an evaluation methodology of biometric systems

Security, user experience, acceptability attributes for the integration of physical and virtual identity access management systems

A number of systems have been developed in the recent history to provide physical and virtual identity management systems; however, most have not been very successful. Furthermore, alongside increasing the level of awareness for the need to deploy interoperable physical and virtual identity management systems, there exists an immediate need for the establishment of clear standards and guidelines for the successful integration of the two mediums. The importance and motivation for the integration of the two mediums is discussed in this paper with respect to three perspectives: Security, which includes identity; User Experience, comprising Usability; and Acceptability, containing Accessibility. Not many systems abide by such guidelines for all of these perspectives; thus, our proposed system (UbIAMS) aims to change this and provide its users with access to their services from any identity access management system rather than merely providing access to a specific set of system

Biometric security systems: finally, a friend?

Information systems security has broadened its meaning and significance and has started to affect our lives and behaviours. The research literature identifies five related research domains: information systems, security policies, security technologies, security assurance, and security interfaces. This paper discusses some aspects of user acceptance of biometrical measurements for the purposes of authentication and access control and concludes that initial user rejection of the commonly implemented biometrics and fear of privacy abuse have been replaced by a de facto user acceptance. It hypothesizes that there is correlation between users’ awareness of the broader consequences of a particular biometric system and the level of their acceptance of the system

Securing identity information with image watermarks

In this paper, we describe the requirements for embedding watermarks in images used for identity verification and demonstrate a proof of concept in security sciences. The watermarking application is designed for verifying the rightful ownership of a driving license or similar identity object. The tool we built and tested embeds and extracts watermarks that contain verification information of the rightful owner. We used the human finger print of the rightful owner as the watermark. Such information protection mechanisms add an extra layer of security to the information system and improve verification of identification attributes by providing strong security. The issues of usability and cost are also discussed in the context of the social acceptability of access controls