Usability Flashcards

1
Q

Usability definition-Iso 9241-11

A

The extent of which a product can can be use by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrated Iterative Design for Usability & Security

A

Integrated: security and usability experts working together in the project development team since the beginning

Iterative: user-centered development cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Holy grails pf usable security since 1999

A
  1. Users are not the enemy
  2. Why johnny cant encrypt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

E2E secure communication

A

Communication is often called secure even though is not e2e secure

E2E goal- authenticity of sender- integrity of message- confidentiality

Attacker-man in the middle-impersonation of the trusted sender.

Protection in e2e means:
Integrity-digital signatures
Confidentiality-asymmetric encryption

How it works: message is first hashed, then the shorter hash is digitally signed.
Or hybrid encryption:sender generates a random key, then encodes the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Key Continuity Management KCM

A

S/MIME uses public key certificates that are issued by a central authority which needs to be trusted by both the sender and receiver. Trusted means that root certificates of the CA are integrated into the respective email clients.

Kcm extends the S/MIME functionality but elimimates the dependency on a central agency. Instead of relying on a CA, each user generates their own S/MIME certificate and attaches it to all outgoing messages. Trust creation in the basis of trust on first use, the recipient assumes the senders key and email are genuine the first time. Then encrypted convos follow.
KCM displays a warning if the public key of the communication partner has changed. This model is also used by whatsapp, signal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Issues with Iso usability definition

A

Product- security is often integrated in products(part of them)

Specified users-most users are not security experts- no training, knowledge or experience can be assumed

User goals- security is a second goal/task. Tasks should concern primary goals

Effectiveness- how can users notice that security is reached? Security is often not visible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Teachers definition

A

Usability of a secure system or policy, is the extent to which this system or policy can be used by specified users to achieve primary goals and the specified security goals( some of these goals being invisible to users) with effectiveness, efficency and satisfaction(or at least low dissatisfaction) during the execution of the specified primary user tasks, in a specified context of use, including the specified attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Approaches to usable security

A

Invisible security- make it just work- automated security

Understandable security- make it visible and intuitive

Awareness, education, training-user effort should match the benefit, most difficult to achieve

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Values in security design for password policies

A

Security experts: confidentiality and integrity:dont let bad guys in, should be difficult to guess

Users- availability- dont lock me out, pass should be memorable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Finger print : social acceptability

A

Hygiene
Being associated with criminals
Fear of attack-having finger chopped off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Relation between usability and security

A

Long random passwords
Usability:low
Security against offline guessing-high

Single pass per account , not written down
Usability-low
Security against pass reuse and theft:high

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Usability vs security

A

Security- prohibits or restricts

Usability-enables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Usable security

A

-security measures should not restrict functionality, performance and usability in an non-attack state

Systems should work properly even under attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly