Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC

Sara Nikula; Célia Martinie; Philippe Palanque; Julius Hekkala; Outi-Marja Latvala; Kimmo Halunen

doi:10.1007/978-3-031-14785-2_5

Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC

Sara Nikula
, Célia Martinie
, Philippe Palanque
, Julius Hekkala
, Outi-Marja Latvala
, Kimmo Halunen

University of Oulu
Paul Sabatier University

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

4 Citations (Scopus)

Abstract

The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.

Original language	English
Title of host publication	Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022
Subtitle of host publication	Proceedings
Editors	Regina Bernhaupt, Carmelo Ardito, Stefan Sauer
Publisher	Springer
Pages	70-89
Number of pages	20
ISBN (Electronic)	978-3-031-14785-2
ISBN (Print)	978-3-031-14784-5
DOIs	https://doi.org/10.1007/978-3-031-14785-2_5
Publication status	Published - 16 Aug 2022
MoE publication type	A4 Article in a conference publication
Event	9th IFIP WG 13.2 International Working Conference, HCSE 2022 - Eindhoven, Netherlands Duration: 24 Aug 2022 → 26 Aug 2022

Publication series

Series	Lecture Notes in Computer Science
Volume	13482
ISSN	0302-9743

Conference

Conference	9th IFIP WG 13.2 International Working Conference, HCSE 2022
Country/Territory	Netherlands
City	Eindhoven
Period	24/08/22 → 26/08/22

Keywords

Human understandable cryptography
Task modeling
Usable security
Visual channel

Access to Document

10.1007/978-3-031-14785-2_5

Cite this

Nikula, S., Martinie, C., Palanque, P., Hekkala, J., Latvala, O.-M., & Halunen, K. (2022). Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC. In R. Bernhaupt, C. Ardito, & S. Sauer (Eds.), Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022: Proceedings (pp. 70-89). Springer. https://doi.org/10.1007/978-3-031-14785-2_5

Nikula, Sara ; Martinie, Célia ; Palanque, Philippe et al. / Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC. Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022: Proceedings. editor / Regina Bernhaupt ; Carmelo Ardito ; Stefan Sauer. Springer, 2022. pp. 70-89 (Lecture Notes in Computer Science, Vol. 13482).

@inproceedings{756ad78acf214ed8a3c83461e9bf9cff,

title = "Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC",

abstract = "The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user{\textquoteright}s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.",

keywords = "Human understandable cryptography, Task modeling, Usable security, Visual channel",

author = "Sara Nikula and C{\'e}lia Martinie and Philippe Palanque and Julius Hekkala and Outi-Marja Latvala and Kimmo Halunen",

year = "2022",

month = aug,

day = "16",

doi = "10.1007/978-3-031-14785-2\_5",

language = "English",

isbn = "978-3-031-14784-5",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "70--89",

editor = "Regina Bernhaupt and Carmelo Ardito and Stefan Sauer",

booktitle = "Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022",

address = "Germany",

note = "9th IFIP WG 13.2 International Working Conference, HCSE 2022 ; Conference date: 24-08-2022 Through 26-08-2022",

}

Nikula, S, Martinie, C, Palanque, P, Hekkala, J, Latvala, O-M & Halunen, K 2022, Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC. in R Bernhaupt, C Ardito & S Sauer (eds), Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022: Proceedings. Springer, Lecture Notes in Computer Science, vol. 13482, pp. 70-89, 9th IFIP WG 13.2 International Working Conference, HCSE 2022, Eindhoven, Netherlands, 24/08/22. https://doi.org/10.1007/978-3-031-14785-2_5

Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC. / Nikula, Sara; Martinie, Célia; Palanque, Philippe et al.
Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022: Proceedings. ed. / Regina Bernhaupt; Carmelo Ardito; Stefan Sauer. Springer, 2022. p. 70-89 (Lecture Notes in Computer Science, Vol. 13482).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC

AU - Nikula, Sara

AU - Martinie, Célia

AU - Palanque, Philippe

AU - Hekkala, Julius

AU - Latvala, Outi-Marja

AU - Halunen, Kimmo

PY - 2022/8/16

Y1 - 2022/8/16

N2 - The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.

AB - The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.

KW - Human understandable cryptography

KW - Task modeling

KW - Usable security

KW - Visual channel

UR - https://www.scopus.com/pages/publications/85137064327

U2 - 10.1007/978-3-031-14785-2_5

DO - 10.1007/978-3-031-14785-2_5

M3 - Conference article in proceedings

SN - 978-3-031-14784-5

T3 - Lecture Notes in Computer Science

SP - 70

EP - 89

BT - Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022

A2 - Bernhaupt, Regina

A2 - Ardito, Carmelo

A2 - Sauer, Stefan

PB - Springer

T2 - 9th IFIP WG 13.2 International Working Conference, HCSE 2022

Y2 - 24 August 2022 through 26 August 2022

ER -

Nikula S, Martinie C, Palanque P, Hekkala J, Latvala OM, Halunen K. Models-Based Analysis of Both User and Attacker Tasks: Application to EEVEHAC. In Bernhaupt R, Ardito C, Sauer S, editors, Human-Centered Software Engineering - 9th IFIP WG 13.2 International Working Conference, HCSE 2022: Proceedings. Springer. 2022. p. 70-89. (Lecture Notes in Computer Science, Vol. 13482). doi: 10.1007/978-3-031-14785-2_5