UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Maybe Poor Johnny Really Cannot Encrypt: The Case for a Complexity Theory for Usable Security

Benenson, Z; Lenzini, G; Oliveira, D; Parkin, S; Uebelacker, S; (2015) Maybe Poor Johnny Really Cannot Encrypt: The Case for a Complexity Theory for Usable Security. In: Somayaji, A and Van Oorschot, P and Böhme, R and Mannan, M, (eds.) NSPW '15: Proceedings of the 2015 New Security Paradigms Workshop. (pp. pp. 85-99). Association for Computing Machinery (ACM): New York, NY, USA. Green open access

[img]
Preview
Text
Parkin_NSPW_preprint.pdf

Download (793kB) | Preview

Abstract

Psychology and neuroscience literature shows the existance of upper bounds on the human capacity for executing cognitive tasks and for information processing. These bounds are where, demonstrably, people start experiencing cognitive strain and consequently committing errors in the tasks execution. We argue that the usable security discipline should scientifically understand such bounds in order to have realistic expectations about what people can or cannot attain when coping with security tasks. This may shed light on whether Johnny will be ever be able to encrypt. We propose a conceptual framework for evaluation of human capacities in security that also assigns systems to complexity categories according to their security and usability. From what we have initiated in this paper, we ultimately aim at providing designers of security mechanisms and policies with the ability to say: "This feature of the security mechanism X or this security policy element Y is inappropriate, because this evidence shows that it is beyond the capacity of its target community".

Type: Proceedings paper
Title: Maybe Poor Johnny Really Cannot Encrypt: The Case for a Complexity Theory for Usable Security
Event: New Security Paradigms and Workshop (NSPW)
ISBN-13: 9781450337540
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/2841113.2841120
Publisher version: http://dx.doi.org/10.1145/2841113.2841120
Language: English
Additional information: Copyright © 2015 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Keywords: Usable security models, human capacities
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/1473626
Downloads since deposit
212Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item