Proceso de diseño en seguridad usable y autenticación mediante un enfoque centrado en el usuario

Zusammenfassung

Today, computer security is one of the most important tasks, and when day after day, complex computers are developed which allow to process more information in a shorter time, this makes computer security a key factor for organizations . However, it is common to find in the literature that users find security and privacy difficult to understand. This is because security is a secondary goal for most people using computer systems. As conse-quence of the above, users have ignore the security features of the system generating with this, mistaken decisions and putting at risk the private information that they may have. The field of Usable Security (Usable Security or USec) is the area that investigates these types of problems, whose main objective is the design of security and privacy features that can be easy to use and understand for users. From the above, we can say that the Usable Security allows to find a balance or trade-off between the characteristics of security and usability. However, finding this balance is a challenge because these two attributes are sometimes inversely proportional. This research project is focused on finding principles for usable security and user authen-tication, together with a qualitative and quantitative evaluation mechanism which allows the trade-off between security and usability can be carried out. To find these principles, a development process is proposed which consists of three stages: development, review and application. This process allows to have qualitative and quantitative analysis in the study application taking into account elements of usable security. From our knowledge, there is no qualitative and quantitative process in the literature describing how to apply a heuristic evaluation in the field of usable security. As part of the quantitative analysis, the proposed evaluation mechanism presents a nivel of the degree of usable security and other attributes where security is an essential part. To achieve this we establish levels of importance, severity and impact for the design principles found. Based on the above and taking into account the possible vulnerabilities that the system may have, the first proposal of the risk level is presented using the principles as a key piece. From the principles found for usable security and user authentication along with its eva-luation, this research proposes to include these two elements in a user-centered design model well known by the academic and business community, model MPIu+a. Because this model is oriented to the design of highly usable and accessible interactive systems, we consider that it is necessary to include security as a fundamental element. Although the proposed integration between the MPIu+a model and the design guides together with the evaluation is a preliminary version, more study is necessary to establish an adequate model. However, we believe that it can be a starting point for future improvements.