Dynamic Access Control.
Master's thesis, University of Twente.
Full text available as:
An increasing number of services require access control. On the web, access control is usually enforced using a combination of username and password. Users are encouraged to choose secure passwords. These secure passwords are very hard to remember, which causes people to write passwords down, re-use the same password or choose a simple password. Our goal is to design an access control system that is easier to use, while still offering the same amount of security.
The main idea behind this research is that not every service needs the same amount of security. It may not be necessary to ask the secure password for every service; for services that require less security, an access control method that is less secure, but easier to use, may be sufficient.
We have built a system that is capable of dynamically determining the access control method or methods that it has to use to ensure sufficient security. When the user requests a service, the system looks up the amount of security that is needed and adapts the used access control methods to this.
The evaluation of this system shows that people appreciate the fact that the system is able to choose easier access control methods for services that do not require a high security level. According to the participants, the dynamic system is easier and more pleasant to use than an access control method based on caller ID, and easier and more pleasant than DigiD with additional SMS authentication. The participants, however, did not find the dynamic system easier or more pleasant to use than username and password. This system is so common and widely-used that it is hard to beat. We do believe, however, that the dynamic system can become better than username and password when users get more accustomed to it, and when some usability problems have been looked into.
|Item Type:||Master's Thesis|
|Research Group:||EWI-DB: Databases, EWI-IS: Information Systems|
|Research Program:||CTIT-NICE: Natural Interaction in Computer-mediated Environments|
|Deposited On:||06 December 2010|
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item