Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.3: Study on Mobile Identity Management
 |
Study on Mobile Identity Management USABILITY AND SECURITY FOR MOBILE IDENTITY MANAGEMENT SYSTEMS |
 |
Usability and Security for Mobile Identity Management Systems
The security of a system vastly depends on the willingness of the user to use security mechanisms (Waidner, 1998; Whitten and Tygar, 1999). Users underestimate the consequences of insufficient security. Thus they are not willing to invest a lot of effort in order to learn how to use these security mechanisms (Müller and Stapf, 1998). It can be shown that the main reason for this is the incomprehensible presentation of the security mechanisms and not the ergonomic design of their user interface (Müller and Stapf, 1998; Gerd tom Markotten and Kaiser, 2000). For example, the evaluation of the security software “SignTrust Mail”, developed by the Deutsche Post AG, has identified 120 usability problems. 89% of these identified problems have a negative effect of the system’s security (Gerd tom Markotten, 2004). Thus a test person could not reach his protection goals and broke his task off. 75% of the test persons did not understand asymmetric cryptography and therefore could not use it correctly.
A solution is self-explanation, where two options can be followed (Simon, 1957; Balfanz, 2003). Either one develops new user-consistent metaphors or one hides security from the user altogether. The first option will be addressed by style guides to enhance the user interface and by testing security tools in order to ascertain its comprehensibility and integration. The limits for the second option have been laid by analysing the interdependency of protection goals, discovered and classified in multilateral security (Jendricke and Gerd tom Markotten, 2000). The differentiation into system-controlled and user-controlled protection goals is shown in figure 4-1. Only user-controlled protection goals and mechanisms cannot be automated while system-controlled protection goals can be hidden from the user interface.
Figure 4-1: Implications of Protection Goals
In the following section results on studies on P3P for mobile phones will be described as an example of the usability of security tools for mobile devices. The ongoing research on usability of identity management systems for the mobile user will be introduced by identity management mock-ups for mobile phones.
| |
   |
|
| 17 / 36 |
