University of Twente Student Theses

Login

Dynamic access control

Hollander, Emiel (2010) Dynamic access control.

[img] PDF
950kB
Abstract:An increasing number of services require access control. On the web, access control is usually enforced using a combination of username and password. Users are encouraged to choose secure passwords. These secure passwords are very hard to remember, which causes people to write passwords down, re-use the same password or choose a simple password. Our goal is to design an access control system that is easier to use, while still offering the same amount of security. The main idea behind this research is that not every service needs the same amount of security. It may not be necessary to ask the secure password for every service; for services that require less security, an access control method that is less secure, but easier to use, may be sufficient. We have built a system that is capable of dynamically determining the access control method or methods that it has to use to ensure sufficient security. When the user requests a service, the system looks up the amount of security that is needed and adapts the used access control methods to this. The evaluation of this system shows that people appreciate the fact that the system is able to choose easier access control methods for services that do not require a high security level. According to the participants, the dynamic system is easier and more pleasant to use than an access control method based on caller ID, and easier and more pleasant than DigiD with additional SMS authentication. The participants, however, did not find the dynamic system easier or more pleasant to use than username and password. This system is so common and widely-used that it is hard to beat. We do believe, however, that the dynamic system can become better than username and password when users get more accustomed to it, and when some usability problems have been looked into
Item Type:Essay (Master)
Clients:
Excellence Group
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/59731
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page