Abstract
Access rights management is in the middle of many collaboration forms such as group formation or sharing of information in different kinds of scenarios. There are some strong mechanisms to achieve this, like anonymous credential systems. However in general their usage is not very intuitive for lay users. In this paper we show the potential of using proof-based credential systems like Idemix to enhance the usability of privacy-respecting social interaction in different collaborative settings. For instance transparently performing authorization without any user intervention at the level of the user interface becomes possible. In order to improve the usability, we complement this by introducing a mental model for intuitive management of digital identities. The approach should also empower users to define their own access restrictions when sharing data, by building custom proof specifications on the fly. We show this exemplary with a developed prototype application for supporting collaborative scenarios on a mobile device. We also present first evaluation results of an early prototype and address current as well as future work.
Chapter PDF
Similar content being viewed by others
References
Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens (2010)
Bichsel, P., Camenisch, J., Gross, T., Shoup, V.: Anonymous credentials on a standard java card. In: CCS 2009: Proceedings of the the 16th ACM Conference on Computer and Communications Security, pp. 600–610. ACM, New York (2009)
Bourimi, M., Barth, T., Haake, J.M., Ueberschär, B., Kesdogan, D.: Affine for enforcing earlier consideration of nfrs and human factors when building socio-technical systems following agile methodologies. In: Proceedings of the 3rd Human-Centered Software Engineering Conference, Reykjavik, Iceland (2010)
Bourimi, M., Haake, J.M., Heupel, M., Ueberschär, B., Barth, T., Kesdogan, D.: Enhancing privacy in mobile collaborative applications by enabling end-user tailoring of the distributed architecture. International Journal for Infonomics (IJI) 3(4), 563–572 (2011)
Bourimi, M., Ossowski, J., Abou-Tair, Berlik, S., Abu-Saymeh, D.: Towards Usable Client-Centric Privacy Advisory for Mobile Collaborative Applications Based on BDDs, pp. 1–6 (February 2011)
Boyle, M., Neustaedter, C., Greenberg, S.: Privacy factors in video-based media spaces. In: Harrision, S. (ed.) n Media Space: 20+ Years of Mediated Life, pp. 99–124. Springer, Heidelberg (2008)
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation (2001)
Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: CCS 2002: Proceedings the 9th ACM Conference on Computer and Communications Security, pp. 21–30. ACM, New York (2002)
Cranor, L., Garfinkel, S.: Security and Usability. O’Reilly Media, Inc. (2005)
T. di.me project. di.me - integrated digital.me userware (2011)
Dwivedi, H., Clark, C., Thiel, D.: Mobile Application Security. The McGraw-Hill Companies (2010)
El Maliki, T., Seigneur, J.-M.: A survey of user-centric identity management technologies. In: The International Conference on Emerging Security Information, Systems, and Technologies, SecureWare 2007, pp. 12–17 (October 2007)
Google Inc. The google+ project
Heupel, M.: Porting and evaluating the performance of idemix and tor anonymity on modern smartphones. Master’s thesis, University of Siegen (December 2010)
Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: MobiSys 2004: Proceedings of the 2nd International Conference on Mobile Systems, Applications, and Services, pp. 177–189. ACM, New York (2004)
Jøsang, A., Pope, S.: User centric identity management. In: Proceedings of AusCERT (2005)
Kryszczuk, K., Drygajlo, A.: Credence estimation and error prediction in biometric identity verification. Signal Process. 88(4), 916–925 (2008)
Lee, V., Schneider, H., Schell, R.: Mobile Applications: Architecture, Design, and Development. Prentice Hall PTR, Upper Saddle River (2007)
PICOS TEAM. PICOS Public Deliverables Site (January 2010), http://picos-project.eu/Public-Deliverables.29.0.html
Shneiderman, B., Plaisant, C.: Designing the User Interface: Strategies for Effective Human-Computer Interaction, 4th edn. Pearson Addison Wesley (2005)
Shneiderman, B., Plaisant, C., Cohen, M., Jacobs, S.: Designing the User Interface: Strategies for Effective Human-Computer Interaction, 5th edn. Shneiderman (March 2009)
The Tor Project. Tor on android (2010), http://www.torproject.org/docs/android
Verslype, K., Lapon, J., Verhaeghe, P., Naessens, V., De Decker, B.: Petanon: A privacy-preserving e-petition system based on idemix. Report CW522 (October 2008)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Heupel, M., Kesdogan, D. (2012). Towards Usable Interfaces for Proof Based Access Rights on Mobile Devices. In: Camenisch, J., Kesdogan, D. (eds) Open Problems in Network Security. iNetSec 2011. Lecture Notes in Computer Science, vol 7039. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27585-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-27585-2_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27584-5
Online ISBN: 978-3-642-27585-2
eBook Packages: Computer ScienceComputer Science (R0)