Usability attributes and measurements of security systems

The usability of the end-user security software and systems is oftenneglected. We argue that the main reason behind this is a missing systemic viewand approach while designing security software and systems. Based on thesystemic approach to usability, we propose a framework for conductingexperimental evaluations of usability in security sensitive systems. It definesgeneral usability attributes and calls for their experimental evaluation. We applythis framework to provide evidence of usability pros and cons of alternativerealizations of a widespread PKI-based system. These alternatives differ for thepersonal security devices used, that is, traditional cryptographic smart cards orUSB tokens. The experimental results clearly show that usability issues leads tosecurity problems. Through the interpretation and explanation of results, wesuggest recommendations for software practitioners to properly addressusability in security software based on security devices.