Decryptable to Your Eyes: Visualization of Security Protocols at the User Interface

TL;DR

This paper introduces visualized authentication protocols that enhance security and usability by making security features understandable to users through visualization, verified through analysis and a practical case study.

Contribution

It presents a novel family of visualized authentication protocols and a 'decryptable to your eyes only' protocol, improving security and usability simultaneously.

Findings

Protocols are immune to many authentication attacks.

High usability achieved alongside stringent security.

Potential for real-world deployment demonstrated.

Abstract

The design of authentication protocols, for online banking services in particular and any service that is of sensitive nature in general, is quite challenging. Indeed, enforcing security guarantees has overhead thus imposing additional computation and design considerations that do not always meet usability and user requirements. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users' trust in the system. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of the authentication process. To that end, we propose a family of visualized authentication protocols, a visualized transaction verification, and a "decryptable to your eyes only" protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype of our protocols, we highlight the potential of our approach for real-world deployment: we were able to achieve a high level of usability while satisfying stringent security requirements.