Title: Designing user studies for security applications: a case study with wireless network configuration

Authors: Cynthia Kuo, Adrian Perrig, Jesse Walker

Addresses: Nokia Research Center, Palo Alto, CA, USA. ' Carnegie Mellon University, Electrical and Computer Engineering, and Engineering and Public Policy, and Computer Science Departments, Pittsburgh, PA, USA. ' Intel Corporation, Corporate Technology Group, Hillsboro, OR, USA

Abstract: Spontaneous interactions between end users and devices are generally secured by human actions. Evaluating whether end users are able to perform these actions correctly can be challenging. Basic, textbook-style user study methods make assumptions that may not hold for security applications. In this piece, we outline five major user study assumptions. Using 802.11 network configuration as a case study, we also show how to adapt existing user study methods for evaluating security applications. We model how security experts might approach the configuration of their own home networks. Next, we combine several methods to design a study that pinpoints where end users encounter difficulties during configuration. Finally, we discuss the findings from our user study.

Keywords: user studies; security applications; case study; wireless networks; network configuration; evaluation.

DOI: 10.1504/IJSN.2009.023429

International Journal of Security and Networks, 2009 Vol.4 No.1/2, pp.101 - 109

Published online: 23 Feb 2009 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article