skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Usability and Security of Different Authentication Methods for an Electronic Health Records System
We conducted a survey of 67 graduate students enrolled in the Privacy and Security in Healthcare course at Indiana University Purdue University Indianapolis. This was done to measure user preference and their understanding of usability and security of three different Electronic Health Records authentication methods: single authentication method (username and password), Single sign-on with Central Authentication Service (CAS) authentication method, and a bio-capsule facial authentication method. This research aims to explore the relationship between security and usability, and measure the effect of perceived security on usability in these three aforementioned authentication methods. We developed a formative-formative Partial Least Square Structural Equation Modeling (PLS-SEM) model to measure the relationship between the latent variables of Usability, and Security. The measurement model was developed using five observed variables (measures). - Efficiency and Effectiveness, Satisfaction, Preference, Concerns, and Confidence. The results obtained highlight the importance and impact of these measures on the latent variables and the relationship among the latent variables. From the PLS-SEM analysis, it was found that security has a positive impact on usability for Single sign-on and bio-capsule facial authentication methods. We conclude that the facial authentication method was the most secure and usable among the three authentication methods. Further, descriptive analysis was done to draw out the interesting findings from the survey regarding the observed variables.  more » « less
Award ID(s):
1839746
PAR ID:
10271868
Author(s) / Creator(s):
Date Published:
Journal Name:
The 14th International Conference on Health Informatics (HEALTHINF’2021)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, IEEE Transactions on Vehicular Technology)
    This article proposes authentication and physical layer security schemes to improve secure communications between the electric vehicle (EV) and charging infrastructure in dynamic wireless power transfer (DWPT) systems. In particular, a double-encryption with the signature (DoES) scheme is proposed for session key exchange between EV and charging station which provides data authenticity and integrity. To enable low-latency authentication between EV and power transmitter (PT) in DWPT systems, a sign-encrypt-message (SEM) authentication code scheme is designed leveraging symmetric keys for dynamic charging, which ensures privacy and resistance to tampering attacks. The artificial noise-based physical layer security (AN-based PLS) scheme is also proposed at the physical layer to degrade the wiretapped signal quality of multiple eavesdroppers operating in non-colluding and colluding cases. Closed-form expressions for the secrecy outage probability (SOP) and intercept probability (IP) of the considered system with the non-colluding case are derived to show that the proposed AN-based PLS scheme provides lower SOP and IP than the conventional ones without AN. The distance between eavesdroppers and the PT also affects the system SOP and IP in both non-colluding and colluding cases. Moreover, the EV using the DoES scheme takes 52 ms for obtaining session keys from the charging station while it only spends 8.23 ms with the SEM scheme to authenticate with PT for the charging process. 
    more » « less
  2. ; (, The 2025 ADMI Symposium.)
    As mobile devices become increasingly integral to daily life, the need for robust security measures has intensified. Continuous user authentication (CUA) is an emerging paradigm designed to enhance security by verifying user identity throughout device usage, rather than solely at login. This study aims to explore user perceptions, experiences, and preferences concerning CUA methods, such as biometric scans (e.g., fingerprints, facial recognition) and behavioral analytics (e.g., typing patterns, swipe gestures). We will investigate the importance users place on continuous authentication for safeguarding personal data, as well as the usability challenges they encounter. Specifically, we will delve into how users perceive the reliability and accuracy of biometric and behavioral authentication methods, considering factors such as the perceived invasiveness of biometric scans and concerns about data privacy. Additionally, we will examine how perceptions and preferences for CUA vary across different age groups, as younger generations may be more accustomed to biometric authentication and less concerned about privacy implications, while older generations may have different preferences and concerns. The findings of this study will provide insights into user trust, privacy concerns, and the overall effectiveness of CUA in improving mobile security. By understanding user attitudes, this research seeks to inform the development of more intuitive and secure authentication solutions that align with user needs and expectations across various demographics. 
    more » « less
  3. ; ; ; (, Proceedings of the Interactive Workshop on the Human Aspect of Smarthome Security and Privacy)
    Despite rapid advancements in authentication technologies, little user testing has been conducted on the various authentication methods proposed for smart homes. Users’ preferences about authentication methods may be affected by their beliefs in the reliability of the method, the type and location of devices for which they must authenticate, the effort required for successful authentication, and more. In this paper, we provide insight into users’ concerns with these methods through a 46-participant user study. In particular, we seek to understand users’ preferences towards different authentication methods in terms of the perceived security and usability implications of each method. 
    more » « less
  4. (, 2020 Symposium on Usable Security and Privacy)
    Knock Codes are a knowledge-based unlock authentication scheme used on LG smartphones where a user enters a code by tapping or "knocking" a sequence on a 2x2 grid. While a lesser-used authentication method, as compared to PINs or Android patterns, there is likely a large number of Knock Code users; we estimate, 700,000--2,500,000 in the US alone. In this paper, we studied Knock Codes security asking participants in an online study to select codes on mobile devices in three settings: a control treatment, a blocklist treatment, and a treatment with a larger, 2x3 grid. We find that Knock Codes are significantly weaker than other deployed authentication, e.g., PINs or Android patterns. In a simulated attacker setting, 2x3 grids offered no additional security. Blocklisting, on the other hand, was more beneficial, making Knock Codes' security similar to Android patterns. Participants expressed positive perceptions of Knock Codes, yet usability was challenged. SUS values were "marginal" or "ok" across treatments. Based on these findings, we recommend deploying blocklists for selecting a Knock Code because they improve security but have a limited impact on usability perceptions. 
    more » « less
  5. ; ; ; ; (, IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops)
    Keystroke dynamics are a powerful behavioral biometric capable of determining user identity and for continuous authentication. It is an unobtrusive method that can complement an existing security system such as a password scheme and provides continuous user authentication. Existing methods record all keystrokes and use n-graphs that measure the timing between consecutive keystrokes to distinguish between users. Current state-of-the-art algorithms report EER’s of 7.5% or higher with 1000 characters. With 1000 characters it takes a longer time to detect an imposter and significant damage could be done. In this paper, we investigate how quickly a user is authenticated or how many digraphs are required to accurately detect an imposter in an uncontrolled free-text environment. We present and evaluate the effectiveness of three distance metrics individually and fused with each other. We show that with just 100 digraphs, about the length of a single sentence, we achieve an EER of 35.3%. At 200 digraphs the EER drops to 15.3%. With more digraphs, the performance continues to steadily improve. With 1000 digraphs the EER drops to 3.6% which is an improvement over the state-of-the-art. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email