Authentication solutions are designed to stop unauthorized users from getting access to a secured system. However, each time an authentication process occur an authorized user needs to wait in expectation of approved access. This effort can be perceived as either a positive or negative experience. If the effort is perceived as a security measure; the effort is usually perceived as a positive experience. On the other hand, if the effort is perceived as a waiting time; the effort is usually perceived as a negative experience. The trade-off between security, user-friendliness and simplicity plays an important role in the domain of user acceptability. From the users' point of view, security is both necessary and disturbing at the same time. The overall focus in this thesis is on user perception of authentication in communication networks. An authentication procedure, or login, normally includes several steps and messages between a client and a server. In addition, the connection could suffer from low Quality of Service, i.e., each step in the authentication process will add to a longer response time. The longer response times will then infer lower Quality of Experience, i.e., a worse user perception. The thesis first presents a concept of investigating user perception. A framework is developed in which different criteria and evaluation methods for authentication schemes are presented. This framework is then used to investigate user perception of the response times of a web authentication procedure. The derived result, which is an exponential function, is compared to models for user perception of web performance. The comparison indicates that users perceive logins similarly, but not identically, to how they perceive standard web page loading. The user perception, with regards to excessive authentication times, is further studied by determining the weak point of the Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAPSIM) with the OpenID service. The response times are controllably increased by emulating bad network performance for EAP-SIM and other EAP methods in live setups. The obtained results show that one task of the EAP-SIM authentication deviates from the other tasks, and contributes more to the total response time. This deviation points out the direction for future optimization. Finally, this thesis investigates how users of social networks perceive security, and to which extent they contribute to it. One way of contributing to security by creating and using strong authentication credentials, e.g. passwords. Websites might enforce a password length which is insufficient to provide a strong password. This might then cause problems by giving users a false perception of what constitutes a strong password. The origin of the password problem, namely the construction of passwords, and the user perception of password security is studied. A survey is conducted and the results indicate that the passwords of the respondents are not as strong as the respondents perceive them to be.
Karlskrona: Blekinge Institute of Technology , 2014. , 158 p. p.