Game theoretical analysis of usable security and privacy

Abstract

Security, privacy, and usability are among the most important concerns in system and application design. Enhanced security, privacy, and usability features in a product definitely lead to remarkable total customer experience. It is commonly seen that developers in their attempt to create usable software, fail to meet the security needs of users, resulting in software security flaws. Security flaws in software may in turn cause inadvertent errors leading to further usability issues. Thus this situation creates a vicious cycle. Hence the need for better usable security and privacy comes into picture. This novel research paper discusses an example system in a hand‐held device ecosystem with focus on banking security, to illustrate the interplay of usability, security, and privacy. Game theory is used to model the situation and analyze the possibility of finding equilibrium for these competing goals. Both coalitional and non‐cooperative game models for analyzing usable security and privacy are proposed and analyzed. This game theoretical analysis of usable security proves that it is possible to optimize usability, security, and privacy and helps to break the popular misconception that it is not possible for these three features to be simultaneously available to the end users.