| Improving text passwords through persuasion | | BIBA | Full-Text | 1-12 | |
| Alain Forget; Sonia Chiasson; P. C. van Oorschot; Robert Biddle | |||
| Password restriction policies and advice on creating secure passwords have limited effects on password strength. Influencing users to create more secure passwords remains an open problem. We have developed Persuasive Text Passwords (PTP), a text password creation system which leverages Persuasive Technology principles to influence users in creating more secure passwords without sacrificing usability. After users choose a password during creation, PTP improves its security by placing randomly-chosen characters at random positions into the password. Users may shuffle to be presented with randomly-chosen and positioned characters until they find a combination they feel is memorable. In this paper, we present an 83-participant user study testing four PTP variations. Our results show that the PTP variations significantly improved the security of users' passwords. We also found that those participants who had a high number of random characters placed into their passwords would deliberately choose weaker pre-improvement passwords to compensate for the memory load. As a consequence of this compensatory behaviour, there was a limit to the gain in password security achieved by PTP. | |||
| Personal knowledge questions for fallback authentication: security questions in the era of Facebook | | BIBA | Full-Text | 13-23 | |
| Ariel Rabkin | |||
| Security questions (or challenge questions) are commonly used to authenticate users who have lost their passwords. We examined the password retrieval mechanisms for a number of personal banking websites, and found that many of them rely in part on security questions with serious usability and security weaknesses. We discuss patterns in the security questions we observed. We argue that today's personal security questions owe their strength to the hardness of an information-retrieval problem. However, as personal information becomes ubiquitously available online, the hardness of this problem, and security provided by such questions, will likely diminish over time. We supplement our survey of bank security questions with a small user study that supplies some context for how such questions are used in practice. | |||
| Securing passfaces for description | | BIBA | Full-Text | 24-35 | |
| Paul Dunphy; James Nicholson; Patrick Olivier | |||
| One common practice in relation to alphanumeric passwords is to write them down or share them with a trusted friend or colleague. Graphical password schemes often claim the advantage that they are significantly more secure with respect to both verbal disclosure and writing down. We investigated the reality of this claim in relation to the Passfaces graphical password scheme. By collecting a corpus of naturalistic descriptions of a set of 45 faces, we explored participants' ability to associate descriptions with faces across three conditions in which the decoy faces were selected: (1) at random; (2) on the basis of their visual similarity to the target face; and (3) on the basis of the similarity of the verbal descriptions of the decoy faces to the target face. Participants were found to perform significantly worse when presented with visual and verbally grouped decoys, suggesting that Passfaces can be further secured for description. Subtle differences in both the nature of male and female descriptions, and male and female performance were also observed. | |||
| Use Your Illusion: secure authentication usable anywhere | | BIBA | Full-Text | 35-45 | |
| Eiji Hayashi; Rachna Dhamija; Nicolas Christin; Adrian Perrig | |||
| In this paper, we propose and evaluate Use Your Illusion, a novel mechanism
for user authentication that is secure and usable regardless of the size of the
device on which it is used. Our system relies on the human ability to recognize
a degraded version of a previously seen image. We illustrate how distorted
images can be used to maintain the usability of graphical password schemes
while making them more resilient to social engineering or observation attacks.
Because it is difficult to mentally "revert" a degraded image, without
knowledge of the original image, our scheme provides a strong line of defense
against impostor access, while preserving the desirable memorability properties
of graphical password schemes.
Using low-fidelity tests to aid in the design, we implement prototypes of Use Your Illusion as i) an Ajax-based web service and ii) on Nokia N70 cellular phones. We conduct a between-subjects usability study of the cellular phone prototype with a total of 99 participants in two experiments. We demonstrate that, regardless of their age or gender, users are very skilled at recognizing degraded versions of self-chosen images, even on small displays and after time periods of one month. Our results indicate that graphical passwords with distorted images can achieve equivalent error rates to those using traditional images, but only when the original image is known. | |||
| Usability of CAPTCHAs or usability issues in CAPTCHA design | | BIBA | Full-Text | 44-52 | |
| Jeff Yan; Ahmad Salah El Ahmad | |||
| CAPTCHA is now almost a standard security technology, and has found widespread application in commercial websites. Usability and robustness are two fundamental issues with CAPTCHA, and they often interconnect with each other. This paper discusses usability issues that should be considered and addressed in the design of CAPTCHAs. Some of these issues are intuitive, but some others have subtle implications for robustness (or security). A simple but novel framework for examining CAPTCHA usability is also proposed. | |||
| Universal device pairing using an auxiliary device | | BIBA | Full-Text | 56-67 | |
| Nitesh Saxena; Md. Borhan Uddin; Jonathan Voris | |||
| The operation of achieving authenticated key agreement between two
human-operated devices over a short-range wireless communication channel (such
as Bluetooth or WiFi) is referred to as "Pairing". The devices in such a
scenario are ad hoc in nature, i.e., they can neither be assumed to have a
prior context (such as pre-shared secrets) with each other nor do they share a
common trusted on- or off-line authority. However, the devices can generally be
connected using auxiliary physical channel(s) (such as audio, visual, etc.)
that can be authenticated by the device user(s) and thus form a basis for
pairing.
One of the main challenges of secure device pairing is the lack of good quality output interfaces as well as corresponding receivers on devices. In [13], we presented a pairing scheme which is universally applicable to any pair of devices (such as a WiFi AP and a laptop, a Bluetooth keyboard and a desktop, etc.). The scheme is based upon the device user(s) comparing short and simple synchronized audiovisual patterns, such as "beeping" and "blinking". In this paper, we automate the (manual) scheme of [13] by making use of an auxiliary, commonly available device such as a personal camera phone. Based on a preliminary user study we conducted, we show that the automated scheme is generally faster and more user-friendly relative to the manual scheme. More importantly, the proposed scheme turns out to be quite accurate in the detection of any possible attacks. | |||
| Evaluating assistance of natural language policy authoring | | BIBA | Full-Text | 65-73 | |
| Kami Vaniea; Clare-Marie Karat; Joshua B. Gross; John Karat; Carolyn Brodie | |||
| The goal of the research study reported here was to investigate policy authors' ability to take descriptions of changes to policy situations and author high-quality, complete policy rules that would parse with high accuracy. As a part of this research, we investigated ways in which we could assist policy authors in writing policies. This paper presents the results of a user study on the effectiveness of providing syntax highlighting in a natural language policy authoring interface. While subjects liked the new interface, they showed no improvement in accuracy when writing rules. We discuss our results in terms of a three phase authoring process that users move through when authoring or modifying policies. We describe this process, discuss why and how our interface failed to support it and make recommendations to designers on how to better support this process. | |||
| Expressions of expertness: the virtuous circle of natural language for access control policy specification | | BIBA | Full-Text | 77-88 | |
| Philip Inglesant; M. Angela Sasse; David Chadwick; Lei Lei Shi | |||
| The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified infrastructure to address these challenges. Previous research has found that resource owners who do not understand the PERMIS RBAC model have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding Grid access control needs as expressed by resource owners, through interviews and focus groups with 45 Grid practitioners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using controlled natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely. | |||
| Evaluating the usability of usage controls in electronic collaboration | | BIBA | Full-Text | 85-92 | |
| José C. Brustoloni; Ricardo Villamarín-Salomón; Peter Djalaliev; David Kyle | |||
| Currently, collaborations often require non-disclosure agreements (NDAs). NDAs can be time-consuming and expensive to negotiate and enforce. Usage controls could be an atractive alternative or adjunct to NDAs. Usage controls enable the distributor of a file to limit how recipients of that file may use it. However, existing usage controls (e.g., PDF's) often are software-based and easy to break. They may not interoperate, and their impact on collaborative workflows is typically unknown. We designed and implemented operating system and Web server and browser modifications that allow hardware-based usage controls to be easily added to existing software-based ones. This paper describes and evaluates our system's user interfaces. In a user study, untrained users role-played design engineers in two similar collaborative scenarios with or without usage controls. Users found the interfaces easy to use, and usage controls had insignificant impact on the completion times and accuracy of the assigned tasks. These results suggest that our usage control approach can add security to collaborative workflows with minimal training and performance penalties. | |||
| A user study of off-the-record messaging | | BIBA | Full-Text | 95-104 | |
| Ryan Stedman; Kayo Yoshida; Ian Goldberg | |||
| Instant messaging is a prevalent form of communication across the Internet,
yet most instant messaging services provide little security against
eavesdroppers or impersonators. There are a variety of existing systems that
aim to solve this problem, but the one that provides the highest level of
privacy is Off-the-Record Messaging (OTR), which aims to give instant messaging
conversations the level of privacy available in a face-to-face conversation. In
the most recent redesign of OTR, as well as increasing the security of the
protocol, one of the goals of the designers was to make OTR easier to use,
without users needing to understand details of computer security such as keys
or fingerprints.
To determine if this design goal has been met, we conducted a user study of the OTR plugin for the Pidgin instant messaging client using the think aloud method. As a result of this study we have identified a variety of usability flaws remaining in the design of OTR. These flaws that we have discovered have the ability to cause confusion, make the program unusable, and even decrease the level of security to users of OTR. We discuss how these errors can be repaired, as well as identify an area that requires further research to improve its usability. | |||
| The challenges of using an intrusion detection system: is it worth the effort? | | BIBA | Full-Text | 107-118 | |
| Rodrigo Werlinger; Kirstie Hawkey; Kasia Muldner; Pooya Jaferian; Konstantin Beznosov | |||
| An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs, but recent work has recognized the need to support the security practitioners who receive the IDS alarms and investigate suspected incidents. To examine the challenges associated with deploying and maintaining an IDS, we analyzed 9 interviews with IT security practitioners who have worked with IDSs and performed participatory observations in an organization deploying a network IDS. We had three main research questions: (1) What do security practitioners expect from an IDS?; (2) What difficulties do they encounter when installing and configuring an IDS?; and (3) How can the usability of an IDS be improved? Our analysis reveals both positive and negative perceptions that security practitioners have for IDSs, as well as several issues encountered during the initial stages of IDS deployment. In particular, practitioners found it difficult to decide where to place the IDS and how to best configure it for use within a distributed environment with multiple stakeholders. We provide recommendations for tool support to help mitigate these challenges and reduce the effort of introducing an IDS within an organization. | |||
| Analyzing websites for user-visible security design flaws | | BIBA | Full-Text | 117-126 | |
| Laura Falk; Atul Prakash; Kevin Borders | |||
| An increasing number of people rely on secure websites to carry out their daily business. A survey conducted by Pew Internet states 42% of all internet users bank online. Considering the types of secure transactions being conducted, businesses are rigorously testing their sites for security flaws. In spite of this testing, some design flaws still remain that prevent secure usage. In this paper, we examine the prevalence of user-visible security design flaws by looking at sites from 214 U.S. financial institutions. We specifically chose financial websites because of their high security requirements. We found a number of flaws that may lead users to make bad security decisions, even if they are knowledgeable about security and exhibit proper browser use consistent with the site's security policies. To our surprise, these design flaws were widespread. We found that 76% of the sites in our survey suffered from at least one design flaw. This indicates that these flaws are not widely understood, even by experts who are responsible for web security. Finally, we present our methodology for testing websites and discuss how it can help systematically discover user-visible security design flaws. | |||