| Revealing hidden context: improving mental models of personal firewall users | | BIBAK | Full-Text | 1 | |
| Fahimeh Raja; Kirstie Hawkey; Konstantin Beznosov | |||
| The Windows Vista personal firewall provides its diverse users with a basic
interface that hides many operational details. However, concealing the impact
of network context on the security state of the firewall may result in users
developing an incorrect mental model of the protection provided by the
firewall. We present a study of participants' mental models of Vista Firewall
(VF). We investigated changes to those mental models and their understanding of
the firewall's settings after working with both the VF basic interface and our
prototype. Our prototype was designed to support development of a more
contextually complete mental model through inclusion of network location and
connection information. We found that participants produced richer mental
models after using the prototype than when working with the VF basic interface;
they were also significantly more accurate in their understanding of the
configuration of the firewall. Based on our results, we discuss methods of
improving user understanding of underlying system states by revealing hidden
context, while considering the tension between complexity of the interface and
security of the system. Keywords: configuration, firewall, mental model, usable security | |||
| Social applications: exploring a more secure framework | | BIBAK | Full-Text | 2 | |
| Andrew Besmer; Heather Richter Lipford; Mohamed Shehab; Gorrell Cheek | |||
| Online social network sites, such as MySpace, Facebook and others have grown
rapidly, with hundreds of millions of active users. A new feature on many sites
is social applications -- applications and services written by third party
developers that provide additional functionality linked to a user's profile.
However, current application platforms put users at risk by permitting the
disclosure of large amounts of personal information to these applications and
their developers. This paper formally abstracts and defines the current access
control model applied to these applications, and builds on it to create a more
secure framework. We do so in the interest of preserving as much of the current
architecture as possible, while seeking to provide a practical balance between
security and privacy needs of the users, and the needs of the applications to
access users' information. We present a user study of our interface design for
setting a user-to-application policy. Our results indicate that the model and
interface work for users who are more concerned with their privacy, but we
still need to explore alternate means of creating policies for those who are
less concerned. Keywords: access control, privacy, security, social networking applications, web 2.0 | |||
| School of phish: a real-word evaluation of anti-phishing training | | BIBAK | Full-Text | 3 | |
| Ponnurangam Kumaraguru; Justin Cranshaw; Alessandro Acquisti; Lorrie Cranor; Jason Hong; Mary Ann Blair; Theodore Pham | |||
| PhishGuru is an embedded training system that teaches users to avoid falling
for phishing attacks by delivering a training message when the user clicks on
the URL in a simulated phishing email. In previous lab and real-world
experiments, we validated the effectiveness of this approach. Here, we extend
our previous work with a 515-participant, real-world study in which we focus on
long-term retention and the effect of two training messages. We also
investigate demographic factors that influence training and general phishing
susceptibility. Results of this study show that (1) users trained with
PhishGuru retain knowledge even after 28 days; (2) adding a second training
message to reinforce the original training decreases the likelihood of people
giving information to phishing websites; and (3) training does not decrease
users' willingness to click on links in legitimate messages. We found no
significant difference between males and females in the tendency to fall for
phishing emails both before and after the training. We found that participants
in the 18-25 age group were consistently more vulnerable to phishing attacks on
all days of the study than older participants. Finally, our exit survey results
indicate that most participants enjoyed receiving training during their normal
use of email. Keywords: email, embedded training, phishing, real-world studies, usable privacy and
security | |||
| A "nutrition label" for privacy | | BIBAK | Full-Text | 4 | |
| Patrick Gage Kelley; Joanna Bresee; Lorrie Faith Cranor; Robert W. Reeder | |||
| We used an iterative design process to develop a privacy label that presents
to consumers the ways organizations collect, use, and share personal
information. Many surveys have shown that consumers are concerned about online
privacy, yet current mechanisms to present website privacy policies have not
been successful. This research addresses the present gap in the communication
and understanding of privacy policies, by creating an information design that
improves the visual presentation and comprehensibility of privacy policies.
Drawing from nutrition, warning, and energy labeling, as well as from the
effort towards creating a standardized banking privacy notification, we present
our process for constructing and refining a label tuned to privacy. This paper
describes our design methodology; findings from two focus groups; and accuracy,
timing, and likeability results from a laboratory study with 24 participants.
Our study results demonstrate that compared to existing natural language
privacy policies, the proposed privacy label allows participants to find
information more quickly and accurately, and provides a more enjoyable
information seeking experience. Keywords: P3P, information design, labeling, nutrition label, policy, privacy, user
interface | |||
| Challenges in supporting end-user privacy and security management with social navigation | | BIBAK | Full-Text | 5 | |
| Jeremy Goecks; W. Keith Edwards; Elizabeth D. Mynatt | |||
| Social navigation is a promising approach for supporting privacy and
security management. By aggregating and presenting the choices made by others,
social navigation systems can provide users with easily understandable guidance
on security and privacy decisions, rather than requiring that they understand
low-level technical details in order to make informed decisions. We have
developed two prototype systems to explore how social navigation can help users
manage their privacy and security. The Acumen system employs social navigation
to address a common privacy activity, managing Internet cookies, and the
Bonfire system uses social navigation to help users manage their personal
firewall. Our experiences with Acumen and Bonfire suggest that, despite the
promise of social navigation, there are significant challenges in applying
these techniques to the domains of end-user privacy and security management.
Due to features of these domains, individuals may misuse community data when
making decisions, leading to incorrect individual decisions, inaccurate
community data, and "herding" behavior that is an example of what economists
term an informational cascade. By understanding this phenomenon in these terms,
we develop and present two general approaches for mitigating herding in social
navigation systems that support end-user security and privacy management,
mitigation via algorithms and mitigation via user interaction. Mitigation via
user interaction is a novel and promising approach to mitigating cascades in
social navigation systems. Keywords: acumen, bonfire, decision making, end-user privacy and security, herding,
informational cascades, social navigation | |||
| Ubiquitous systems and the family: thoughts about the networked home | | BIBAK | Full-Text | 6 | |
| Linda Little; Elizabeth Sillence; Pam Briggs | |||
| Developments in ubiquitous and pervasive computing herald a future in which
computation is embedded into our daily lives. Such a vision raises important
questions about how people, especially families, will be able to engage with
and trust such systems whilst maintaining privacy and individual boundaries. To
begin to address such issues, we have recently conducted a wide reaching study
eliciting trust, privacy and identity concerns about pervasive computing. Over
three hundred UK citizens participated in 38 focus groups. The groups were
shown Videotaped Activity Scenarios [11] depicting pervasive or ubiquitous
computing applications in a number of contexts including shopping. The data
raises a number of important issues from a family perspective in terms of
access, control, responsibility, benefit and complexity. Also findings
highlight the conflict between increased functionality and the subtle social
interactions that sustain family bonds. We present a Pre-Concept Evaluation
Tool (PRECET) for use in design and implementation of ubicomp systems. Keywords: privacy, social interaction, the family, trust, ubiquitous computing | |||
| Look into my eyes!: can you guess my password? | | BIBAK | Full-Text | 7 | |
| Alexander De Luca; Martin Denzel; Heinrich Hussmann | |||
| Authentication systems for public terminals and thus public spaces have to
be fast, easy and secure. Security is of utmost importance since the public
setting allows manifold attacks from simple shoulder surfing to advanced
manipulations of the terminals. In this work, we present EyePassShapes, an eye
tracking authentication method that has been designed to meet these
requirements. Instead of using standard eye tracking input methods that require
precise and expensive eye trackers, EyePassShapes uses eye gestures. This input
method works well with data about the relative eye movement, which is much
easier to detect than the precise position of the user's gaze and works with
cheaper hardware. Different evaluations on technical aspects, usability,
security and memorability show that EyePassShapes can significantly increase
security while being easy to use and fast at the same time. Keywords: EyePassShapes, authentication, eye gestures, eye tracking, privacy, security | |||
| Personal choice and challenge questions: a security and usability assessment | | BIBAK | Full-Text | 8 | |
| Mike Just; David Aspinall | |||
| Challenge questions are an increasingly important part of mainstream
authentication solutions, yet there are few published studies concerning their
usability or security. This paper reports on an experimental investigation into
user-chosen questions. We collected questions from a large cohort of students,
in a way that encouraged participants to give realistic data. The questions
allow us to consider possible modes of attack and to judge the relative effort
needed to crack a question, according to an innovative model of the knowledge
of the attacker. Using this model, we found that many participants were likely
to have chosen questions with low entropy answers, yet they believed that their
challenge questions would resist attacks from a stranger. Though by asking
multiple questions, we are able to show a marked improvement in security for
most users. In a second stage of our experiment, we applied existing metrics to
measure the usability of the questions and answers. Despite having youthful
memories and choosing their own questions, users made errors more frequently
than desirable. Keywords: authentication, challenge questions, security, usability | |||
| 1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication | | BIBAK | Full-Text | 9 | |
| Stuart Schechter; Robert W. Reeder | |||
| Backup authentication systems verify the identity of users who are unable to
perform primary authentication usually as a result of forgetting passwords. The
two most common authentication mechanisms used for backup authentication by
webmail services, personal authentication questions and email-based
authentication, are insufficient. Many webmail users cannot benefit from
email-based authentication because their webmail account is their primary email
account. Personal authentication questions are frequently forgotten and prone
to security failures, as illustrated by the increased scrutiny they received
following their implication in the compromise of Republican vice presidential
candidate Sarah Palin's Yahoo! account.
One way to address the limitations of existing backup authentication mechanisms is to add new ones. Since no mechanism is completely secure, system designers must support configurations that require multiple authentication tasks be completed to authenticate. Can users comprehend such a rich set of new options? We designed two metaphors to help users comprehend which combinations of authentication tasks would be sufficient to authenticate. We performed a usability study to measure users' comprehension of these metaphors. We find that the vast majority of users comprehend screenshots that represent authentication as an exam, in which points are awarded for the completion of individual authentication tasks and authentication succeeds when an authenticatee has accumulated enough points to achieve a passing score. Keywords: authentication, backup authentication, password reset | |||
| Serial hook-ups: a comparative usability study of secure device pairing methods | | BIBA | Full-Text | 10 | |
| Alfred Kobsa; Rahim Sonawalla; Gene Tsudik; Ersin Uzun; Yang Wang | |||
| Secure Device Pairing is the bootstrapping of secure communication between
two previously unassociated devices over a wireless channel. The
human-imperceptible nature of wireless communication, lack of any prior
security context, and absence of a common trust infrastructure open the door
for Man-in-the-Middle (aka Evil Twin) attacks. A number of methods have been
proposed to mitigate these attacks, each requiring user assistance in
authenticating information exchanged over the wireless channel via some
human-perceptible auxiliary channels, e.g., visual, acoustic or tactile.
In this paper, we present results of the first comprehensive and comparative study of eleven notable secure device pairing methods. Usability measures include: task performance times, ratings on System Usability Scale (SUS), task completion rates, and perceived security. Study subjects were controlled for age, gender and prior experience with device pairing. We present overall results and identify problematic methods for certain classes of users as well as methods best-suited for various device configurations. | |||
| Usability and security of out-of-band channels in secure device pairing protocols | | BIBAK | Full-Text | 11 | |
| Ronald Kainda; Ivan Flechais; A. W. Roscoe | |||
| Initiating and bootstrapping secure, yet low-cost, ad-hoc transactions is an
important challenge that needs to be overcome if the promise of mobile and
pervasive computing is to be fulfilled. For example, mobile payment
applications would benefit from the ability to pair devices securely without
resorting to conventional mechanisms such as shared secrets, a Public Key
Infrastructure (PKI), or trusted third parties. A number of methods have been
proposed for doing this based on the use of a secondary out-of-band (OOB)
channel that either authenticates information passed over the normal
communication channel or otherwise establishes an authenticated shared secret
which can be used for subsequent secure communication. A key element of the
success of these methods is dependent on the performance and effectiveness of
the OOB channel, which usually depends on people performing certain critical
tasks correctly.
In this paper, we present the results of a comparative usability study on methods that propose using humans to implement the OOB channel and argue that most of these proposals fail to take into account factors that may seriously harm the security and usability of a protocol. Our work builds on previous research in the usability of pairing methods and the accompanying recommendations for designing user interfaces that minimise human mistakes. Our findings show that the traditional methods of comparing and typing short strings into mobile devices are still preferable despite claims that new methods are more usable and secure, and that user interface design alone is not sufficient in mitigating human mistakes in OOB channels. Keywords: pairing devices, security protocols, usability | |||
| Games for extracting randomness | | BIBA | Full-Text | 12 | |
| Ran Halprin; Moni Naor | |||
| Randomness is a necessary ingredient in various computational tasks and
especially in Cryptography, yet many existing mechanisms for obtaining
randomness suffer from numerous problems. We suggest utilizing the behavior of
humans while playing competitive games as an entropy source, in order to
enhance the quality of the randomness in the system. This idea has two
motivations: (i) results in experimental psychology indicate that humans are
able to behave quite randomly when engaged in competitive games in which a
mixed strategy is optimal, and (ii) people have an affection for games, and
this leads to longer play yielding more entropy overall. While the resulting
strings are not perfectly random, we show how to integrate such a game into a
robust pseudo-random generator that enjoys backward and forward security.
We construct a game suitable for randomness extraction, and test users playing patterns. The results show that in less than two minutes a human can generate 128 bits that are 2-64-close to random, even on a limited computer such as a PDA that might have no other entropy source. As proof of concept, we supply a complete working software for a robust PRG. It generates random sequences based solely on human game play, and thus does not depend on the Operating System or any external factor. | |||
| Sanitization's slippery slope: the design and study of a text revision assistant | | BIBAK | Full-Text | 13 | |
| Richard Chow; Ian Oberst; Jessica Staddon | |||
| For privacy reasons, sensitive content may be revised before it is released.
The revision often consists of redaction, that is, the "blacking out" of
sensitive words and phrases. Redaction has the side effect of reducing the
utility of the content, often so much that the content is no longer useful.
Consequently, government agencies and others are increasingly exploring the
revision of sensitive content as an alternative to redaction that preserves
more content utility. We call this practice sanitization. In a sanitized
document, names might be replaced with pseudonyms and sensitive attributes
might be replaced with hypernyms. Sanitization adds to redaction the challenge
of determining what words and phrases reduce the sensitivity of content. We
have designed and developed a tool to assist users in sanitizing sensitive
content. Our tool leverages the Web to automatically identify sensitive words
and phrases and quickly evaluates revisions for sensitivity. The tool, however,
does not identify all sensitive terms and mistakenly marks some innocuous terms
as sensitive. This is unavoidable because of the difficulty of the underlying
inference problem and is the main reason we have designed a sanitization
assistant as opposed to a fully-automated tool. We have conducted a small study
of our tool in which users sanitize biographies of celebrities to hide the
celebrity's identity both both with and without our tool. The user study
suggests that while the tool is very valuable in encouraging users to preserve
content utility and can preserve privacy, this usefulness and apparent
authoritativeness may lead to a "slippery slope" in which users neglect their
own judgment in favor of the tool's. Keywords: data loss prevention, inference detection, privacy, redaction, sanitization | |||
| Balancing usability and security in a video CAPTCHA | | BIBAK | Full-Text | 14 | |
| Kurt Alfred Kluever; Richard Zanibbi | |||
| We present a technique for using content-based video labeling as a CAPTCHA
task. Our CAPTCHAs are generated from YouTube videos, which contain labels
(tags) supplied by the person that uploaded the video. They are graded using a
video's tags, as well as tags from related videos. In a user study involving
184 participants, we were able to increase the human success rate on our video
CAPTCHA from roughly 70% to 90%, while keeping the success rate of a tag
frequency-based attack fixed at around 13%. Through a different
parameterization of the challenge generation and grading algorithms, we were
able to reduce the success rate of the same attack to 2%, while still
increasing the human success rate from 70% to 75%. The usability and security
of our video CAPTCHA appears to be comparable to existing CAPTCHAs, and a
majority of participants (60%) indicated that they found the video CAPTCHAs
more enjoyable than traditional CAPTCHAs in which distorted text must be
transcribed. Keywords: Completely Automated Public Turing test to tell Computers and Humans Apart
(CAPTCHA), human interactive proof (HIP), tagging, video understanding | |||
| How users use access control | | BIBAK | Full-Text | 15 | |
| D. K. Smetters; Nathan Good | |||
| Existing technologies for file sharing differ widely in the granularity of
control they give users over who can access their data; achieving finer-grained
control generally requires more user effort. We want to understand what level
of control users need over their data, by examining what sorts of access
policies users actually create in practice.
We used automated data mining techniques to examine the real-world use of access control features present in standard document sharing systems in a corporate environment as used over a long (> 10 year) time span. We find that while users rarely need to change access policies, the policies they do express are actually quite complex. We also find that users participate in larger numbers of access control and email sharing groups than measured by self-report in previous studies. We hypothesize that much of this complexity might be reduced by considering these policies as examples of simpler access control patterns. From our analysis of what access control features are used and where errors are made, we propose a set of design guidelines for access control systems themselves and the tools used to manage them, intended to increase usability and decrease error. Keywords: access control, file sharing, usability | |||
| Designing and evaluating usable security and privacy technology | | BIB | Full-Text | 16 | |
| M. Angela Sasse; Clare-Marie Karat; Roy Maxion | |||
| Think Evil (tm) | | BIB | Full-Text | 17 | |
| Nicholas Weaver | |||
| Threshold things that think: usable authorization for resharing | | BIB | Full-Text | 18 | |
| Roel Peeters; Markulf Kohlweiss; Bart Preneel; Nicky Sulmon | |||
| Not one click for security? | | BIB | Full-Text | 19 | |
| Alan Karp; Marc Stiegler; Tyler Close | |||
| Privacy stories: confidence in privacy behaviors through end user programming | | BIB | Full-Text | 20 | |
| Luke Church; Jonathan Anderson; Joesph Bonneau; Frank Stajano | |||
| A new graphical password scheme against spyware by using CAPTCHA | | BIB | Full-Text | 21 | |
| Haichang Gao; Xiyang Liu | |||
| The impact of expressiveness on the effectiveness of privacy mechanisms for location-sharing | | BIB | Full-Text | 22 | |
| Michael Benisch; Patrick Gage Kelley; Norman Sadeh; Tuomas Sandholm; Janice Tsai; Lorrie Faith Cranor; Paul Hankes Drielsma | |||
| Designing for different levels of social inference risk | | BIB | Full-Text | 23 | |
| Sara Motahari; Sotirios Ziavras; Quentin Jones | |||
| Integrating usability and accessibility in information assurance education | | BIB | Full-Text | 24 | |
| Azene Zenebe; Claude Tuner; Jinjuan Feng; Jonathan Lazar; Mike O'Leary | |||
| Educated guess on graphical authentication schemes: vulnerabilities and countermeasures | | BIB | Full-Text | 25 | |
| Eiji Hayashi; Jason Hong; Nicolas Christin | |||
| BayeShield: conversational anti-phishing user interface | | BIB | Full-Text | 26 | |
| Peter Likarish; Don Dunbar; Juan Pablo Hourcade; Eunjin Jung | |||
| Recall-a-story, a story-telling graphical password system | | BIB | Full-Text | 27 | |
| Yves Maetz; Stéphane Onno; Olivier Heen | |||
| Escape from the matrix: lessons from a case-study in access-control requirements | | BIB | Full-Text | 28 | |
| Kathi Fisler; Shriram Krishnamurthi | |||
| The impact of privacy indicators on search engine browsing patterns | | BIB | Full-Text | 29 | |
| Janice Tsai; Serge Egelman; Lorrie Cranor; Alessandro Acquisti | |||
| Privacy suites: shared privacy for social networks | | BIB | Full-Text | 30 | |
| Joseph Bonneau; Jonathan Anderson; Luke Church | |||
| Usable deidentification of sensitive patient care data | | BIB | Full-Text | 31 | |
| Michael McQuaid; Kai Zheng; Nigel Melville; Lee Green | |||
| Analyzing use of privacy policy attributes in a location sharing application | | BIB | Full-Text | 32 | |
| Eran Toch; Ramprasad Ravichandran; Lorrie Cranor; Paul Drielsma; Jason Hong; Patrick Kelley; Norman Sadeh; Janice Tsai | |||
| Studying location privacy in mobile applications: 'predator vs. prey' probes | | BIB | Full-Text | 33 | |
| Keerthi Thomas; Clara Mancini; Lukasz Jedrzejczyk; Arosha K. Bandara; Adam Joinson; Blaine A. Price; Yvonne Rogers; Bashar Nuseibeh | |||
| Treat 'em like other devices: user authentication of multiple personal RFID tags | | BIB | Full-Text | 34 | |
| Nitesh Saxena; Md. Borhan Uddin; Jonathan Voris | |||
| Textured agreements: re-envisioning electronic consent | | BIB | Full-Text | 35 | |
| Matthew Kay; Michael Terry | |||
| A multi-method approach for user-centered design of identity management systems | | BIB | Full-Text | 36 | |
| Pooya Jaferian; David Botta; Kirstie Hawkey; Konstantin Beznosov | |||
| flyByNight: mitigating the privacy risks of social networking | | BIB | Full-Text | 37 | |
| Matthew Lucas; Nikita Borisov | |||
| Conditioned-safe ceremonies and a user study of an application to web authentication | | BIB | Full-Text | 38 | |
| Chris Karlof; J. D. Tygar; David Wagner | |||
| Graphical passwords as browser extension: implementation and usability study | | BIB | Full-Text | 39 | |
| Kemal Bicakci; Mustafa Yuceel; Burak Erdeniz; Hakan Gurbaslar; Nart Bedin Atalay | |||
| It's no secret: measuring the security and reliability of authentication via 'secret' questions | | BIB | Full-Text | 40 | |
| Stuart Schechter; A. J. Bernheim Brush; Serge Egelman | |||
| It's not what you know, but who you know: a social approach to last-resort authentication | | BIB | Full-Text | 41 | |
| Stuart Schechter; Serge Egelman; Robert W. Reeder | |||
| A user study of the expandable grid applied to P3P privacy policy visualization | | BIB | Full-Text | 42 | |
| Robert W. Reeder; Patrick Gage Kelley; Aleecia M. McDonald; Lorrie Faith Cranor | |||
| Who's viewed you?: the impact of feedback in a mobile location-sharing application | | BIB | Full-Text | 43 | |
| Janice Tsai; Patrick Kelley; Paul Hankes Drielsma; Lorrie Cranor; Jason Hong; Norman Sadeh | |||
| New directions in multisensory authentication | | BIB | Full-Text | 44 | |
| Madoka Hasegawa; Nicolas Christin; Eiji Hayashi | |||
| Machine learning attacks against the Asirra CAPTCHA | | BIB | Full-Text | 45 | |
| Philippe Golle | |||
| A comparative study of online privacy policies and formats | | BIB | Full-Text | 46 | |
| Aleecia M. McDonald; Robert W. Reeder; Patrick Gage Kelley; Lorrie Faith Cranor | |||
| Capturing social networking privacy preferences: can default policies help alleviate tradeoffs between expressiveness and user burden? | | BIB | Full-Text | 47 | |
| Ramprasad Ravichandran; Michael Benisch; Patrick Gauge Kelley; Norman Sadeh | |||
| Redirects to login pages are bad, or are they? | | BIB | Full-Text | 48 | |
| Eric Sachs | |||
| Short and long term research suggestions for NSF and NIST | | BIB | Full-Text | 49 | |
| Nancy Gillis | |||
| Ecological validity in studies of security and human behaviour | | BIB | Full-Text | 50 | |
| Andrew Patrick | |||
| Invisible HCI-SEC: ways of re-architecting the operating system to increase usability and security | | BIB | Full-Text | 51 | |
| Simson Garfinkel | |||
| Technology transfer of successful usable security research into product | | BIB | Full-Text | 52 | |
| Mary Ellen Zurko | |||
| The family and communication technologies | | BIB | Full-Text | 53 | |
| Linda Little | |||
| How does the emergence of reputation mechanisms affect the overall trust formation mechanisms, implicit and explicit, in the online environment? | | BIB | Full-Text | 54 | |
| Kristiina Karvonen | |||