| Do windows users follow the principle of least privilege?: investigating user account control practices | | BIBAK | Full-Text | 1 | |
| Sara Motiee; Kirstie Hawkey; Konstantin Beznosov | |||
| The principle of least privilege requires that users and their programs be
granted the most restrictive set of privileges possible to perform required
tasks in order to limit the damages caused by security incidents.
Low-privileged user accounts (LUA) and user account control (UAC) in Windows
Vista and Windows 7 are two practical implementations of this principle. To be
successful, however, users must apply due diligence, use appropriate accounts,
and respond correctly to UAC prompts. With a user study and contextual
interviews, we investigated the motives, understanding, behaviour, and
challenges users face when working with user accounts and the UAC. Our results
show that 69% of participants did not apply the UAC approach correctly. All 45
participants used an administrator user account, and 91% were not aware of the
benefits of low-privilege user accounts or the risks of high-privilege ones.
Their knowledge and experience were limited to the restricted rights of
low-privilege accounts. Based on our findings, we offer recommendations to
improve the UAC and LUA approaches. Keywords: least privilege principle, least privilege user account, usable security,
user account control | |||
| Encountering stronger password requirements: user attitudes and behaviors | | BIBAK | Full-Text | 2 | |
| Richard Shay; Saranga Komanduri; Patrick Gage Kelley; Pedro Giovanni Leon; Michelle L. Mazurek; Lujo Bauer; Nicolas Christin; Lorrie Faith Cranor | |||
| Text-based passwords are still the most commonly used authentication
mechanism in information systems. We took advantage of a unique opportunity
presented by a significant change in the Carnegie Mellon University (CMU)
computing services password policy that required users to change their
passwords. Through our survey of 470 CMU computer users, we collected data
about behaviors and practices related to the use and creation of passwords. We
also captured users' opinions about the new, stronger policy requirements. Our
analysis shows that, although most of the users were annoyed by the need to
create a complex password, they believe that they are now more secure.
Furthermore, we perform an entropy analysis and discuss how our findings relate
to NIST recommendations for creating a password policy. We also examine how
users answer specific questions related to their passwords. Our results can be
helpful in designing better password policies that consider not only technical
aspects of specific policy rules, but also users' behavior in response to those
rules. Keywords: passwords, policy, security, survey, usability | |||
| A closer look at recognition-based graphical passwords on mobile devices | | BIBAK | Full-Text | 3 | |
| Paul Dunphy; Andreas P. Heiner; N. Asokan | |||
| Graphical password systems based on the recognition of photographs are
candidates to alleviate current over-reliance on alphanumeric passwords and
PINs. However, despite being based on a simple concept -- and user evaluations
consistently reporting impressive memory retention -- only one commercial
example exists and overall take-up is low. Barriers to uptake include a
perceived vulnerability to observation attacks; issues regarding deployability;
and the impact of innocuous design decisions on security not being formalized.
Our contribution is to dissect each of these issues in the context of mobile
devices -- a particularly suitable application domain due to their increasing
significance, and high potential to attract unauthorized access. This produces:
1) A novel yet simple solution to the intersection attack that permits greater
variability in login challenges; 2) Detailed analysis of the shoulder surfing
threat that considers both simulated and human testing; 3) A first look at
image processing techniques to contribute towards automated photograph
filtering. We operationalize our observations and gather data in a field
context where decentralized mechanisms of varying entropy were installed on the
personal devices of participants. Across two working weeks success rates
collected from users of a high entropy version were similar to those of a low
entropy version at 77%, and login durations decreased significantly across the
study. Keywords: graphical passwords, mobile devices, shoulder surfing | |||
| Usably secure, low-cost authentication for mobile banking | | BIBAK | Full-Text | 4 | |
| Saurabh Panjwani; Edward Cutrell | |||
| This paper explores user authentication schemes for banking systems
implemented over mobile phone networks in the developing world. We analyze an
authentication scheme currently deployed by an Indian mobile banking service
provider which uses a combination of PINs and printed codebooks for
authenticating users. As a first step, we report security weaknesses in that
scheme and show that it is susceptible to easy and efficient PIN recovery
attacks. We then propose a new scheme which offers better secrecy of PINs,
while still maintaining the simplicity and scalability advantages of the
original scheme. Finally, we investigate the usability of the two schemes with
a sample of 34 current and potential customers of the banking system. Our
findings suggest that the new scheme is more efficient, less susceptible to
human error and better preferred by the target consumers. Keywords: ICTD, PIN, authentication, banking, developing regions, mobile, paper,
security, usability | |||
| Two heads are better than one: security and usability of device associations in group scenarios | | BIBAK | Full-Text | 5 | |
| Ronald Kainda; Ivan Flechais; A. W. Roscoe | |||
| We analyse and evaluate the usability and security of the process of
bootstrapping security among devices in group scenarios. While a lot of work
has been done in single user scenarios, we are not aware of any that focusses
on group situations. Unlike in single user scenarios, bootstrapping security in
a group requires coordination, attention, and cooperation of all group members.
In this paper, we provide an analysis of the security and usability of
bootstrapping security in group scenarios and present the results of a
usability study on these scenarios. We also highlight crucial factors necessary
for designing for secure group interactions. Keywords: device association, group interactions, security protocols, usability | |||
| Influence of user perception, security needs, and social factors on device pairing method choices | | BIBAK | Full-Text | 6 | |
| Iulia Ion; Marc Langheinrich; Ponnurangam Kumaraguru; Srdjan Capkun | |||
| Recent years have seen a proliferation of secure device pairing methods that
try to improve both the usability and security of today's de-facto standard --
PIN-based authentication. Evaluating such improvements is difficult. Most
comparative laboratory studies have so far mainly focused on completeness,
trying to find the single best method among the dozens of proposed approaches
-- one that is both rated the most usable by test subjects, and which provides
the most robust security guarantees. This search for the "best" pairing method,
however, fails to take into account the variety of situations in which such
pairing protocols may be used in real life. The comparative study reported
here, therefore, explicitly situates pairing tasks in a number of more
realistic situations. Our results indicate that people do not always use the
easiest or most popular method -- they instead prefer different methods in
different situations, based on the sensitivity of data involved, their time
constraints, and the social conventions appropriate for a particular place and
setting. Our study also provides qualitative data on factors influencing the
perceived security of a particular method, the users' mental models surrounding
security of a method, and their security needs. Keywords: authentication, device pairing, security, social factors, usability, user
studies | |||
| The impact of social navigation on privacy policy configuration | | BIBAK | Full-Text | 7 | |
| Andrew Besmer; Jason Watson; Heather Richter Lipford | |||
| Social navigation is a promising approach to help users make better privacy
and security decisions using community knowledge and expertise. Social
navigation has recently been applied to several privacy and security systems
such as peer-to-peer file sharing, cookie management, and firewalls. However,
little empirical evaluation of social navigation cues has been performed in
security or privacy systems to understand the real impact such knowledge has on
user behavior and the resulting policies. In this paper, we explore the
application of social navigation to access control policy configuration using
an empirical between subjects study. Our results indicate that community
information does impact user behavior, but only when the visual representation
of the cue is sufficiently strong. Keywords: policy configuration, privacy, social navigation, social networking | |||
| Optimizing a policy authoring framework for security and privacy policies | | BIBAK | Full-Text | 8 | |
| Maritza Johnson; John Karat; Clare-Marie Karat; Keith Grueneberg | |||
| Policies which address security and privacy are pervasive parts of both
technical and social systems, and technology to enable both organizations and
individuals to create and manage such policies is seen as a critical need in
IT. This paper describes policy authoring as a key component to usable privacy
and security systems, and advances the notions of policy templates in a policy
management environment in which different roles with different skill sets are
seen as important. We discuss existing guidelines and provide support for the
addition of new guidelines for usable policy authoring for security and privacy
systems. We describe the relationship between general policy templates and
specific policies, and the skills necessary to author each of these in a way
that produces high-quality policies. We also report on an experiment in which
technical users with limited policy experience authored policy templates using
a prototype template authoring user interface we developed. Keywords: policy authoring, policy management, policy refinement, privacy policy,
security policy, user experience design | |||
| Feasibility of structural network clustering for group-based privacy control in social networks | | BIBAK | Full-Text | 9 | |
| Simon Jones; Eamonn O'Neill | |||
| Users of social networking sites often want to manage the sharing of
information and content with different groups of people based on their
differing relationships. However, grouping contacts places a significant
configuration burden on the user. Automated approaches to grouping may have the
potential to reduce this burden, however, their use remains largely untested.
We investigate people's rationales when grouping their contacts for the purpose
of controlling their privacy, finding six criteria that they commonly
considered. We assess an automated approach to grouping, based on a network
clustering algorithm, whose performance may be analogous to the human's use of
some of these criteria. We find that the similarity between the groups created
by people and those created by the algorithm is correlated with the modularity
of their network. We also demonstrate that the particular clustering algorithm,
SCAN, which detects hubs and outliers within a network can be beneficial for
identifying contacts who are hard to group or for whom privacy preferences are
inconsistent with the rest of their group. Keywords: automation, content sharing, group-based access control, network structure,
privacy, social media, social networks, tie strength | |||
| Where do security policies come from? | | BIBA | Full-Text | 10 | |
| Dinei Florêncio; Cormac Herley | |||
| We examine the password policies of 75 different websites. Our goal is
understand the enormous diversity of requirements: some will accept simple
six-character passwords, while others impose rules of great complexity on their
users. We compare different features of the sites to find which characteristics
are correlated with stronger policies. Our results are surprising: greater
security demands do not appear to be a factor. The size of the site, the number
of users, the value of the assets protected and the frequency of attacks show
no correlation with strength. In fact we find the reverse: some of the largest,
most attacked sites with greatest assets allow relatively weak passwords.
Instead, we find that those sites that accept advertising, purchase sponsored
links and where the user has a choice show strong inverse correlation with
strength.
We conclude that the sites with the most restrictive password policies do not have greater security concerns, they are simply better insulated from the consequences of poor usability. Online retailers and sites that sell advertising must compete vigorously for users and traffic. In contrast to government and university sites, poor usability is a luxury they cannot afford. This in turn suggests that much of the extra strength demanded by the more restrictive policies is superfluous: it causes considerable inconvenience for negligible security improvement. | |||
| Folk models of home computer security | | BIBAK | Full-Text | 11 | |
| Rick Wash | |||
| Home computer systems are insecure because they are administered by
untrained users. The rise of botnets has amplified this problem; attackers
compromise these computers, aggregate them, and use the resulting network to
attack third parties. Despite a large security industry that provides software
and advice, home computer users remain vulnerable. I identify eight 'folk
models' of security threats that are used by home computer users to decide what
security software to use, and which expert security advice to follow: four
conceptualizations of 'viruses' and other malware, and four conceptualizations
of 'hackers' that break into computers. I illustrate how these models are used
to justify ignoring expert security advice. Finally, I describe one reason why
botnets are so difficult to eliminate: they cleverly take advantage of gaps in
these models so that many home computer users do not take steps to protect
against them. Keywords: folk models, home security, mental models | |||
| Improving users' security choices on home wireless networks | | BIBAK | Full-Text | 12 | |
| Justin T. Ho; David Dearman; Khai N. Truong | |||
| Home networks are common but notoriously difficult to setup and maintain.
The difficulty users experience in setting up and maintaining their home
network is problematic because of the numerous security threats that can
exploit poorly configured and maintained network security. Because there is
little empirical data to characterize the usability problems associated with
the adoption of wireless network security, we surveyed primary caretakers and
users of 20 home networks, examining their perceptions and usage of the
security features available to them. We found that users did not understand the
difference between access control lists and encryption, and that devices fail
to properly notify users of weak security configuration choices. To address
these issues, we designed and evaluated a novel wireless router configuration
wizard that encouraged strong security choices by improving the network
configuration steps. We found that security choices made by users of our wizard
resulted in stronger security practices when compared to the wizard from a
leading equipment manufacturer. Keywords: access control, configuration, mental model, usable security, wireless
network | |||
| Textured agreements: re-envisioning electronic consent | | BIBAK | Full-Text | 13 | |
| Matthew Kay; Michael Terry | |||
| Research indicates that less than 2% of the population reads license
agreements during software installation [12]. To address this problem, we
developed textured agreements, visually redesigned agreements that employ
factoids, vignettes, and iconic symbols to accentuate information and highlight
its personal relevance. Notably, textured agreements accomplish these goals
without requiring modification of the underlying text. A between-subjects
experimental study with 84 subjects indicates these agreements can
significantly increase reading times. In our study, subjects spent
approximately 37 seconds on agreement screens with textured agreements,
compared to 7 seconds in the plain text control condition. A follow-up study
examined retention of agreement content, finding that median scores on a
comprehension quiz increased by 4 out of 16 points for textured agreements.
These results provide convincing evidence of the potential for textured
agreements to positively impact software agreement processes. Keywords: EULA, end-user license agreement, informed consent | |||
| On the impact of real-time feedback on users' behaviour in mobile location-sharing applications | | BIBAK | Full-Text | 14 | |
| Lukasz Jedrzejczyk; Blaine A. Price; Arosha K. Bandara; Bashar Nuseibeh | |||
| Effective privacy management requires that mobile systems' users be able to
make informed privacy decisions as their experience and knowledge of a system
progresses. Prior work has shown that making such privacy decisions is a
difficult task for users because systems do not provide support for awareness,
visibility and accountability when sharing privacy-sensitive information. This
paper reports results of our investigation into the efficacy of realtime
feedback as a mechanism for incorporating these features of social translucence
in location-sharing applications, in order to help users make better privacy
decisions. We explored the role of real-time feedback in the context of Buddy
Tracker, a mobile location-sharing application. Our work focuses on ways in
which real-time feedback affects people's behaviour in order to identify the
main criteria for acceptance of this technology. Based on the data from a three
week field trial of Buddy Tracker, a focus group session, and interviews, we
found that when using a system that provided real-time feedback, people were
more accountable for their actions and reduced the number of unreasonable
location requests. We have used the results of our study to propose high-level
design criteria for incorporating real-time feedback into information sharing
applications in a manner that ensures social acceptance of the technology. Keywords: feedback, location based services, mobile computing, privacy management,
social translucence | |||
| Parenting from the pocket: value tensions and technical directions for secure and private parent-teen mobile safety | | BIBAK | Full-Text | 15 | |
| Alexei Czeskis; Ivayla Dermendjieva; Hussein Yapit; Alan Borning; Batya Friedman; Brian Gill; Tadayoshi Kohno | |||
| An increasing number of high-tech devices, such as driver monitoring systems
and Internet usage monitoring tools, are advertised as useful or even necessary
for good parenting of teens. Simultaneously, there is a growing market for
mobile "personal safety" devices. As these trends merge, there will be
significant implications for parent-teen relationships, affecting domains such
as privacy, trust, and maturation. Not only the teen and his or her parents are
affected; other important stakeholders include the teen's friends who may be
unwittingly monitored. This problem space, with less clear-cut assets, risks,
and affected parties, thus lies well outside of more typical computer security
applications.
To help understand this problem domain and what, if anything, should be built, we turn to the theory and methods of Value Sensitive Design, a systematic approach to designing for human values in technology. We first develop value scenarios that highlight potential issues, benefits, harms, and challenges. We then conducted semi-structured interviews with 18 participants (9 teens and their parents). Results show significant differences with respect to information about: 1) internal state (e.g., mood) versus external environment (e.g., location) state; 2) situation (e.g., emergency vs. non-emergency); and 3) awareness (e.g., notification vs. non-notification). The value scenario and interview results positioned us to identify key technical challenges -- such as strongly protecting the privacy of a teen's contextual information during ordinary situations but immediately exposing that information to others as appropriate in an emergency -- and corresponding architectural levers for these technologies. In addition to laying a foundation for future work in this area, this research serves as a prototypical example of using Value Sensitive Design to explicate the underlying human values in complex security domains. Keywords: direct and indirect stakeholders, maturation, mobile phones, parenting
technologies, privacy, safety, security, teenagers, value dams and flows, value
sensitive design, value tensions | |||
| Towards understanding ATM security: a field study of real world ATM use | | BIBAK | Full-Text | 16 | |
| Alexander De Luca; Marc Langheinrich; Heinrich Hussmann | |||
| With the increase of automated teller machine (ATM) frauds, new
authentication mechanisms are developed to overcome security problems of
personal identification numbers (PIN). Those mechanisms are usually judged on
speed, security, and memorability in comparison with traditional PIN entry
systems. It remains unclear, however, what appropriate values for PIN-based ATM
authentication actually are. We conducted a field study and two smaller
follow-up studies on real-world ATM use, in order to provide both a better
understanding of PIN-based ATM authentication, and on how alternative
authentication methods can be compared and evaluated. Our results show that
there is a big influence of contextual factors on security and performance in
PIN-based ATM use. Such factors include distractions, physical hindrance, trust
relationships, and memorability. From these findings, we draw several
implications for the design of alternative ATM authentication systems, such as
resilience to distraction and social compatibility. Keywords: ATM, authentication, design implications, field study, lessons learned,
security | |||