2 WHY CRYPTOSYSTEMS FAIL (ANDERSON, 1993) Traditionally, it was assumed that the biggest security threat is from sophisticated cryptanalysis Assumes government (e.g. NSA)-level capabilities In practice, however, it is not the encryption products but how they are deployed that is the problem Using the wrong products Poor implementation/integration Sloppy operating procedures
3 WHY CRYPTOSYSTEMS FAIL (CONT.) Security groups are rarely well-integrated into corporate culture High turnover rate Companies selling security products overestimate the level of competence of their customers A new threat model is needed Need to concentrate on what is likely to happen rather than what could happen Features not getting used correctly Need to understand how security products are actually used
4 WHY JOHNNY CAN T ENCRYPT (TYGAR, 1999) Given no prior training Can users encrypt messages in an ecologically valid setting?
6 WHY JOHNNY CAN T ENCRYPT (CONT.) 12 participants were recruited from a political campaign office Users were given Eudora and PGP and asked to send internal messages regarding the campaign, in encrypted form Given an introduction to Eudora but not to PGP
7 WHY JOHNNY CAN T ENCRYPT (RESULTS) 1 participant was unable to figure out how to encrypt, and two participants took > 25 min to send the 1 st message 7 participants mistakenly used their public key to encrypt Only 2 participants correctly encrypted a message in the 90 minute session Conclusion: standard user interface design fails for security applications, such as encryption!
8 USABLE SECURITY Applying human-computer interaction (HCI) to computer security Understanding How security systems are used in practice How a better interface can improve user security Better practices Better understanding
9 PAPERS OVERVIEW Publication landscape In contrast to other fields Best work in CS is usually published first at conferences Later collected together into Journal articles CHI conference
10 Moncur, W. and Leplâtre, G Pictures at the ATM: exploring the usability of multiple graphical passwords. In Proceedings of CHI ' PICTURES AT THE ATM
11 ATM SECURITY Token Knowledge-based password, 4-digits Users have approx. 5 token/password combinations on average
12 IT S HARD TO REMEMBER PINS!
13 INSECURE MEMORY STRATEGIES Write down PINs Make them all the same Disclose them to friends and family (some studies suggest up to 30% of the time)
14 BACKGROUND Picture Superiority Effect: People remember images better than words, and other semantic or syntactic information Graphical Password Types Locimetric (salient points) Drawmetric (sketch a picture) Cognometric (recognize pictures)
15 THE SYSTEM
16 THE CONTROL
17 HYPOTHESES H1: Multiple graphical passwords are more memorable than multiple PIN numbers H2: Memorability of multiple graphical passwords can be improved using a mnemonic to aid recall H3: Memorability of multiple graphical passwords can be improved by showing password and distracter images against a signature colored background.
18 METHODOLOGY Web-based at home study, 172 participants Must remember five PIN/bank combinations Initial training, three tests spaced by two weeks Five groups: Control 0: 4-digit numeric PIN Experimental 1: Graphical passwords Experimental 2: Graphical passwords with signature color background to augment memorability Experimental 3: Graphical passwords with explicit mnemonic strategy Experimental 4: Graphical passwords with mnemonic strategy and color background
19 EMPIRICAL STUDY RESULTS
20 EMPIRICAL STUDY RESULTS
21 EMPIRICAL STUDY RESULTS
22 DISCUSSION Core hypothesis confirmed Users benefited from mnemonic, did not benefit from color Users frequently got the right set of images, but the wrong order Future work Larger sample size to examine large-scale patterns such as age Longer periods of time Semantically equivalent images
23 Stoll, J., Tashman, C. S., Edwards, W., and Spafford, K Sesame: informing user security decisions with system visualization. In Proceeding of CHI ' HELPING USERS UNDERSTAND SECURITY ISSUES THROUGH SYSTEM VISUALIZATION
24 SOME REAL SECURITY PROMPTS AVG Update downloader is trying to access the Internet The firewall has blocked Internet access to your computer [FTP] from [TCP Port 57796, Flags: S] [Your] AntiSpyware has detected that the Windows NetBIOS Messenger Service is currently running. (This service should not be confused with the peer-to-peer Windows Messenger service, or MSN Messenger service which are used for Internet Chat). Beginning with Windows XP Service Pack 2, the Windows NetBIOS Messenger service What would you like to do?
25 HOW DO YOU COMMUNICATE COMPLEX SECURITY CONCEPTS TO AN END USER? Information provided by security tools is technical, and difficult to interpret Users are in a hurry, and expect things to just work Must choose between dealing with more boxes in the future, and making a permanent decision
26 THE VISUALIZATION CHALLENGE
27 DESIGN (CONT.)
28 ZONE ALARM FIREWALL
29 METHODOLOGY 20 participants (9 female, 11 male) Undergraduates; no CS/Engineering None considered themselves to be experts 6 tasks 4 allow/forbid incoming connection 2 phishing site tasks Between-subjects, 2 conditions
30 EMPIRICAL STUDY RESULTS
31 EMPIRICAL STUDY RESULTS
32 DISCUSSION Users performed better (statistically significant) with Sesame Post-interviews indicate that: Most participants in the control did not know how to use information presented 5 participants allowed/denied all requests All participants in experimental group used information presented All users understood foreground processes, only 2 understood background processes Understood arrows, and remote computers
33 Egelman, S., Cranor, L. F., and Hong, J You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceeding of CHI ' AN EMPIRICAL STUDY OF PHISHING WARNINGS IN WEB BROWSERS
34 BANNER BLINDNESS
35 INTERNET EXPLORER 7
36 INTERNET EXPLORER 7
37 FIREFOX 2
38 STUDY METHODOLOGY 70 participants Assigned to conditions based on what browser (and version) they use: Internet Explorer, Active Internet Explorer, Passive Firefox, Active Control (no warning) Participants were told they were in an online shopping study; used their personal information to buy two items Amazon ebay
39 STUDY METHODOLOGY (CONT.) Bought from store Were sent a Spear Phishing message saying their purchase needed to be confirmed Checked to confirm Clicking link in the message produced Phishing warning message
40 EMPIRICAL STUDY FINDINGS
41 EMPIRICAL STUDY FINDINGS
42 DISCUSSION 50% of IE condition recognized warning, 20% for Firefox IE has a very similar warning for an expired cookie IE warning may have suffered from habituation: Oh, I always ignore those Looked like warnings I see at work which I know to ignore I see them daily Since it gave me the option of proceeding to the site, I figured it couldn t be that bad. Most participants did not appear to understand that can be faked; thus they were confused as to why they got this warning message
43 DESIGN REQUIREMENTS Interrupt the primary task Provide clear choices Failing safely Preventing habituation Altering the phishing website Users trust sites primarily based on its look and feel
44 Sankarpandian, K., Little, T., and Edwards, W. K Talc: using desktop graffiti to fight software vulnerability. In Proceeding of CHI ' PERSUADING USERS TO INSTALL SECURITY UPDATES
45 DON T INTERRUPT ME!
46 HOW DO YOU PERSUADE A USER TO INSTALL UPDATES? Ambient display Constant, non-intrusive reminder Allows users to respond at their own pace
47 THE GRAFFITI SOLUTION
48 THE GRAFFITI SOLUTION Allows users to respond at their own pace Size of graffiti denotes severity Images chosen randomly from a predetermined corpus In order to clear the graffiti off of their desktop, they must install the patches
49 METHODOLOGY 10 participants, recruited from outside the university context Used TALC at home, on their personal computers for a week TALC logged usage and patch data, and periodically uploaded it
50 EMPIRICAL STUDY RESULTS
51 EMPIRICAL STUDY RESULTS
52 DISCUSSION Users appear to return to address threats later Users appeared to become aware of the patches they needed to install Is this an appropriate solution for a business context? Are there issues interpreting this type of feedback across cultures?
EECE 412, TERM PROJECT, DECEMBER 2009 1 EECE 412 Term Project: A Study on SSL Warning Effectiveness Ildar Muslukhov Andreas Sotirakopoulos Levi Stoddard firstname.lastname@example.org email@example.com firstname.lastname@example.org
Reading an email sent with Voltage SecureMail Using the Voltage SecureMail Zero Download Messenger (ZDM) SecureMail is an email protection service developed by Voltage Security, Inc. that provides email
01. Introduction Welcome to the Installation of MITA Virtual Private Network Installation Guide. The system allows access to the MAGNET services from your Internet connection in a secure manner. Before
Logging into Citrix (Epic) using an RSA Soft Token - New RSA User Soft Token Installation and Logging into Citrix (Epic) using an RSA Soft Token A. For new RSA users: downloading & importing your RSA Soft
1. What is StarToken? StarToken is the next generation Internet banking security solution that is being offered by Bank of India to all its Internet Banking customers (Retail as well as Corporate). StarToken
Personal Firewall Usability-A Survey Jiao Dapeng Helsinki University of Technology Jiao.Dapeng@hut.fi Abstract In this paper, we focus on the usability challenges presented by personal firewalls. Nowadays,
VPN Web Portal Usage Guide Table of Contents WHAT IS VPN WEB CLIENT 4 SUPPORTED WEB BROWSERS 4 LOGGING INTO VPN WEB CLIENT 5 ESTABLISHING A VPN CONNECTION 6 KNOWN ISSUES WITH MAC COMPUTERS 6 ACCESS INTRANET
Introweb Remote Backup Client for Mac OS X User Manual Version 3.20 1. Contents 1. Contents...2 2. Product Information...4 3. Benefits...4 4. Features...5 5. System Requirements...6 6. Setup...7 6.1. Setup
Proofpoint provides the capability for external users to send secure/encrypted emails to EBS-RMSCO employees. To create a new email message to be sent securely to an EBS-RMSCO employee: 1. Click on the
CITRIX TROUBLESHOOTING TIPS The purpose of this document is to outline the Most Common Frequently Asked Questions regarding access to the County of York Computer Systems via Citrix. SYSTEM REQUIREMENTS:
Student service user guide Version 1.0, July 2013 This guide is designed to help Exams Officers and teachers understand what students see when they log into the new enhanced version of ResultsPlus Direct,
The jmrdesign Service Desk provides supported client users with a more comprehensive resource and easier to use interface. The jmrdesign Service Desk is designed to increase the efficiency and reduce the
Information Technology Services Page 1 of 7 ConnectIT How to Connect and End a Remote Support Session (for Windows & IE / Firefox) This document shows how to respond to a remote support request from ITS
SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems What is SSH?: SSH is an application that protects the TCP/IP connections between two computers. The software
FAKE ANTIVIRUS MALWARE This information has come from http://www.bleepingcomputer.com/ - a very useful resource if you are having computer issues. The latest tactic currently being used by malware creators
WebLink Login Guide First Advisors Login Guide In order to conform to the Federal Financial Institutions Examination Council (FFIEC) Authentication Guidance, our First Advisors site requires you to step
SETTING UP YOUR REMOTE DESKTOP This section will assist you in setting you Remote Desktop Connection. This will allow you to create an icon for easy access to your virtual desktop. DISCLAIMER: All images
While some MCPS applications run on Macintosh computers, other applications do not function properly. One method to get these applications (such as Outlook and Special Education s O/SS) is to add a mini-program
NAS 225 Introduction to FTP Explorer Connect to FTP sites and transfer files A S U S T O R C O L L E G E COURSE OBJECTIVES Upon completion of this course you should be able to: 1. Use FTP Explorer to connect
Secure File Sharing FAQ & Troubleshooting Tips Q: I am accessing Secure File Sharing through a firewall. What should I do? A: Provide the following firewall rules to your IT Professional. Firewall Rules
Remote Online Support STRONGVON Tournament Management System 1 Overview The Remote Online Support allow STRONGVON support personnel to log into your computer over the Internet to troubleshoot your system
FTP-Stream Module: InstantShare End User Guide InstantShare Overview InstantShare is an easy way to quickly share large files to external partners and to request them to send files back to you. But unlike
Step 1 - Access the SHRT State Health Repository Tool (SHRT) Testing Instructions 1. Close out any other open browsers. 2. Enter https://shrt.adp.com in the Address field of your browser and press Enter
File Transfer Service The LRS File Transfer Service offers a way to send and receive files in a secured environment using HTTPS or FTPS. It also supports unsecured standard FTP transfers. The service supports
Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware
DEG Web User Guide State of Michigan Data Exchange Gateway Web PC-SETUP For Data Exchange Gateway (DEG) Web--https Secure Internet File Transfer... 2 BASIC OPERATIONS... 6 Logging In... 6 Downloading...
Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN
USING TEAMVIEWER QUICKSUPPORT FOR REMOTE ASSISTANCE FEBRUARY 2013 Table of Contents Introduction...3 Arrange a remote support session...3 Download and run the TeamViewer QuickSupport application...3 Start
IBI Group FTP: Usage Instructions Version: Windows; Last Updated: April 22 nd 2009 There are two IBI Group supported methods for connecting to the FTP site, My Computer and FileZilla Client Software. If
Human Behaviour and Security Compliance M. Angela Sasse University College London, UK Research Institute for Science of Cyber Security www.ucl.ac.uk/cybersecurity/ Academic Centre of Excellence for Cyber
ORIXCLOUD BACKUP CLIENT USER MANUAL LINUX 1. Product Information Product: Orixcloud Backup Client for Linux Version: 4.1.7 1.1 System Requirements Linux (RedHat, SuSE, Debian and Debian based systems such
ConnectWise Total Control: Managed Email Threat Protection Version: 1.5 Creation Date: 11-September-2009 Last Updated: 24-August-2012 LOGGING IN An e-mail will be or has sent with your username and password.
Online Backup Client User Manual Linux 1. Product Information Product: Online Backup Client for Linux Version: 4.1.7 1.1 System Requirements Operating System Linux (RedHat, SuSE, Debian and Debian based
GLOBAL PAYMENTS AND CASH MANAGEMENT HSBCnet Application Guide August 2006 HSBCnet Application Guide TABLE OF CONTENT Page Overview 1 Step 1 Verifying the Minimum System Requirements 2 1.1 Operating System
Topic 1 Lesson 1: Importance of network security 1 Initial list of questions Why is network security so important? Why are today s networks so vulnerable? How does Melissa virus work? How does I love you
Why Johnny Can t Encrypt: A Usability Evaluation of PGP 5.0 Alma Whitten and J. D. Tygar Presentation by Jukka Valkonen email@example.com 25.10.2006 Outline 1. Background 2. Test methods and results
Verizon Internet Security Suite Powered by McAfee Installation Guide for Home Users ii Contents Introduction 3 System requirements 5 Installing Verizon Internet Security Suite 7 Signing in to your account...
For Mac OS X Software version 4.1.7 Version 2.2 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by other means.
Network Connect Installation and Usage Guide I. Installing the Network Connect Client..2 II. Launching Network Connect from the Desktop.. 9 III. Launching Network Connect Pre-Windows Login 11 IV. Installing
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
Beyond Remote Control Features that Take Remote Control Capabilities to the Next Level of Network Management Remote control technologies can enable a system administrator to connect directly to the desktop
Network Security Demo: Web browser Email Messages An email message can be instantly forwarded around the globe, even if accidentally. Do not write anything in a message that you will later regret! Read
Updated 11/23/2009 Page 1 of 10 Table Of Contents 1.0 OVERVIEW... 3 1.0.1 CONNECTING USING AN FTP CLIENT... 3 1.0.2 CONNECTING USING THE WEB INTERFACE... 3 1.0.3 GETTING AN ACCOUNT... 3 2.0 TRANSFERRING
Terminal Server Guide Contents What is Terminal Server?... 2 How to use Terminal Server... 2 Remote Desktop Connection Client... 2 Logging in... 3 Important Security Information... 4 Logging Out... 4 Closing
STEP 01 Nortel Contivity VPN Client Installation The screen shots below may not be exactly what you see while installing the Contivity VPN Client on your PC. Different browsers and operating systems may
Protected PDF Common Installation Issues July 14, 2011 Version 1.1 TABLE OF CONTENTS Basic Instructions for Readers ------------------------------------------------------------------------- 2 Common Questions
SM CitiDirect BE Getting Started Kit Solution Corporate and Public Sector Clients in Singapore Welcome to CitiDirect BE! CitiDirect BE is the evolution of CitiDirect Online Banking (CitiDirect). New user-friendly
An Introduction to UC- UC----, based upon the Internet application services, is a new generation of large-scale Distributive real time monitor system, as well as a server administration system which has
A Short Study on Security Indicator Interfaces Technical Report UCSC-WASP-15-04 November 2015 D J Capelis firstname.lastname@example.org Working-group on Applied Security and Privacy Storage Systems Research Center University
Web Hosting Training Guide Internet Explorer version Doc Ref: GC278_v1.1 Author: Glow Team Page 1 of 28 Ref: GC278_v1.1 Contents Introduction... 3 What is the Glow Web Hosting service?... 3 Why use the
Mobile Backup Web Application Using Image Processing Authentication 1 Walse Reshma S. 2 Khemnar Archana M. 3 Padir Maya S. 4 Prof.K.P.Somase Department Of Computer Engineering, Jcoe(Kuran),Tal:Junnar,Dist:Pune
HOW TO: ACCESS MYSTANWELL.COM USING WINDOWS WITH MOZILLA FIREFOX What is mystanwell.com? The remote access web site called mystanwell.com allows staff to access Stanwell applications via the Internet using
Quick Start Guide Installation and Setup Introduction Velaro s live help and survey management system provides an exciting new way to engage your customers and website visitors. While adding any new technology
A beginners guide in how to make a Laptop/PC more secure. This guide will go through the common ways that a user can make their computer more secure. Here are the key points covered: 1) Device Password
NewNet 66 Network Security Spyware... Understanding the Threat What is Spyware? Spyware is an evolved term. In the mid 90s, it was used to refer to high-tech espionage gadgets. By the late 90s, it became
General tips for increasing the security of using First Investment Bank's internet banking Dear Clients, First Investment Bank (Fibank, the Bank) provides you with high level of protection and security
January 2002, Vol. 4 Issue 1 Volume 4 Issue 1 Past Issues A-Z List Usability News is a free web newsletter that is produced by the Software Usability Research Laboratory (SURL) at Wichita State University.
SECTION 1 TO BE COMPLETED BY THE APPLICANT By completing the below information the requestor/applicant acknowledges and agrees that he/she has read, understood and will comply with the following: CHECK
K7 Business Lite User Manual About the Admin Console The Admin Console is a centralized web-based management console. The web console is accessible through any modern web browser from any computer on the
Online Backup Client User Manual Mac OS 1. Product Information Product: Online Backup Client for Mac OS X Version: 4.1.7 1.1 System Requirements Operating System Mac OS X Leopard (10.5.0 and higher) (PPC
Online Backup Client User Manual Mac OS 1. Product Information Product: Online Backup Client for Mac OS X Version: 4.1.7 1.1 System Requirements Operating System Mac OS X Leopard (10.5.0 and higher) (PPC
Topic Website Tutorial 18 Security And Backups Since your online strategy is a core component of your business plan, you need to ensure that you are able to recover all your files should your website crash
ESET Mobile Security Business Edition for Windows Mobile Installation Manual and User Guide Click here to download the most recent version of this document Contents 1. Installation...3 of ESET Mobile Security
Why Johnny Can't Encrypt: A Usability Study of PGP Jan Sousedek Technische Universität Berlin, Germany Erasmus program Summer semester 2008 Seminar: Internet Security email@example.com Abstract Interfaces
Quarantine Network for Specialised Equipment. Using Remote Desktop to get data in and out of the quarantine network V1.2 It is now possible to connect through a gateway or terminal server to PCs connected
Authentication Part 4: Issues and Implications People and Security Lecture 8 The great authentication fatigue (1) 23 knowledge workers asked to keep a diary of all their authentication events for 24 hours
WebEx Remote Access White Paper The CBORD Group, Inc. Document Revision: 1 Last revised: October 30, 2007 Changes are periodically made to the information contained in this document. While every effort
Connecting to Remote Desktop Windows Users How to log into the College Network from Home 1. Start the Remote Desktop Connection For Windows XP, Vista and Windows 7 this is found at:- Star t > All Programs
USER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29 Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB Table of Contents UNIT 1: Lab description... 3 Pre-requisites:... 3 UNIT 2: Launching an instance on EC2...
Helpdesk Ticketing User Guide University College of the North 1/5/2012 Table of Contents UCN Helpdesk Ticketing System Requirements... 1 Logging into Helpdesk Ticketing System... 1 Support Center Options...
Using Microsoft Expression Web to Upload Your Site Using Microsoft Expression Web to Upload Your Web Site This article briefly describes how to use Microsoft Expression Web to connect to your Web server
Protegent 360- Complete Security Software It s Time to Think Beyond Anti-Virus Anti-virus, Internet Security and total security are common words describing security software, but only for Internet threats.
Quick Start for Webroot Internet Security Complete, Version 7.0 This Quick Start describes how to install and begin using the Webroot Internet Security Complete 2011 software. This integrated suite delivers
Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major
Objective: At the end of this module, you must be able to 1. Establish a basic understanding of the Internet 2. Understand the Internet's evolution What is Internet? Internet is a vast collection of different
Remote Deposit FAQs The following Frequently Asked Questions (FAQs) are provided for use with the Remote Deposit service. Select one of the following links to navigate to the FAQ topic you are interested
Getting Started with MozyPro Online Backup Online Software from Time Warner Cable Business Class A Guide for Users MozyPro is an online backup service with an easy to use interface so you can start backing
Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without
Remote Connection Protocols There are many different ways in which we can connect to a remote machine over the Internet. These include (but are not limited to): - telnet (typically to connect to a machine
Unipass Securemail Client User Guide v1.2 This document provides a step by step illustrated user guide for the Unipass Securemail desktop software client / plug-in. UIdP Project Team 28/06/2015 Contents
Your consent to our cookies if you continue to use this website.