3,076 research outputs found
A Model for Enhancing Human Behaviour with Security Questions: A Theoretical Perspective
In recent years, technological improvements have provided a variety of new opportunities for insurance companies to adopt telematics devices in line with usage-based insurance models. This paper sheds new light on the application of big data analytics for car insurance companies that may help to estimate the risks associated with individual policyholders based on complex driving patterns. We propose a conceptual framework that describes the structural design of a risk predictor model for insurance customers and combines the value of telematics data with deep learning algorithms. The model’s components consist of data transformation, criteria mining, risk modelling, driving style detection, and risk prediction. The expected outcome is our methodology that generates more accurate results than other methods in this area
A Model for Enhancing Human Behaviour with Security Questions: A Theoretical Perspective
Security questions are one of the mechanisms used to recover passwords.
Strong answers to security questions (i.e. high entropy) are hard for attackers
to guess or obtain using social engineering techniques (e.g. monitoring of
social networking profiles), but at the same time are difficult to remember.
Instead, weak answers to security questions (i.e. low entropy) are easy to
remember, which makes them more vulnerable to cyber-attacks. Convenience leads
users to use the same answers to security questions on multiple accounts, which
exposes these accounts to numerous cyber-threats. Hence, current security
questions implementations rarely achieve the required security and memorability
requirements. This research study is the first step in the development of a
model which investigates the determinants that influence users' behavioural
intentions through motivation to select strong and memorable answers to
security questions. This research also provides design recommendations for
novel security questions mechanisms.Comment: 11, Australasian Conference on Information Systems, 201
Usable Security. A Systematic Literature Review
Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed this balance. These studies, spanning psychology and computer science/engineering, contribute diverse perspectives, necessitating a systematic review to understand strategies and findings in this area. This systematic literature review examined articles on usable security from 2005 to 2022. A total of 55 research studies were selected after evaluation. The studies have been broadly categorized into four main clusters, each addressing different aspects: (1) usability of authentication methods, (2) helping security developers improve usability, (3) design strategies for influencing user security behavior, and (4) formal models for usable security evaluation. Based on this review, we report that the field’s current state reveals a certain immaturity, with studies tending toward system comparisons rather than establishing robust design guidelines based on a thorough analysis of user behavior. A common theoretical and methodological background is one of the main areas for improvement in this area of research. Moreover, the absence of requirements for Usable security in almost all development contexts greatly discourages implementing good practices since the earlier stages of development
Accessible and inclusive cyber security:a nuanced and complex challenge
It has been argued that human-centred security design needs to accommodate the considerations of three dimensions: (1) security, (2) usability and (3) accessibility. The latter has not yet received much attention. Now that governments and health services are increasingly requiring their citizens/patients to use online services, the need for accessible security and privacy has become far more pressing. The reality is that, for many, security measures are often exasperatingly inaccessible. Regardless of the outcome of the debate about the social acceptability of compelling people to access public services online, we still need to design accessibility into these systems, or risk excluding and marginalising swathes of the population who cannot use these systems in the same way as abled users. These users are particularly vulnerable to attack and online deception not only because security and privacy controls are inaccessible but also because they often struggle with depleted resources and capabilities together with less social, economic and political resilience. This conceptual paper contemplates the accessible dimension of human-centred security and its impact on the inclusivity of security technologies. We scope the range of vulnerabilities that can result from a lack of accessibility in security solutions and contemplate the nuances and complex challenges inherent in making security accessible. We conclude by suggesting a number of avenues for future work in this space.</p
INTELLIGENT ADVISORY SYSTEM FOR SUPPORTING COMPUTER-BASED AUTHENTICATION USERS
Authentication is one of the cornerstones of computer security systems today, and most users of computers interact withthese mechanisms on a daily basis. However, human factor has often been described as one of the weakest part of computersecurity as users of authentication are often identified to be the weakest link in the security chain. In related development ithas been demanding to merge usability with security in the choice of authentication method by computer users. To addressthe serious problem, this paper presents an intelligent advisory system based on artificial neural network that can assist usersof authentication systems on making decision on the authentication method that best suits them.Keywords: Intelligent, Advisory system, Authentication, Human Factor
How Wearable Technology Will Replace Verbal Authentication or Passwords for Universal Secure Authentication for Healthcare
Technology use is increasing in healthcare services, creating a concern for privacy, security, accessibility, and sharing of personal information. The issue increases for persons with disabilities. Cognitive, physical, or multiple disabilities make identification of individuals difficult or impossible, thus increasing the need for a caregiver or family member to verify the individual’s identity. The paper will present a conceptual model of knowledge contribution in patient authentication without verbal information exchange through the following factors: authentication with wearable technology, central location for personal information, and an authentication context model direction
ZETA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
Reliable authentication requires the devices and
channels involved in the process to be trustworthy; otherwise
authentication secrets can easily be compromised. Given the
unceasing efforts of attackers worldwide such trustworthiness
is increasingly not a given. A variety of technical solutions,
such as utilising multiple devices/channels and verification
protocols, has the potential to mitigate the threat of untrusted
communications to a certain extent. Yet such technical solutions
make two assumptions: (1) users have access to multiple
devices and (2) attackers will not resort to hacking the human,
using social engineering techniques. In this paper, we propose
and explore the potential of using human-based computation
instead of solely technical solutions to mitigate the threat of
untrusted devices and channels. ZeTA (Zero Trust Authentication
on untrusted channels) has the potential to allow people to
authenticate despite compromised channels or communications
and easily observed usage. Our contributions are threefold:
(1) We propose the ZeTA protocol with a formal definition
and security analysis that utilises semantics and human-based
computation to ameliorate the problem of untrusted devices
and channels. (2) We outline a security analysis to assess
the envisaged performance of the proposed authentication
protocol. (3) We report on a usability study that explores the
viability of relying on human computation in this context
Recommended from our members
Analysing usability and security issues in design and development of information systems
Recent technological advancements and the global economic challenges have meant that, individuals and businesses are constantly seeking new ways to exploit Information Systems (IS) and in manners that not only enhance user experiences and/or improve business processes and productivity, but also protect the individual‟s privacy and business assets for competitive advantage. Therefore, Information Systems need to be designed and developed to meet these challenges and/or other objectives. This thesis will delve primarily into the history of IS as a basis for establishing where the problem(s) lie or emanate from. It will focus on critically analysing existing Information Systems, and investigating the conflicting issues of usability and security, from an Information Systems Design and Development perspective by analysing various approaches. An in-depth review of literature and critical analysis of requirements necessary for the design and development of a usable and secure Information System will be carried out and will form the intellectual framework for this research. The premise therefore, is to look for a balanced approach or appropriate trade-off framework for designing usable-secure systems. The research will conclude with a discussion on how an envisaged conceptual framework or model can be developed based on certain influential factors, and how the framework can be experimentally evaluated, and to suggest areas for further improvement or future research
Useful shortcuts: Using design heuristics for consent and permission in smart home devices
Prior research in smart home privacy highlights significant issues with how users understand, permit, and consent to data use. Some of the underlying issues point to unclear data protection regulations, lack of design principles, and dark patterns. In this paper, we explore heuristics (also called “mental shortcuts” or “rules of thumb”) as a means to address security and privacy design challenges in smart homes. First, we systematically analyze an existing body of data on smart homes to derive a set of heuristics for the design of consent and permission. Second, we apply these heuristics in four participatory co-design workshops (n = 14) and report on their use. Third, we analyze the use of the heuristics through thematic analysis highlighting heuristic application, purpose, and effectiveness in successful and unsuccessful design outcomes. We conclude with a discussion of the wider challenges, opportunities, and future work for improving design practices for consent in smart homes
Multi-Factor Authentication: A Survey
Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.Peer reviewe
- …