551 research outputs found
Exploring Interface Sign Ontologies for Web User Interface Design and Evaluation: A User Study
Part 2: Organizational Semiotics and ApplicationsInternational audienceThe aim of this paper is twofold: firstly, to find the set of ontologies (i.e., the set of concepts and skills) presupposed by users when interpreting the meaning of web interface signs (i.e., the smallest elements of web user interfaces), and secondly, to investigate users’ difficulties in interpreting the meanings of interface signs belonging to different kinds of ontologies. In order to achieve these aims an empirical user study was conducted with 26 test participants. The study data was gathered by semi-structured interviews and questionnaires. Following an empirical research approach, descriptive statistics and qualitative data analysis were used to analyze the data. The study results provide a total of twelve ontologies and reveal the users’ difficulties in interpreting the meanings of interface signs belonging to different kinds of ontologies
"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication
Usable and secure authentication on the web and beyond is mission-critical.
While password-based authentication is still widespread, users have trouble
dealing with potentially hundreds of online accounts and their passwords.
Alternatives or extensions such as multi-factor authentication have their own
challenges and find only limited adoption. Finding the right balance between
security and usability is challenging for developers. Previous work found that
developers use online resources to inform security decisions when writing code.
Similar to other areas, lots of authentication advice for developers is
available online, including blog posts, discussions on Stack Overflow, research
papers, or guidelines by institutions like OWASP or NIST.
We are the first to explore developer advice on authentication that affects
usable security for end-users. Based on a survey with 18 professional web
developers, we obtained 406 documents and qualitatively analyzed 272 contained
pieces of advice in depth. We aim to understand the accessibility and quality
of online advice and provide insights into how online advice might contribute
to (in)secure and (un)usable authentication. We find that advice is scattered
and that finding recommendable, consistent advice is a challenge for
developers, among others. The most common advice is for password-based
authentication, but little for more modern alternatives. Unfortunately, many
pieces of advice are debatable (e.g., complex password policies), outdated
(e.g., enforcing regular password changes), or contradicting and might lead to
unusable or insecure authentication. Based on our findings, we make
recommendations for developers, advice providers, official institutions, and
academia on how to improve online advice for developers.Comment: Extended version of the paper that appears at ACM CCS 2023. 18 pages,
4 figures, 11 table
Zero-Knowledge User Authentication: An Old Idea Whose Time Has Come
User authentication can rely on various factors (e.g., a password, a
cryptographic key, biometric data) but should not reveal any secret or private
information. This seemingly paradoxical feat can be achieved through
zero-knowledge proofs. Unfortunately, naive password-based approaches still
prevail on the web. Multi-factor authentication schemes address some of the
weaknesses of the traditional login process, but generally have deployability
issues or degrade usability even further as they assume users do not possess
adequate hardware. This assumption no longer holds: smartphones with biometric
sensors, cameras, short-range communication capabilities, and unlimited data
plans have become ubiquitous. In this paper, we show that, assuming the user
has such a device, both security and usability can be drastically improved
using an augmented password-authenticated key agreement (PAKE) protocol and
message authentication codes.Comment: International Workshop on Security Protocols (SPW) 201
THE EYES HAVE IT: USING EYE TRACKING TECHNOLOGY TO ASSESS THE USABILITY OF LEARNING MANAGEMENT SYSTEMS IN ELEMENTARY SCHOOLS
Twenty-six students from a sixth grade math class in Upstate New York received guardian approval to participate in a study that gathered data pertaining to student navigation ability, information retrieval ability, and satisfaction in regards to the Learning Management System (LMS) their school utilized. Data collection began with the researchers attending math classes for observation and to conduct cognitive walkthroughs with the students to gather information about their experiences and navigation through the LMS. An eye tracker and the associated eye tracking software were utilized to monitor and detect patterns of eye movements when the students were looking at a device screen. For this study, students were monitored by the eye tracker while they attempted to complete several tasks from the experiment. By measuring the length of time taken by students as they completed tasks on the LMS, quantitative data can be collected and used later in the experiment. After analyzing the time metrics and the eye tracking data produced and feedback given on the questionnaire distributed at the beginning of the experiment, a targeted LMS page was slightly modified in hopes to increase the effectiveness of the page, based on user interface design standards. Well defined organization, accessibility, and usability in an LMS is essential to allow learners to focus to be on their curriculums, and not how to access their assignments. An in-depth analysis of navigation through an LMS will allow for a better understanding of how users interact with the structure of their curriculum in an electronic format. The study described in this paper intended to address the question of whether an LMS used in an elementary school setting can provide users with an interface that optimizes the accessibility and usability of their class materials
THE EYES HAVE IT: USING EYE TRACKING TECHNOLOGY TO ASSESS THE USABILITY OF LEARNING MANAGEMENT SYSTEMS IN ELEMENTARY SCHOOLS
Twenty-six students from a sixth grade math class in Upstate New York received guardian approval to participate in a study that gathered data pertaining to student navigation ability, information retrieval ability, and satisfaction in regards to the Learning Management System (LMS) their school utilized. Data collection began with the researchers attending math classes for observation and to conduct cognitive walkthroughs with the students to gather information about their experiences and navigation through the LMS. An eye tracker and the associated eye tracking software were utilized to monitor and detect patterns of eye movements when the students were looking at a device screen. For this study, students were monitored by the eye tracker while they attempted to complete several tasks from the experiment. By measuring the length of time taken by students as they completed tasks on the LMS, quantitative data can be collected and used later in the experiment. After analyzing the time metrics and the eye tracking data produced and feedback given on the questionnaire distributed at the beginning of the experiment, a targeted LMS page was slightly modified in hopes to increase the effectiveness of the page, based on user interface design standards. Well defined organization, accessibility, and usability in an LMS is essential to allow learners to focus to be on their curriculums, and not how to access their assignments. An in-depth analysis of navigation through an LMS will allow for a better understanding of how users interact with the structure of their curriculum in an electronic format. The study described in this paper intended to address the question of whether an LMS used in an elementary school setting can provide users with an interface that optimizes the accessibility and usability of their class materials. Article visualizations
Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild
Risk-based authentication (RBA) is an adaptive security measure to strengthen
password-based authentication. RBA monitors additional implicit features during
password entry such as device or geolocation information, and requests
additional authentication factors if a certain risk level is detected. RBA is
recommended by the NIST digital identity guidelines, is used by several large
online services, and offers protection against security risks such as password
database leaks, credential stuffing, insecure passwords and large-scale
guessing attacks. Despite its relevance, the procedures used by
RBA-instrumented online services are currently not disclosed. Consequently,
there is little scientific research about RBA, slowing down progress and deeper
understanding, making it harder for end users to understand the security
provided by the services they use and trust, and hindering the widespread
adoption of RBA.
In this paper, with a series of studies on eight popular online services, we
(i) analyze which features and combinations/classifiers are used and are useful
in practical instances, (ii) develop a framework and a methodology to measure
RBA in the wild, and (iii) survey and discuss the differences in the user
interface for RBA. Following this, our work provides a first deeper
understanding of practical RBA deployments and helps fostering further research
in this direction.Comment: 14 pages, 7 table
Online Document Tracking System
Online Document Tracking System (ODTS) is a web based system that enables
student from UTP to retrieve and view all previous final year projects of CIS
department. The system is developed in accordance to the Rapid Application
Development (RAD) method over the course of 14 weeks. Through the use of this
website, student could access the FYP documents anywhere regardless location.
Currently, the management archival of the final year projects are done by manual
means that involves physical storage. With the development of this web based
application, the department could take advantage of the automated system and saves a
substantial amount of time in archiving those documents.
The output of this project would to an extent, help and improve the business process
of storing and retrieving the final year projects documents, hence maximizing
productivity
Social Anchor: Privacy-Friendly Attribute Aggregation From Social Networks
In the last decade or so, we have experienced a tremendous proliferation and popularity of different Social Networks (SNs), resulting more and more user attributes being stored in such SNs. These attributes represent a valuable asset and many innovative online services are offered in exchange of such attributes. This particular phenomenon has allured these social networks to act as Identity Providers (IdPs). However, the current setting unnecessarily imposes a restriction: a user can only release attributes from one single IdP in a single session, thereby, limiting the user to aggregate attributes from multiple IdPs within the same session. In addition, our analysis suggests that the manner by which attributes are released from these SNs is extremely privacy-invasive and a user has very limited control to exercise her privacy during this process. In this article, we present Social Anchor, a system for attribute aggregation from social networks in a privacy-friendly fashion. Our proposed Social Anchor system effectively addresses both of these serious issues. Apart from the proposal, we have implemented Social Anchor following a set of security and privacy requirements. We have also examined the associated trust issues using a formal trust analysis model. Besides, we have presented a formal analysis of its protocols using a state-of-the-art formal analysis tool called AVISPA to ensure the security of Social Anchor. Finally, we have provided a performance analysis of Social Anchor
Web3 Ticket
he present work aims to make the transition from Web 2.0 to Web 3.0 in the ticket selling market. For this purpose, the use of Blockchain technology to implement the system
in question is justified, based on transparency, security, reduced costs, and traceability,
advantages that are taken into account when developing the system.
Non-Fungible Tokens (NFTs) will have a strong role in the task of defining the concept of
the project because it is the element that bridges the gap between the traditional and the
decentralized market, as they have similarities with tickets, such as uniqueness, for allowing
verification of identity and for guaranteeing to belong to an individual.
Research is also made of current knowledge about blockchain, of projects carried out in the
artistic area that took advantage of this technology, of the problems that can be encountered
in terms of security, and the justification for choosing one blockchain among others. Finally,
the added value that the project has in the market in which it fits is demonstrated, through
analytical processes to support decision-making, and the planning of experimentation of the
developed solution is carried out, following strategies of experiments and tests with the
target audiences.
The project can be considered a success, thanks to the successful development and imple mentation of the key requirements, as well as the positive evaluation provided by the users
who tested the applicationO presente trabalho tem como objetivo fazer a transição da Web 2.0 em Web 3.0 no mercado
da venda de bilhetes. Para o efeito é justificada a utilização da tecnologia Blockchain para
implementar o sistema em causa, tendo como base a transparência, a segurança, os custos
reduzidos e a rastreabilidade, vantagens que são tidas em conta ao desenvolver o sistema.
Os Non-Fungible Tokens (NFTs) terão um forte paper na definição do conceito do projeto
porque é o elemento que faz a ponte entre o mercado tradicional e o descentralizado,
por terem semelhanças com bilhetes, passes VIP (very important person), diplomas ou
certificados, tais como, a irrepetibilidade, por permitem a verificação de identidade e por
garantirem a pertença a um indivÃduo. Desta forma, com a utilização de NFTs, pode ser
armazenada informação relevante, como o assento a que o bilhete corresponde, é possÃvel
garantir que o bilhete pertence a uma pessoa especÃfica e é praticamente impossÃvel burlar
os compradores, salvo contacto direto com as private keys (PK) que geram o bilhete ou
negligência do comprador.
É também feito um levantamento do conhecimento atual sobre blockchain, dos projetos
realizados na área artÃstica que tiram proveito desta tecnologia, dos problemas que podem
ser encontrados a nÃvel de segurança e a justificação de escolha de uma blockchain entre
as outras. Por fim, é demonstrado o valor acrescentado que o projeto tem no mercado
em que se enquadra, através de processos analÃticos de apoio à tomada de decisão, e faz se um planeamento de experimentação da solução desenvolvida, seguindo estratégias de
questionários e testes com o público alvo.
O projeto pode ser considerado um sucesso, graças ao sucesso no desenvolvimento e im plementação dos principais requisitos, bem como à avaliação positiva dos utilizadores que
testaram a aplicação
- …