Exploring Interface Sign Ontologies for Web User Interface Design and Evaluation: A User Study

Part 2: Organizational Semiotics and ApplicationsInternational audienceThe aim of this paper is twofold: firstly, to find the set of ontologies (i.e., the set of concepts and skills) presupposed by users when interpreting the meaning of web interface signs (i.e., the smallest elements of web user interfaces), and secondly, to investigate users’ difficulties in interpreting the meanings of interface signs belonging to different kinds of ontologies. In order to achieve these aims an empirical user study was conducted with 26 test participants. The study data was gathered by semi-structured interviews and questionnaires. Following an empirical research approach, descriptive statistics and qualitative data analysis were used to analyze the data. The study results provide a total of twelve ontologies and reveal the users’ difficulties in interpreting the meanings of interface signs belonging to different kinds of ontologies

"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication

Usable and secure authentication on the web and beyond is mission-critical. While password-based authentication is still widespread, users have trouble dealing with potentially hundreds of online accounts and their passwords. Alternatives or extensions such as multi-factor authentication have their own challenges and find only limited adoption. Finding the right balance between security and usability is challenging for developers. Previous work found that developers use online resources to inform security decisions when writing code. Similar to other areas, lots of authentication advice for developers is available online, including blog posts, discussions on Stack Overflow, research papers, or guidelines by institutions like OWASP or NIST. We are the first to explore developer advice on authentication that affects usable security for end-users. Based on a survey with 18 professional web developers, we obtained 406 documents and qualitatively analyzed 272 contained pieces of advice in depth. We aim to understand the accessibility and quality of online advice and provide insights into how online advice might contribute to (in)secure and (un)usable authentication. We find that advice is scattered and that finding recommendable, consistent advice is a challenge for developers, among others. The most common advice is for password-based authentication, but little for more modern alternatives. Unfortunately, many pieces of advice are debatable (e.g., complex password policies), outdated (e.g., enforcing regular password changes), or contradicting and might lead to unusable or insecure authentication. Based on our findings, we make recommendations for developers, advice providers, official institutions, and academia on how to improve online advice for developers.Comment: Extended version of the paper that appears at ACM CCS 2023. 18 pages, 4 figures, 11 table

Zero-Knowledge User Authentication: An Old Idea Whose Time Has Come

User authentication can rely on various factors (e.g., a password, a cryptographic key, biometric data) but should not reveal any secret or private information. This seemingly paradoxical feat can be achieved through zero-knowledge proofs. Unfortunately, naive password-based approaches still prevail on the web. Multi-factor authentication schemes address some of the weaknesses of the traditional login process, but generally have deployability issues or degrade usability even further as they assume users do not possess adequate hardware. This assumption no longer holds: smartphones with biometric sensors, cameras, short-range communication capabilities, and unlimited data plans have become ubiquitous. In this paper, we show that, assuming the user has such a device, both security and usability can be drastically improved using an augmented password-authenticated key agreement (PAKE) protocol and message authentication codes.Comment: International Workshop on Security Protocols (SPW) 201

THE EYES HAVE IT: USING EYE TRACKING TECHNOLOGY TO ASSESS THE USABILITY OF LEARNING MANAGEMENT SYSTEMS IN ELEMENTARY SCHOOLS

Twenty-six students from a sixth grade math class in Upstate New York received guardian approval to participate in a study that gathered data pertaining to student navigation ability, information retrieval ability, and satisfaction in regards to the Learning Management System (LMS) their school utilized. Data collection began with the researchers attending math classes for observation and to conduct cognitive walkthroughs with the students to gather information about their experiences and navigation through the LMS. An eye tracker and the associated eye tracking software were utilized to monitor and detect patterns of eye movements when the students were looking at a device screen. For this study, students were monitored by the eye tracker while they attempted to complete several tasks from the experiment. By measuring the length of time taken by students as they completed tasks on the LMS, quantitative data can be collected and used later in the experiment. After analyzing the time metrics and the eye tracking data produced and feedback given on the questionnaire distributed at the beginning of the experiment, a targeted LMS page was slightly modified in hopes to increase the effectiveness of the page, based on user interface design standards. Well defined organization, accessibility, and usability in an LMS is essential to allow learners to focus to be on their curriculums, and not how to access their assignments. An in-depth analysis of navigation through an LMS will allow for a better understanding of how users interact with the structure of their curriculum in an electronic format. The study described in this paper intended to address the question of whether an LMS used in an elementary school setting can provide users with an interface that optimizes the accessibility and usability of their class materials

THE EYES HAVE IT: USING EYE TRACKING TECHNOLOGY TO ASSESS THE USABILITY OF LEARNING MANAGEMENT SYSTEMS IN ELEMENTARY SCHOOLS

Twenty-six students from a sixth grade math class in Upstate New York received guardian approval to participate in a study that gathered data pertaining to student navigation ability, information retrieval ability, and satisfaction in regards to the Learning Management System (LMS) their school utilized. Data collection began with the researchers attending math classes for observation and to conduct cognitive walkthroughs with the students to gather information about their experiences and navigation through the LMS. An eye tracker and the associated eye tracking software were utilized to monitor and detect patterns of eye movements when the students were looking at a device screen. For this study, students were monitored by the eye tracker while they attempted to complete several tasks from the experiment. By measuring the length of time taken by students as they completed tasks on the LMS, quantitative data can be collected and used later in the experiment. After analyzing the time metrics and the eye tracking data produced and feedback given on the questionnaire distributed at the beginning of the experiment, a targeted LMS page was slightly modified in hopes to increase the effectiveness of the page, based on user interface design standards.  Well defined organization, accessibility, and usability in an LMS is essential to allow learners to focus to be on their curriculums, and not how to access their assignments. An in-depth analysis of navigation through an LMS will allow for a better understanding of how users interact with the structure of their curriculum in an electronic format. The study described in this paper intended to address the question of whether an LMS used in an elementary school setting can provide users with an interface that optimizes the accessibility and usability of their class materials.  Article visualizations

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional authentication factors if a certain risk level is detected. RBA is recommended by the NIST digital identity guidelines, is used by several large online services, and offers protection against security risks such as password database leaks, credential stuffing, insecure passwords and large-scale guessing attacks. Despite its relevance, the procedures used by RBA-instrumented online services are currently not disclosed. Consequently, there is little scientific research about RBA, slowing down progress and deeper understanding, making it harder for end users to understand the security provided by the services they use and trust, and hindering the widespread adoption of RBA. In this paper, with a series of studies on eight popular online services, we (i) analyze which features and combinations/classifiers are used and are useful in practical instances, (ii) develop a framework and a methodology to measure RBA in the wild, and (iii) survey and discuss the differences in the user interface for RBA. Following this, our work provides a first deeper understanding of practical RBA deployments and helps fostering further research in this direction.Comment: 14 pages, 7 table

Online Document Tracking System

Online Document Tracking System (ODTS) is a web based system that enables student from UTP to retrieve and view all previous final year projects of CIS department. The system is developed in accordance to the Rapid Application Development (RAD) method over the course of 14 weeks. Through the use of this website, student could access the FYP documents anywhere regardless location. Currently, the management archival of the final year projects are done by manual means that involves physical storage. With the development of this web based application, the department could take advantage of the automated system and saves a substantial amount of time in archiving those documents. The output of this project would to an extent, help and improve the business process of storing and retrieving the final year projects documents, hence maximizing productivity

Social Anchor: Privacy-Friendly Attribute Aggregation From Social Networks

In the last decade or so, we have experienced a tremendous proliferation and popularity of different Social Networks (SNs), resulting more and more user attributes being stored in such SNs. These attributes represent a valuable asset and many innovative online services are offered in exchange of such attributes. This particular phenomenon has allured these social networks to act as Identity Providers (IdPs). However, the current setting unnecessarily imposes a restriction: a user can only release attributes from one single IdP in a single session, thereby, limiting the user to aggregate attributes from multiple IdPs within the same session. In addition, our analysis suggests that the manner by which attributes are released from these SNs is extremely privacy-invasive and a user has very limited control to exercise her privacy during this process. In this article, we present Social Anchor, a system for attribute aggregation from social networks in a privacy-friendly fashion. Our proposed Social Anchor system effectively addresses both of these serious issues. Apart from the proposal, we have implemented Social Anchor following a set of security and privacy requirements. We have also examined the associated trust issues using a formal trust analysis model. Besides, we have presented a formal analysis of its protocols using a state-of-the-art formal analysis tool called AVISPA to ensure the security of Social Anchor. Finally, we have provided a performance analysis of Social Anchor

Web3 Ticket

he present work aims to make the transition from Web 2.0 to Web 3.0 in the ticket selling market. For this purpose, the use of Blockchain technology to implement the system in question is justified, based on transparency, security, reduced costs, and traceability, advantages that are taken into account when developing the system. Non-Fungible Tokens (NFTs) will have a strong role in the task of defining the concept of the project because it is the element that bridges the gap between the traditional and the decentralized market, as they have similarities with tickets, such as uniqueness, for allowing verification of identity and for guaranteeing to belong to an individual. Research is also made of current knowledge about blockchain, of projects carried out in the artistic area that took advantage of this technology, of the problems that can be encountered in terms of security, and the justification for choosing one blockchain among others. Finally, the added value that the project has in the market in which it fits is demonstrated, through analytical processes to support decision-making, and the planning of experimentation of the developed solution is carried out, following strategies of experiments and tests with the target audiences. The project can be considered a success, thanks to the successful development and imple mentation of the key requirements, as well as the positive evaluation provided by the users who tested the applicationO presente trabalho tem como objetivo fazer a transição da Web 2.0 em Web 3.0 no mercado da venda de bilhetes. Para o efeito é justificada a utilização da tecnologia Blockchain para implementar o sistema em causa, tendo como base a transparência, a segurança, os custos reduzidos e a rastreabilidade, vantagens que são tidas em conta ao desenvolver o sistema. Os Non-Fungible Tokens (NFTs) terão um forte paper na definição do conceito do projeto porque é o elemento que faz a ponte entre o mercado tradicional e o descentralizado, por terem semelhanças com bilhetes, passes VIP (very important person), diplomas ou certificados, tais como, a irrepetibilidade, por permitem a verificação de identidade e por garantirem a pertença a um indivíduo. Desta forma, com a utilização de NFTs, pode ser armazenada informação relevante, como o assento a que o bilhete corresponde, é possível garantir que o bilhete pertence a uma pessoa específica e é praticamente impossível burlar os compradores, salvo contacto direto com as private keys (PK) que geram o bilhete ou negligência do comprador. É também feito um levantamento do conhecimento atual sobre blockchain, dos projetos realizados na área artística que tiram proveito desta tecnologia, dos problemas que podem ser encontrados a nível de segurança e a justificação de escolha de uma blockchain entre as outras. Por fim, é demonstrado o valor acrescentado que o projeto tem no mercado em que se enquadra, através de processos analíticos de apoio à tomada de decisão, e faz se um planeamento de experimentação da solução desenvolvida, seguindo estratégias de questionários e testes com o público alvo. O projeto pode ser considerado um sucesso, graças ao sucesso no desenvolvimento e im plementação dos principais requisitos, bem como à avaliação positiva dos utilizadores que testaram a aplicação