7 research outputs found
It is not about the design - it is about the content! Making warnings more efficient by communicating risks appropriately
Most studies in usable security research aim at a quantification of persons,
who â depending on the subject â fall for phishing, pass on their password, download
malicious software and so on. In contrast, little research is done to identify the reasons
for such insecure behavior. Within this paper, the result of a laboratory study is presented
in which participants were confronted with different certificate warnings. Those
warnings were presented when the participants tried to access different websites with
different criticality (online banking, online shopping, social networks and information
sites). Besides quantitative analyses of participants who were willing to use a websites
despite the warning, the main focus of this work is to identify reasons for their decision.
As a result of our study those risks are identified which were unacceptable for
most participants to take and thereby might help to prevent unsecure usage behavior
in the web by rewording warnings according to the perceived risks
Security Warning Life Cycle: Challenges and Panacea
Security warning is a very important aspect in computer security. Security warning is a form of message conveyed to inform user on the risk of allowing an application to run on the computer system. Security warning plays an important role in notify, warn and advise user about the potential result of an action beforehand. However, security warnings are often being ignored due to various reasons such as poor design of security warnings and too many technical terms used in security warnings. This research highlights insights into the discovery of problems and difficulties encountered by the users, approaches in improving security warnings and future direction of the security warning improvement process. We proposed to utilise the hybrid approach of iterative design and mental model in the effort to enhance the current implementation of security warning. Iterative design is a cyclic design process where prototyping, testing and refining are done repeatedly. A mental model is a personâs psychological representation of how they perceive and understand something. It is expected that this paper would benefit the researchers to comprehend approches and challenges to improve security warnings
Recommended from our members
Mobile App Installation: the Role of Precautions and Desensitization
The purpose of this research is to investigate precautions that consumers take before installing mobile apps and consumerâs potential desensitization to excessive app permission requests. Through a survey of 209 participants, a prediction model was created that attempts to predict whether respondents would download applications asking for excessive permissions. The model results indicate those that take more precautions are less likely to download apps requesting excessive permissions. However, the precautions taken by participants may be inadequate and may leave consumers with a false since of security. Another key finding with the support of Communication Theory and the C-HIP Model is that some consumers have become desensitized to excessive permission requests. These consumers knowingly install apps requesting excessive permissions for reasons such as nothing bad has happened to them before, they trust the market, or they really want the app. The security implications of permission desensitization and inadequate precautions are discussed
ErklĂ€rvideo âOnline-Betrugâ â Nach nur fĂŒnf Minuten Phishing E-Mails nachweislich signifikant besser erkennen
BetrĂŒger haben schon immer das Vertrauen von unvorsichtigen Personen ausgenutzt und versucht diese zu betrĂŒgen. Im Zeitalter der Computer wurden die Möglichkeiten der BetrĂŒger erweitert und sie können nun jede beliebige Person, die im Besitz einer E-Mail Adresse ist, zu ihrem Ziel machen. Die BetrĂŒger passen ihre Phishing-Nachrichten gezielt auf ihre Opfer an und verschleiern TĂ€uschung und Betrug so gut wie möglich. Daraus folgernd wird die Sensibilisierung der Nutzer in Bezug auf das Thema Phishing und die erfolgreiche Erkennung dessen von immer gröĂerer Wichtigkeit. Unsere bisher entwickelten Phishing Awareness-Programme adressieren bestehende Fehlannahmen und MissverstĂ€ndnisse bezĂŒglich Phishing und können gezielt dabei helfen, die Erkennung solcher Nachrichten zu verbessern. Der gröĂte Nachteil dieser Awareness-Programme stellt die dafĂŒr aufzuwendende Zeit dar. Deshalb haben wir ein Phishing Awareness Video entwickelt und evaluiert, welches in fĂŒnf Minuten ĂŒber das Thema Phishing informiert. Nach dem Ansehen des Videos konnten Probanden in unserer Untersuchung Phishing-Nachrichten signifikant zuverlĂ€ssiger erkennen (verglichen mit der Erkennung vor dem Ansehen des Videos). Diese FĂ€higkeit konnte auch nach einer achtwöchigen Pause in einer abschlieĂenden Befragung nachgewiesen werden
Contextualized Security Interventions in Password Transmission Scenarios
Usable security user studies as well as the number of successful attacks to end usersâ data and devices show that todayâs security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications â namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. 
ENHANCING USABILITY USING AUTOMATED SECURITY INTERFACE ADAPTATION (ASIA)
2 PUBLISHED CONFERENCE PROCEEDINGS PROVIDED IN APPENDIX E.Many users are now significantly dependent upon computer application. Whilst many aspects are now used very successfully, an area in which usability difficulties continue to be encountered is in relation to security. Thus can become particularly acute in situations where users are required to interact and make decisions, and a key context here is typically when they need to respond to security warnings.
The current implementation of security warnings can often be considered as an attempt to offer a one size fits all solution. However, it can be argued that many implementations are still lacking the ability to provide meaningful and effective warnings. As such, this research focuses upon achieving a better understanding of the elements that aid end-users in comprehending the warnings, the difficulties with the current approaches, and the resulting requirements in order to improve the design and implementation of such security dialogues.
In the early stage of research, a survey was undertaken to investigate perceptions of security dialogues in practice, with a specific focus upon security warnings issued within web browsers. This provided empirical evidence of end-usersâ experiences, and revealed notable difficulties in terms of their understanding and interpretation of the security interactions.
Building upon this, the follow-up research investigated understanding of application level security warnings in wider contexts, looking firstly at usersâ interpretation of what constitutes a security warning and then at their level of comprehension when related warnings occurred. These results confirmed the need to improve the dialogues so that the end-users are able to act appropriately, and consequently promoted the design and prototype implementation of a novel architecture to improve security warnings, which has been titled Automated Security Interface Adaptation (ASIA).
The ASIA approach aims to improve security warnings by tailoring the interaction more closely to individual user needs. By automatically adapting the presentation to match each userâs understanding and preferences, security warnings can be modified in ways that enable users to better comprehend them, and thus make more informed security decisions and choices.
A comparison of the ASIA-adapted interfaces compared to standard versions of warnings revealed that the modified versions were better understood. As such, the ASIA approach has significant potential to assist (and thereby protect) the end-user community in their future interactions with security.UNIVERSITY SAINS MALAYSIA (USM), MINISTRY OF HIGHER EDUCATION MALAYSIA(MOHE