Lights, Camera, Action! Exploring Effects of Visual Distractions on Completion of Security Tasks

Human errors in performing security-critical tasks are typically blamed on the complexity of those tasks. However, such errors can also occur because of (possibly unexpected) sensory distractions. A sensory distraction that produces negative effects can be abused by the adversary that controls the environment. Meanwhile, a distraction with positive effects can be artificially introduced to improve user performance. The goal of this work is to explore the effects of visual stimuli on the performance of security-critical tasks. To this end, we experimented with a large number of subjects who were exposed to a range of unexpected visual stimuli while attempting to perform Bluetooth Pairing. Our results clearly demonstrate substantially increased task completion times and markedly lower task success rates. These negative effects are noteworthy, especially, when contrasted with prior results on audio distractions which had positive effects on performance of similar tasks. Experiments were conducted in a novel (fully automated and completely unattended) experimental environment. This yielded more uniform experiments, better scalability and significantly lower financial and logistical burdens. We discuss this experience, including benefits and limitations of the unattended automated experiment paradigm

A Proposal on End－User Network Security System To Visualize Packct Header Information

To improve security awareness of end-user, we designed and implemented the visualization system of packet header that represent the condition of network communication. We implemented our systems using Microsoft Visual Studio 2005 with Winpcap library and the development traffic, protocol and the time it captured a packet

CCBS – a method to maintain memorability, accuracy of password submission and the effective password space in click-based visual passwords

Text passwords are vulnerable to many security attacks due to a number of reasons such as the insecure practices of end users who select weak passwords to maintain their long term memory. As such, visual password (VP) solutions were developed to maintain the security and usability of user authentication in collaborative systems. This paper focuses on the challenges facing click-based visual password systems and proposes a novel method in response to them. For instance, Hotspots reveal a serious vulnerability. They occur because users are attracted to specific parts of an image and neglect other areas. Undertaking image analysis to identify these high probability areas can assist dictionary attacks. Another concern is that click-based systems do not guide users towards the correct click-point they are aiming to select. For instance, users might recall the correct spot or area but still fail to include their click within the tolerance distance around the original click-point which results in more incorrect password submissions. Nevertheless, the Passpoints study by Wiedenbeck et al., 2005 inspected the retention of their VP in comparison with text passwords over the long term. Despite being cued-recall the successful rate of their VP submission was not superior to text passwords as it decreased from 85% (the instant retention on the day of registration) to 55% after 2 weeks. This result was identical to that of the text password in the same experiment. The successful submission rates after 6 weeks were also 55% for both VP and text passwords. This paper addresses these issues, and then presents a novel method (CCBS) as a usable solution supported by an empirical proof. A user study is conducted and the results are evaluated against a comparative study

Implementation and Evaluation of Steganography based Online Voting

Though there are online voting systems available, the authors propose a new and secure steganography based E2E (end-to-end) verifiable online voting system, to tackle the problems in voting process. This research implements a novel approach to online voting by combining visual cryptography with image steganography to enhance system security without degrading system usability and performance. The voting system will also include password hashed-based scheme and threshold decryption scheme. The software is developed on web-based Java EE with the integration of MySQL database server and Glassfish as its application server. The authors assume that the election server used and the election authorities are trustworthy. A questionnaire survey of 30 representative participants was done to collect data to measure the user acceptance of the software developed through usability testing and user acceptance testing

Complex, but in a good way? How to represent encryption to non-experts through text and visuals – Evidence from expert co-creation and a vignette experiment

An ongoing discussion in the field of usable privacy and security debates whether security mechanisms should be visible to end-users during interactions with technology, or hidden away. This paper addresses this question using a mixed-methods approach, focusing on encryption as a mechanism for confidentiality during data transmission on a smartphone application. In study 1, we conducted a qualitative co-creation study with security and Human-Computer Interaction (HCI) experts (N = 9) to create appropriate textual and visual representations of the security mechanism encryption in data transmission. We investigated this question in two contexts: online banking and e-voting. In study 2, we put these ideas to the test by presenting these visual and textual representations to non-expert users in an online vignette experiment (N = 2180). We found a statistically significant and positive effect of the textual representation of encryption on perceived security and understanding, but not on user experience (UX). More complex text describing encryption resulted in higher perceived security and more accurate understanding. The visual representation of encryption had no statistically significant effect on perceived security, UX or understanding. Our study contributes to the larger discussion regarding visible instances of security and their impact on user perceptions

Renovation of information system

The thesis deals with the process of renovating and upgrading the existing information system of the Islamic Community in the Republic of Slovenia. It involves analysing, planning and developing the necessary changes in the system. To this end, the majority of work was performed using Microsoft Visual Studio 2010 and the C# programming language. Moreover, the thesis presents other tools, technologies and methods that contributed to the renovation and upgrading of the system. The Islamic Community opted for the renovation because they encountered difficulties in the existing system. They were also interested in raising the level of data security, add new functionalities and introduce a mobile application. The thesis provides a detailed insight into the first renovation phase, which includes the renovation of the system back-end and a section of system upgrade that is visible to the user

Renovation of information system

The thesis deals with the process of renovating and upgrading the existing information system of the Islamic Community in the Republic of Slovenia. It involves analysing, planning and developing the necessary changes in the system. To this end, the majority of work was performed using Microsoft Visual Studio 2010 and the C# programming language. Moreover, the thesis presents other tools, technologies and methods that contributed to the renovation and upgrading of the system. The Islamic Community opted for the renovation because they encountered difficulties in the existing system. They were also interested in raising the level of data security, add new functionalities and introduce a mobile application. The thesis provides a detailed insight into the first renovation phase, which includes the renovation of the system back-end and a section of system upgrade that is visible to the user