An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior. I begin my analysis by conducting the first security evaluation of the full password manager lifecycle (generation, storage, and autofill) on desktop devices, including the creation and analysis of a corpus of 147 million generated passwords. My results show that a small percentage of generated passwords are weak against both online and offline attacks, and that attacks against autofill mechanisms are still possible in modern managers. Next, I present a comparative analysis of autofill frameworks on iOS and Android. I find that these frameworks fail to properly verify webpage security and identify a new class of phishing attacks enabled by incorrect handling of autofill within WebView controls hosted in apps. Finally, I interview users of third-party password managers to understand both how and why they use their managers as they do. I find evidence that many users leverage multiple password managers to address issues with existing managers, as well as provide explanations for why password reuse continues even in the presence of a password manager. Based on these results, I conclude with recommendations addressing the attacks and usability issues identified in this work

Evaluating readability as a factor in information security policies

This thesis was previously held under moratorium from 26/11/19 to 26/11/21Policies should be treated as rules or principles that individuals can readily comprehend and follow as a pre-requisite to any organisational requirement to obey and enact regulations. This dissertation attempts to highlight one of the important factors to consider before issuing any policy that staff members are required to follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. Researchers have designed a number of software readability metrics that evaluate how difficult a passage is to comprehend; yet, little is known about the impact of readability on the interpretation of information security policies and whether analysis of readability may prove to be a useful insight. This thesis describes the first study to investigate the feasibility of applying readability metrics as an indicator of policy comprehensibility through a mixed methods approach, with the formulation and implementation of a seven phase sequential exploratory fully mixed methods design. Each one was established in light of the outcomes from the previous phase. The methodological approach of this research study is one of the distinguishing characteristics reported in the thesis, which was as follows: * eight policies were selected (from a combination of academia and industry sector institutes); * specialists were requested their insights on key policy elements; * focus group interviews were conducted; * comprehension tests were developed (Cloze tests); * a pilot study of comprehension tests was organised (preceded by a small-scale test); * a main study of comprehension tests was performed with 600 participants and reduce that for validation to 396; * a comparison was made of comprehension results against readability metrics. The results reveal that the traditional readability metrics are ineffective in predicting human estimation. Nevertheless, readability, as measured using a bespoke readability metric, may yield useful insight upon the likely difficulty that end-users may face in comprehending a written text. Thereby, our study aims to provide an effective approach to enhancing the comprehensibility of information security policies and afford a facility for future research in this area. The research contributes to our understanding of readability in general and offering an optimal technique to measure the readability in particular. We recommend immediate corrective actions to enhance the ease of comprehension for information security policies. In part, this may reduce instances where users avoid fully reading the information security policies, and may also increase the likelihood of user compliance. We suggest that the application of appropriately selected readability assessment may assist policy makers to test their draft policies for ease of comprehension before policy release. Indeed, there may be grounds for a readability compliance test that future information security policies must satisfy.Policies should be treated as rules or principles that individuals can readily comprehend and follow as a pre-requisite to any organisational requirement to obey and enact regulations. This dissertation attempts to highlight one of the important factors to consider before issuing any policy that staff members are required to follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. Researchers have designed a number of software readability metrics that evaluate how difficult a passage is to comprehend; yet, little is known about the impact of readability on the interpretation of information security policies and whether analysis of readability may prove to be a useful insight. This thesis describes the first study to investigate the feasibility of applying readability metrics as an indicator of policy comprehensibility through a mixed methods approach, with the formulation and implementation of a seven phase sequential exploratory fully mixed methods design. Each one was established in light of the outcomes from the previous phase. The methodological approach of this research study is one of the distinguishing characteristics reported in the thesis, which was as follows: * eight policies were selected (from a combination of academia and industry sector institutes); * specialists were requested their insights on key policy elements; * focus group interviews were conducted; * comprehension tests were developed (Cloze tests); * a pilot study of comprehension tests was organised (preceded by a small-scale test); * a main study of comprehension tests was performed with 600 participants and reduce that for validation to 396; * a comparison was made of comprehension results against readability metrics. The results reveal that the traditional readability metrics are ineffective in predicting human estimation. Nevertheless, readability, as measured using a bespoke readability metric, may yield useful insight upon the likely difficulty that end-users may face in comprehending a written text. Thereby, our study aims to provide an effective approach to enhancing the comprehensibility of information security policies and afford a facility for future research in this area. The research contributes to our understanding of readability in general and offering an optimal technique to measure the readability in particular. We recommend immediate corrective actions to enhance the ease of comprehension for information security policies. In part, this may reduce instances where users avoid fully reading the information security policies, and may also increase the likelihood of user compliance. We suggest that the application of appropriately selected readability assessment may assist policy makers to test their draft policies for ease of comprehension before policy release. Indeed, there may be grounds for a readability compliance test that future information security policies must satisfy

Exploiting autobiographical memory for fallback authentication on smartphones

Smartphones have advanced from simple communication devices to multipurpose devices that capture almost every single moment in our daily lives and thus contain sensitive data like photos or contact information. In order to protect this data, users can choose from a variety of authentication schemes. However, what happens if one of these schemes fails, for example, when users are not able to provide the correct password within a limited number of attempts? So far, situations like this have been neglected by the usable security and privacy community that mainly focuses on primary authentication schemes. But fallback authentication is comparably important to enable users to regain access to their devices (and data) in case of lockouts. In theory, any scheme for primary authentication on smartphones could also be used as fallback solution. In practice, fallback authentication happens less frequently and imposes different requirements and challenges on its design. The aim of this work is to understand and address these challenges. We investigate the oc- currences of fallback authentication on smartphones in real life in order to grasp the charac- teristics that fallback authentication conveys. We also get deeper insights into the difficulties that users have to cope with during lockout situations. In combination with the knowledge from previous research, these insights are valuable to provide a detailed definition of fall- back authentication that has been missing so far. The definition covers usability and security characteristics and depicts the differences to primary authentication. Furthermore, we explore the potential of autobiographical memory, a part of the human memory that relates to personal experiences of the past, for the design of alternative fall- back schemes to overcome the well-known memorability issues of current solutions. We present the design and evaluation of two static approaches that are based on the memory of locations and special drawings. We also cover three dynamic approaches that relate to re- cent smartphone activities, icon arrangements and installed apps. This series of work allows us to analyze the suitability of different types of memories for fallback authentication. It also helps us to extend the definition of fallback authentication by identifying factors that influence the quality of fallback schemes. The main contributions of this thesis can be summarized as follows: First, it gives essen- tial insights into the relevance, frequency and problems of fallback authentication on smart- phones in real life. Second, it provides a clear definition of fallback authentication to classify authentication schemes based on usability and security properties. Third, it shows example implementations and evaluations of static and dynamic fallback schemes that are based on different autobiographical memories. Finally, it discusses the advantages and disadvantages of these memories and gives recommendations for their design, evaluation and analysis in the context of fallback authentication.Aus vormals einfachen Kommunikationsgeräten haben sich Smartphones inzwischen zu Multifunktionsgeräten weiterentwickelt, die fast jeden einzelnen Moment in unserem Alltag verfolgen und aufzeichnen. So ist es nicht verwunderlich, dass diese Geräte auch viele sen- sible Daten beinhalten, wie zum Beispiel Fotos oder Kontaktinformationen. Um diese Daten zu schützen, können Smartphone-Nutzer aus einer Vielzahl von Authentifizierungsverfahren auswählen. Doch was passiert, wenn eines dieser Verfahren versagt, zum Beispiel wenn Nutzer nicht in der Lage sind ihr korrektes Passwort innerhalb einer begrenzten Anzahl von Versuchen einzugeben? Derartige Fragen wurden bislang von der Usable Security und Privacy Gemeinschaft vernachlässigt, deren Augenmerk vielmehr auf dem Forschungsfeld der primären Authentifizierung gerichtet war. Jedoch ist das Gebiet der Fallback-Authentifizierung von vergleichbarer Bedeutung, um Nutzern die Möglichkeit zu bieten, wieder Zugang zu ihren Daten und Geräten zu erlangen, wenn sie sich aussperren. Im Prinzip kann jedes primäre Authentifizierungsverfahren auch für die Fallback-Authentifizierung eingesetzt werden. Da letzteres in der Praxis jedoch viel seltener passiert, bringt der Entwurf neuer Verfahren für die Fallback-Authentifizierung neue Anforderungen und Herausforderungen mit sich. Ziel dieser Arbeit ist es, diese Herausforderungen zu verstehen und herauszuarbeiten. Dazu haben wir untersucht, wie häufig sich Smartphone-Nutzer im Alltag aussperren, um darauf basierend die Hauptanforderungen für den Entwurf von Verfahren zur Fallback-Authentifizierung herzuleiten. Zudem konnten wir durch die Untersuchung ein tieferes Verständnis für die Probleme der Nutzer in solchen Situationen entwickeln. Zusammen mit den Erkenntnissen aus verwandten Arbeiten ermöglichten die Ergebnisse der Untersuchung eine detaillierte Definition für den Begriff der Fallback-Authentifizierung bereitzustellen und unter Berücksichtigung von Faktoren der Nutzerfreundlichkeit und Sicherheit deren Unterschiede zur primären Authentifizierung hervorzuheben. Zudem haben wir die Möglichkeiten des autobiographischen Gedächtnisses für den Entwurf alternativer Verfahren zu Fallback-Authentifizierung exploriert. Das autobiographische Gedächtnis ist ein Teil des menschlichen Gehirns und besteht aus persönlichen Erinnerungen der Vergangenheit. Durch den persönlichen Bezug erscheinen diese Erinnerungen vielversprechend, um die Probleme bekannter Verfahren zu überwinden. Im Rahmen dieser Arbeit stellen wir deshalb zwei statische und drei dynamische Verfahren zur Fallback-Authentifizierung vor, die sich auf autobiographischen Erinnerungen stützen. Während sich die statischen Verfahren auf ortsbezogene Erinnerungen und das Anfertigen spezieller Zeichnungen konzentrieren, basieren die dynamischen Verfahren auf Erinnerungen der nahen Vergangenheit (z. B. Aktivitäten auf dem Smartphone, Anordnung von Anwendungen oder de- ren Installation). Die vorgestellten Konzepte erlauben nicht nur das Potential verschiedener autobiographischer Erinnerungen zu analysieren, sondern ermöglichen es auch Faktoren zu identifizieren, die einen Einfluss auf die Qualität der vorgestellten Konzepte haben und somit nützlich sind, um die Definition der Fallback-Authentifizierung zu erweitern. Zusammenfassung Der wissenschaftliche Beitrag dieser Arbeit lässt sich wie folgt zusammenfassen: (1) Die Arbeit gibt einen wichtigen Einblick in die Relevanz, Häufigkeit und Probleme der Fallback-Authentifizierung im Alltag der Nutzer. (2) Sie stellt eine klare Definition für den Begriff der Fallback-Authentifizierung bereit, um Authentifizierungssysteme anhand verschiedener Eigenschaften wie Nutzerfreundlichkeit und Sicherheit zu klassifizieren. (3) Sie diskutiert die Vor- und Nachteile verschiedener autobiographischer Erinnerungen anhand von Beispielimplementierungen und gibt darauf basierend Empfehlungen zu deren Nutzung und Evaluierung im Kontext der Fallback-Authentifizierung

Web-based Secure Application Control

The world wide web today serves as a distributed application platform. Its origins, however, go back to a simple delivery network for static hypertexts. The legacy from these days can still be observed in the communication protocol used by increasingly sophisticated clients and applications. This thesis identifies the actual security requirements of modern web applications and shows that HTTP does not fit them: user and application authentication, message integrity and confidentiality, control-flow integrity, and application-to-application authorization. We explore the other protocols in the web stack and work out why they can not fill the gap. Our analysis shows that the underlying problem is the connectionless property of HTTP. However, history shows that a fresh start with web communication is far from realistic. As a consequence, we come up with approaches that contribute to meet the identified requirements. We first present impersonation attack vectors that begin before the actual user authentication, i.e. when secure web interaction and authentication seem to be unnecessary. Session fixation attacks exploit a responsibility mismatch between the web developer and the used web application framework. We describe and compare three countermeasures on different implementation levels: on the source code level, on the framework level, and on the network level as a reverse proxy. Then, we explain how the authentication credentials that are transmitted for the user login, i.e. the password, and for session tracking, i.e. the session cookie, can be complemented by browser-stored and user-based secrets respectively. This way, an attacker can not hijack user accounts only by phishing the user's password because an additional browser-based secret is required for login. Also, the class of well-known session hijacking attacks is mitigated because a secret only known by the user must be provided in order to perform critical actions. In the next step, we explore alternative approaches to static authentication credentials. Our approach implements a trusted UI and a mutually authenticated session using signatures as a means to authenticate requests. This way, it establishes a trusted path between the user and the web application without exchanging reusable authentication credentials. As a downside, this approach requires support on the client side and on the server side in order to provide maximum protection. Another approach avoids client-side support but can not implement a trusted UI and is thus susceptible to phishing and clickjacking attacks. Our approaches described so far increase the security level of all web communication at all time. This is why we investigate adaptive security policies that fit the actual risk instead of permanently restricting all kinds of communication including non-critical requests. We develop a smart browser extension that detects when the user is authenticated on a website meaning that she can be impersonated because all requests carry her identity proof. Uncritical communication, however, is released from restrictions to enable all intended web features. Finally, we focus on attacks targeting a web application's control-flow integrity. We explain them thoroughly, check whether current web application frameworks provide means for protection, and implement two approaches to protect web applications: The first approach is an extension for a web application framework and provides protection based on its configuration by checking all requests for policy conformity. The second approach generates its own policies ad hoc based on the observed web traffic and assuming that regular users only click on links and buttons and fill forms but do not craft requests to protected resources.Das heutige World Wide Web ist eine verteilte Plattform für Anwendungen aller Art: von einfachen Webseiten über Online Banking, E-Mail, multimediale Unterhaltung bis hin zu intelligenten vernetzten Häusern und Städten. Seine Ursprünge liegen allerdings in einem einfachen Netzwerk zur Übermittlung statischer Inhalte auf der Basis von Hypertexten. Diese Ursprünge lassen sich noch immer im verwendeten Kommunikationsprotokoll HTTP identifizieren. In dieser Arbeit untersuchen wir die Sicherheitsanforderungen moderner Web-Anwendungen und zeigen, dass HTTP diese Anforderungen nicht erfüllen kann. Zu diesen Anforderungen gehören die Authentifikation von Benutzern und Anwendungen, die Integrität und Vertraulichkeit von Nachrichten, Kontrollflussintegrität und die gegenseitige Autorisierung von Anwendungen. Wir untersuchen die Web-Protokolle auf den unteren Netzwerk-Schichten und zeigen, dass auch sie nicht die Sicherheitsanforderungen erfüllen können. Unsere Analyse zeigt, dass das grundlegende Problem in der Verbindungslosigkeit von HTTP zu finden ist. Allerdings hat die Geschichte gezeigt, dass ein Neustart mit einem verbesserten Protokoll keine Option für ein gewachsenes System wie das World Wide Web ist. Aus diesem Grund beschäftigt sich diese Arbeit mit unseren Beiträgen zu sicherer Web-Kommunikation auf der Basis des existierenden verbindungslosen HTTP. Wir beginnen mit der Beschreibung von Session Fixation-Angriffen, die bereits vor der eigentlichen Anmeldung des Benutzers an der Web-Anwendung beginnen und im Erfolgsfall die temporäre Übernahme des Benutzerkontos erlauben. Wir präsentieren drei Gegenmaßnahmen, die je nach Eingriffsmöglichkeiten in die Web-Anwendung umgesetzt werden können. Als nächstes gehen wir auf das Problem ein, dass Zugangsdaten im WWW sowohl zwischen den Teilnehmern zu Authentifikationszwecken kommuniziert werden als auch für jeden, der Kenntnis dieser Daten erlangt, wiederverwendbar sind. Unsere Ansätze binden das Benutzerpasswort an ein im Browser gespeichertes Authentifikationsmerkmal und das sog. Session-Cookie an ein Geheimnis, das nur dem Benutzer und der Web-Anwendung bekannt ist. Auf diese Weise kann ein Angreifer weder ein gestohlenes Passwort noch ein Session-Cookie allein zum Zugriff auf das Benutzerkonto verwenden. Darauffolgend beschreiben wir ein Authentifikationsprotokoll, das vollständig auf die Übermittlung geheimer Zugangsdaten verzichtet. Unser Ansatz implementiert eine vertrauenswürdige Benutzeroberfläche und wirkt so gegen die Manipulation derselben in herkömmlichen Browsern. Während die bisherigen Ansätze die Sicherheit jeglicher Web-Kommunikation erhöhen, widmen wir uns der Frage, inwiefern ein intelligenter Browser den Benutzer - wenn nötig - vor Angriffen bewahren kann und - wenn möglich - eine ungehinderte Kommunikation ermöglichen kann. Damit trägt unser Ansatz zur Akzeptanz von Sicherheitslösungen bei, die ansonsten regelmäßig als lästige Einschränkungen empfunden werden. Schließlich legen wir den Fokus auf die Kontrollflussintegrität von Web-Anwendungen. Bösartige Benutzer können den Zustand von Anwendungen durch speziell präparierte Folgen von Anfragen in ihrem Sinne manipulieren. Unsere Ansätze filtern Benutzeranfragen, die von der Anwendung nicht erwartet wurden, und lassen nur solche Anfragen passieren, die von der Anwendung ordnungsgemäß verarbeitet werden können

Exploiting autobiographical memory for fallback authentication on smartphones

Smartphones have advanced from simple communication devices to multipurpose devices that capture almost every single moment in our daily lives and thus contain sensitive data like photos or contact information. In order to protect this data, users can choose from a variety of authentication schemes. However, what happens if one of these schemes fails, for example, when users are not able to provide the correct password within a limited number of attempts? So far, situations like this have been neglected by the usable security and privacy community that mainly focuses on primary authentication schemes. But fallback authentication is comparably important to enable users to regain access to their devices (and data) in case of lockouts. In theory, any scheme for primary authentication on smartphones could also be used as fallback solution. In practice, fallback authentication happens less frequently and imposes different requirements and challenges on its design. The aim of this work is to understand and address these challenges. We investigate the oc- currences of fallback authentication on smartphones in real life in order to grasp the charac- teristics that fallback authentication conveys. We also get deeper insights into the difficulties that users have to cope with during lockout situations. In combination with the knowledge from previous research, these insights are valuable to provide a detailed definition of fall- back authentication that has been missing so far. The definition covers usability and security characteristics and depicts the differences to primary authentication. Furthermore, we explore the potential of autobiographical memory, a part of the human memory that relates to personal experiences of the past, for the design of alternative fall- back schemes to overcome the well-known memorability issues of current solutions. We present the design and evaluation of two static approaches that are based on the memory of locations and special drawings. We also cover three dynamic approaches that relate to re- cent smartphone activities, icon arrangements and installed apps. This series of work allows us to analyze the suitability of different types of memories for fallback authentication. It also helps us to extend the definition of fallback authentication by identifying factors that influence the quality of fallback schemes. The main contributions of this thesis can be summarized as follows: First, it gives essen- tial insights into the relevance, frequency and problems of fallback authentication on smart- phones in real life. Second, it provides a clear definition of fallback authentication to classify authentication schemes based on usability and security properties. Third, it shows example implementations and evaluations of static and dynamic fallback schemes that are based on different autobiographical memories. Finally, it discusses the advantages and disadvantages of these memories and gives recommendations for their design, evaluation and analysis in the context of fallback authentication.Aus vormals einfachen Kommunikationsgeräten haben sich Smartphones inzwischen zu Multifunktionsgeräten weiterentwickelt, die fast jeden einzelnen Moment in unserem Alltag verfolgen und aufzeichnen. So ist es nicht verwunderlich, dass diese Geräte auch viele sen- sible Daten beinhalten, wie zum Beispiel Fotos oder Kontaktinformationen. Um diese Daten zu schützen, können Smartphone-Nutzer aus einer Vielzahl von Authentifizierungsverfahren auswählen. Doch was passiert, wenn eines dieser Verfahren versagt, zum Beispiel wenn Nutzer nicht in der Lage sind ihr korrektes Passwort innerhalb einer begrenzten Anzahl von Versuchen einzugeben? Derartige Fragen wurden bislang von der Usable Security und Privacy Gemeinschaft vernachlässigt, deren Augenmerk vielmehr auf dem Forschungsfeld der primären Authentifizierung gerichtet war. Jedoch ist das Gebiet der Fallback-Authentifizierung von vergleichbarer Bedeutung, um Nutzern die Möglichkeit zu bieten, wieder Zugang zu ihren Daten und Geräten zu erlangen, wenn sie sich aussperren. Im Prinzip kann jedes primäre Authentifizierungsverfahren auch für die Fallback-Authentifizierung eingesetzt werden. Da letzteres in der Praxis jedoch viel seltener passiert, bringt der Entwurf neuer Verfahren für die Fallback-Authentifizierung neue Anforderungen und Herausforderungen mit sich. Ziel dieser Arbeit ist es, diese Herausforderungen zu verstehen und herauszuarbeiten. Dazu haben wir untersucht, wie häufig sich Smartphone-Nutzer im Alltag aussperren, um darauf basierend die Hauptanforderungen für den Entwurf von Verfahren zur Fallback-Authentifizierung herzuleiten. Zudem konnten wir durch die Untersuchung ein tieferes Verständnis für die Probleme der Nutzer in solchen Situationen entwickeln. Zusammen mit den Erkenntnissen aus verwandten Arbeiten ermöglichten die Ergebnisse der Untersuchung eine detaillierte Definition für den Begriff der Fallback-Authentifizierung bereitzustellen und unter Berücksichtigung von Faktoren der Nutzerfreundlichkeit und Sicherheit deren Unterschiede zur primären Authentifizierung hervorzuheben. Zudem haben wir die Möglichkeiten des autobiographischen Gedächtnisses für den Entwurf alternativer Verfahren zu Fallback-Authentifizierung exploriert. Das autobiographische Gedächtnis ist ein Teil des menschlichen Gehirns und besteht aus persönlichen Erinnerungen der Vergangenheit. Durch den persönlichen Bezug erscheinen diese Erinnerungen vielversprechend, um die Probleme bekannter Verfahren zu überwinden. Im Rahmen dieser Arbeit stellen wir deshalb zwei statische und drei dynamische Verfahren zur Fallback-Authentifizierung vor, die sich auf autobiographischen Erinnerungen stützen. Während sich die statischen Verfahren auf ortsbezogene Erinnerungen und das Anfertigen spezieller Zeichnungen konzentrieren, basieren die dynamischen Verfahren auf Erinnerungen der nahen Vergangenheit (z. B. Aktivitäten auf dem Smartphone, Anordnung von Anwendungen oder de- ren Installation). Die vorgestellten Konzepte erlauben nicht nur das Potential verschiedener autobiographischer Erinnerungen zu analysieren, sondern ermöglichen es auch Faktoren zu identifizieren, die einen Einfluss auf die Qualität der vorgestellten Konzepte haben und somit nützlich sind, um die Definition der Fallback-Authentifizierung zu erweitern. Zusammenfassung Der wissenschaftliche Beitrag dieser Arbeit lässt sich wie folgt zusammenfassen: (1) Die Arbeit gibt einen wichtigen Einblick in die Relevanz, Häufigkeit und Probleme der Fallback-Authentifizierung im Alltag der Nutzer. (2) Sie stellt eine klare Definition für den Begriff der Fallback-Authentifizierung bereit, um Authentifizierungssysteme anhand verschiedener Eigenschaften wie Nutzerfreundlichkeit und Sicherheit zu klassifizieren. (3) Sie diskutiert die Vor- und Nachteile verschiedener autobiographischer Erinnerungen anhand von Beispielimplementierungen und gibt darauf basierend Empfehlungen zu deren Nutzung und Evaluierung im Kontext der Fallback-Authentifizierung

An Investigation of the Impact of iPad Usage on Elementary Mathematical Skills and Attitudes

Currently, many schools are implementing one-to-one initiatives, where the goal is to give every student in a classroom a tablet or laptop computer. However, there is a dearth of research backing up the assumption that they significantly improve student learning. This study explored the effects of these new instructional devices by focusing on two second-grade classrooms implementing a one-to-one iPad program. Specifically, it investigated how iPad usage affects student and teacher attitudes toward mathematics, student mathematics performance in and out of app environments, the instructional purposes for which iPads are used in the classroom, and implementation issues of the technology. This primarily observational study used both quantitative and qualitative methods to capture a picture of an active program to serve as a source for further questions that may be better answered by experimenting with different treatments. Quantitative data was gathered on student performance in two apps, Addimal Adventure and Splash Math 2nd Grade, as well on the frequency and type of iPad usage. Qualitative data came from interviews with six students and two teachers near the beginning and end of the four month research period. While students generally reported they enjoyed doing mathematics on the iPad, half preferred paper and pencil. Teachers believed iPads helped students stay engaged in mathematics longer, resulted in more time spent on task, and enabled more differentiated instruction. Students performed better on quizzes for both apps than they had in either app environment. While the scores were positively correlated with varying degrees of strength, no evidence was found that app progress significantly explained student quiz scores. It was also found that iPads were being used in two different modes of instruction: free choice and focused. Based on these results, the education community needs to provide additional support to teachers, including technical and pedagogical trainings, focused apps for various skills, and a feedback channel for teachers to quickly report problems to developers. With an active and engaged support structure, educators can take advantage of the technological abilities of these devices and create a more responsive and differentiated environment of mathematics learning than has previously been feasible

Evaluating Alternative Measures of Bicycling Level of Traffic Stress Using Crowdsourced Route Satisfaction Data

Approaches for evaluating the quality of bicycling have become increasingly important for planning bicycle infrastructure improvements. Mekuria, Furth, and Nixon’s (2012) “Level of Traffic Stress” (LTS) approach, which requires minimal data inputs and produces a simple and intuitive output, has emerged as a widely-used framework for identifying streets that are “low-stress” for cyclists. The LTS framework is based on a hierarchy of characteristics, largely related to traffic speed and roadway layout, that are presumed to cause higher or lower levels of stress. Despite the apparent simplicity of LTS, several key challenges emerge from its application. Firstly, multiple LTS classification methods have been developed, and it is difficult to know whether they represent stress in equivalent ways. Secondly, LTS is intended only to define an ordinal scale of stressfulness, but has often been misinterpreted as defining a continuous scale; there is no intended implication that the stress levels are spaced equally. Third, while LTS provides a useful summary of diverse infrastructural variables, it is poorly understood which of these variables are most strongly associated with cyclist satisfaction and may, therefore, be most important to capture in an LTS framework. These challenges were examined in the contexts of two U.S. cities: Portland, Oregon, which has a very well-developed bicycling infrastructure, and Austin, Texas, which has more moderately-developed bicycling infrastructure. In both cities, LTS outcomes differed depending on the LTS classification method used. In addition, even when classified using the same method, LTS outcomes differed depending on the source of the data used. This suggests that LTS analyses based on different methods or data sources are unlikely to be comparable. Associations between LTS classifications and continuously-scaled user satisfaction data from the crowdsourcing mobile app Ride Report suggested that LTS levels represented a fairly linear scale, though differences in average Ride Report scores between successive LTS levels were rarely large. Ride Report user satisfaction data were most strongly and consistently associated with variables related to bicycling-specific infrastructure, such as bike lanes and boulevards, and indicators of street size. These variables may be most useful for developing LTS classification methods with minimal data inputs. Unsurprisingly, our analysis also supports the addition of bicycle-specific infrastructure and reduction of roadway size and traffic volume as among the most effective approaches for reducing LTS levels and maximizing user satisfaction along cycling networks

Aiding information security decisions with human factors using quantitative and qualitative techniques

Phd ThesisThe Information Security Decision Making Process is comprised of an extremely complex and dynamic set of sub-tasks, sub-goals and inter-disciplinary practices. In order to be effective and appropriate, this process must balance both the requirements of the stakeholder as well as the users within the system. Without careful consideration of users’ behaviours and preferences, interventions are often seen as obstacles towards productivity and subsequently circumvented or simply not adhered to. The approach detailed herein requires an intimate knowledge of both Information Security and Human Behaviour. An effective security policy must adequately protect a given set of assets (human and non-human) or systems as well as preserve maximal productivity. Companies rely on their Intellectual Property Rights which are often stored in a digital format. This presents a plethora of issues regarding security, access management and locality (whether on or off the premises). Furthermore, there is the added complexity of employees and how they operate within this environment (a subset of compliance, competence and policy). With the continued increase in consumerisation, more specifically the rise of Bring Your Own Device, there is a significant threat towards data security that persists outside of the typical working environment. This trend enables employees to access and transfer corporate assets remotely but in doing so creates a conflict over identity, ownership and data management. The governance of these activities creates an extremely complex problem space which requires the need to balance these requirements relying on an accurate assessment of risk, identification of security vulnerabilities and knowledge pertaining to the behaviour of employees. The risks to company assets can be estimated by the analysis of the following issues: • Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets. • Vulnerabilities. How susceptible your assets are to attack. • Impact. The magnitude of the potential loss or the seriousness of the event. The ability to quantify and accurately represent these variables is critical in developing, implementing and supporting a successful security policy. The dissertation is structured as follows. Chapter 1 provides an abstract overview of the problem space and highlights our aims, objectives and publications. Chapter 2 details an in-depth literature review of the cross-disciplinary problem space. This involves both the analysis of industry standards, practices and reports as well as a summary of academic literature pertaining to theoretical frameworks and simulations for discussion. Chapter 3 introduces our problem space and documents the rationale for designing our methodology. Each successive chapter (4, 5, & 6) documents a separate investigative strategy for populating specific data sets with respect to the behaviours and practices highlighted from our pilot study and CISO interaction. This provides the rationale behind each approach as well as a documented implementation and evaluation of our experimental design with reference to publications in the field. Chapter 7 documents our modelling strategy and highlights the extensions we propose to the BPMN 2.0 formalism. Chapter 8 concludes our work with reference to our contributions, limitations and the direction of future study

Supporting users in password authentication with persuasive design

Activities like text-editing, watching movies, or managing personal finances are all accomplished with web-based solutions nowadays. The providers need to ensure security and privacy of user data. To that end, passwords are still the most common authentication method on the web. They are inexpensive and easy to implement. Users are largely accustomed to this kind of authentication but passwords represent a considerable nuisance, because they are tedious to create, remember, and maintain. In many cases, usability issues turn into security problems, because users try to work around the challenges and create easily predictable credentials. Often, they reuse their passwords for many purposes, which aggravates the risk of identity theft. There have been numerous attempts to remove the root of the problem and replace passwords, e.g., through biometrics. However, no other authentication strategy can fully replace them, so passwords will probably stay a go-to authentication method for the foreseeable future. Researchers and practitioners have thus aimed to improve users' situation in various ways. There are two main lines of research on helping users create both usable and secure passwords. On the one hand, password policies have a notable impact on password practices, because they enforce certain characteristics. However, enforcement reduces users' autonomy and often causes frustration if the requirements are poorly communicated or overly complex. On the other hand, user-centered designs have been proposed: Assistance and persuasion are typically more user-friendly but their influence is often limited. In this thesis, we explore potential reasons for the inefficacy of certain persuasion strategies. From the gained knowledge, we derive novel persuasive design elements to support users in password authentication. The exploration of contextual factors in password practices is based on four projects that reveal both psychological aspects and real-world constraints. Here, we investigate how mental models of password strength and password managers can provide important pointers towards the design of persuasive interventions. Moreover, the associations between personality traits and password practices are evaluated in three user studies. A meticulous audit of real-world password policies shows the constraints for selection and reuse practices. Based on the review of context factors, we then extend the design space of persuasive password support with three projects. We first depict the explicit and implicit user needs in password support. Second, we craft and evaluate a choice architecture that illustrates how a phenomenon from marketing psychology can provide new insights into the design of nudging strategies. Third, we tried to empower users to create memorable passwords with emojis. The results show the challenges and potentials of emoji-passwords on different platforms. Finally, the thesis presents a framework for the persuasive design of password support. It aims to structure the required activities during the entire process. This enables researchers and practitioners to craft novel systems that go beyond traditional paradigms, which is illustrated by a design exercise.Heutzutage ist es möglich, mit web-basierten Lösungen Texte zu editieren, Filme anzusehen, oder seine persönlichen Finanzen zu verwalten. Die Anbieter müssen hierbei Sicherheit und Vertraulichkeit von Nutzerdaten sicherstellen. Dazu sind Passwörter weiterhin die geläufigste Authentifizierungsmethode im Internet. Sie sind kostengünstig und einfach zu implementieren. NutzerInnen sind bereits im Umgang mit diesem Verfahren vertraut jedoch stellen Passwörter ein beträchtliches Ärgernis dar, weil sie mühsam zu erstellen, einzuprägen, und verwalten sind. Oft werden Usabilityfragen zu Sicherheitsproblemen, weil NutzerInnen Herausforderungen umschiffen und sich einfach zu erratende Zugangsdaten ausdenken. Daneben verwenden sie Passwörter für viele Zwecke wieder, was das Risiko eines Identitätsdiebstals weiter erhöht. Es gibt zahlreiche Versuche die Wurzel des Problems zu beseitigen und Passwörter zu ersetzen, z.B. mit Biometrie. Jedoch kann bisher kein anderes Verfahren sie vollkommen ersetzen, so dass Passwörter wohl für absehbare Zeit die Hauptauthentifizierungsmethode bleiben werden. ExpertInnen aus Forschung und Industrie haben sich deshalb zum Ziel gefasst, die Situation der NutzerInnen auf verschiedene Wege zu verbessern. Es existieren zwei Forschungsstränge darüber wie man NutzerInnen bei der Erstellung von sicheren und benutzbaren Passwörtern helfen kann. Auf der einen Seite haben Regeln bei der Passworterstellung deutliche Auswirkungen auf Passwortpraktiken, weil sie bestimmte Charakteristiken durchsetzen. Jedoch reduziert diese Durchsetzung die Autonomie der NutzerInnen und verursacht Frustration, wenn die Anforderungen schlecht kommuniziert oder übermäßig komplex sind. Auf der anderen Seite stehen nutzerzentrierte Designs: Hilfestellung und Überzeugungsarbeit sind typischerweise nutzerfreundlicher wobei ihr Einfluss begrenzt ist. In dieser Arbeit erkunden wir die potenziellen Gründe für die Ineffektivität bestimmter Überzeugungsstrategien. Von dem hierbei gewonnenen Wissen leiten wir neue persuasive Designelemente für Hilfestellung bei der Passwortauthentifizierung ab. Die Exploration von Kontextfaktoren im Umgang mit Passwörtern basiert auf vier Projekten, die sowohl psychologische Aspekte als auch Einschränkungen in der Praxis aufdecken. Hierbei untersuchen wir inwiefern Mental Modelle von Passwortstärke und -managern wichtige Hinweise auf das Design von persuasiven Interventionen liefern. Darüber hinaus werden die Zusammenhänge zwischen Persönlichkeitsmerkmalen und Passwortpraktiken in drei Nutzerstudien untersucht. Eine gründliche Überprüfung von Passwortregeln in der Praxis zeigt die Einschränkungen für Passwortselektion und -wiederverwendung. Basierend auf der Durchleuchtung der Kontextfaktoren erweitern wir hierauf den Design-Raum von persuasiver Passworthilfestellung mit drei Projekten. Zuerst schildern wir die expliziten und impliziten Bedürfnisse in punkto Hilfestellung. Daraufhin erstellen und evaluieren wir eine Entscheidungsarchitektur, welche veranschaulicht wie ein Phänomen aus der Marketingpsychologie neue Einsichten in das Design von Nudging-Strategien liefern kann. Im Schlussgang versuchen wir NutzerInnen dabei zu stärken, gut merkbare Passwörter mit Hilfe von Emojis zu erstellen. Die Ergebnisse zeigen die Herausforderungen und Potenziale von Emoji-Passwörtern auf verschiedenen Plattformen. Zuletzt präsentiert diese Arbeit ein Rahmenkonzept für das persuasive Design von Passworthilfestellungen. Es soll die benötigten Aktivitäten während des gesamten Prozesses strukturieren. Dies erlaubt ExpertInnen neuartige Systeme zu entwickeln, die über traditionelle Ansätze hinausgehen, was durch eine Designstudie veranschaulicht wird

A personality-based behavioural model: Susceptibility to phishing on social networking sites

The worldwide popularity of social networking sites (SNSs) and the technical features they offer users have created many opportunities for malicious individuals to exploit the behavioral tendencies of their users via social engineering tactics. The self-representation and social interactions on SNSs encourage users to reveal their personalities in a way which characterises their behaviour. Frequent engagement on SNSs may also reinforce the performance of certain activities, such as sharing and clicking on links, at a “habitual” level on these sites. Subsequently, this may also influence users to overlook phishing posts and messages on SNSs and thus not apply sufficient cognitive effort in their decision-making. As users do not expect phishing threats on these sites, they may become accustomed to behaving in this manner which may consequently put them at risk of such attacks. Using an online survey, primary data was collected from 215 final-year undergraduate students. Employing structural equation modelling techniques, the associations between the Big Five personality traits, habits and information processing were examined with the aim to identify users susceptible to phishing on SNSs. Moreover, other behavioural factors such as social norms, computer self-efficacy and perceived risk were examined in terms of their influence on phishing susceptibility. The results of the analysis revealed the following key findings: 1) users with the personality traits of extraversion, agreeableness and neuroticism are more likely to perform habitual behaviour, while conscientious users are least likely; 2) users who perform certain behaviours out of habit are directly susceptible to phishing attacks; 3) users who behave out of habit are likely to apply a heuristic mode of processing and are therefore more susceptible to phishing attacks on SNSs than those who apply systematic processing; 4) users with higher computer self-efficacy are less susceptible to phishing; and 5) users who are influenced by social norms are at greater risk of phishing. This study makes a contribution to scholarship and to practice, as it is the first empirical study to investigate, in one comprehensive model, the relationship between personality traits, habit and their effect on information processing which may influence susceptibility to phishing on SNSs. The findings of this study may assist organisations in the customisation of an individual anti-phishing training programme to target specific dispositional factors in vulnerable users. By using a similar instrument to the one used in this study, pre-assessments could determine and classify certain risk profiles that make users vulnerable to phishing attacks.Thesis (PhD) -- Faculty of Commerce, Information Systems, 202