The economics of user effort in information security

A significant number of security breaches result from employees' failures to comply with security policies. The cause is often an honest mistake, such as when an employee enters their password in a phishing website, believing it to be a legitimate one.1 It can also be a workaround when faced with an impossible task, such as when an employee has so many different passwords that they must be written down

Human-centred identity - from rhetoric to reality

This paper presents a proposal for human-centred identity management. Even though the term ‘human-centred identity’ has been widely used in the past few years, the solutions either descritbe a technical system for managing identity, or describe an identity management solution that meets a particular administrative need. Our proposal, however, presents a set of propertis that have to be considered, and the choices have to be made for each property must satisfy the needs of both the individual and the organization that owns the identity management system. The properties were identified as a result of reviewing a range of national identity systems, and the problems that arise from them

Users are not the enemy

Many system security departments treat users as a security risk to be controlled. The general consensus is that most users are careless and unmotivated when it comes to system security. In a recent study, we found that users may indeed compromise computer security mechanisms, such as password authentication, both knowing and unknowingly. A closer analysis, however, revealed that such behavior is often caused by the way in which security mechanisms are implemented, and users ’ lack of knowledge. We argue that to change this state of affairs, security departments need to communicate more with users, and adopt a user-centered design approach

Gathering realistic authentication performance data through field trials

Most evaluations of novel authentication mechanisms have been conducted under laboratory conditions. We argue that the results of short-term usage under laboratory conditions do not predict user performance “in the wild”, because there is insufficient time between enrolment and testing, the number of authentications is low, and authentication is presented as a primary task, rather then the secondary task as it is “in the wild”. User generated reports of performance on the other hand provide subjective data, so reports on frequency of use, time intervals, and success or failure of authentication are subject to the vagaries of users ’ memories. Studies on authentication that provide objective performance data under real-world conditions are rare. In this paper, we present our experiences with a study method that tries to control frequency and timing of authentication, and collects reliable performance data, while maintaining ecological validity of the authentication context at the same time. We describe the development of an authentication server called APET, which allows us to prompt users enrolled in trial cohorts to authenticate at controlled intervals, and report our initial experiences with trials. We conclude by discussing remaining challenges in obtaining reliable performance data through a field trial method such as this one

Deconvolution, differentiation and Fourier transformation algorithms for noise-containing data based on splines and global approximation

One of the main problems in the analysis of measured spectra is how to reduce the influence of noise in data processing. We show a deconvolution, a differentiation and a Fourier Transform algorithm that can be run on a small computer (64 K RAM) and suffer less from noise than commonly used routines. This objective is achieved by implementing spline based functions in mathematical operations to obtain global approximation properties in our routines. The convenient behaviour and the pleasant mathematical character of splines makes it possible to perform these mathematical operations on large data input in a limited computing time on a small computer system. Comparison is made with widely used routines

The adsorption of nitric oxide on a silicon (100) 2 × 1 surface studied with Auger electron spectroscopy

We present an Auger electron spectroscopy (AES) study of the adsorption of nitric oxide (NO) on a clean Si(100)2 × 1 surface at 300 and 550 K. Accurate measurement reeveal well resolved fine structure at Auger SiL2.3VV transitions at 62 and 83 eV. These peaks can be attributed to Si---O and Si---N bonds. Furthermore, it is argued that the broadening in the SiLi2.3VV Auger transition at 83 eV at 300 K may be composed of two nearby peaks, which could be attributed to two different kinds of chemical bonding, Si---N and Si---O. The absence of a peak at 69 eV at room temperature strongly suggests the NO adsorption on a Si(100)2 × 1 surface to be molecular. Dissociation of NO on the Si(100)2 × 1 surface is observed at 550 K

Scaring and Bullying People into Security Won't Work

Users will pay attention to reliable and credible indicators of risks they want to avoid. Security mechanisms with a high false positive rate undermine the credibility of security and train users to ignore them. We need more accurate detection and better security tools if we are to regain users' attention and respect, rather than scare, trick, and bully them into complying with security measures that obstruct human endeavors

Missing dimer defects investigated by adsorption of nitric oxide (NO) on silicon (100) 2 × 1

This paper describes a study concerning the interaction of nitric oxide (NO) with the clean Si(100)2×1 surface in ultra-high vacuum at room temperature. Differential reflectometry (DR) in the photon energy range of 2.4–4.4 eV. Auger electron spectroscopy (AES) and low energy electron diffraction (LEED) have been used to investigate the chemisorption of NO on Si(100)2×1. With this combination of techniques it is possible to make an analysis of the geometric and electronic structure and chemical composition of the surface layer. The aim of the present study was to explain the experimental results of the adsorption of NO on the clean Si(100)2×1 at 300 K. Analysing the electronic and geometric structure of a simplified stepped 2×1 reconstructed Si(100) surface and of the NO molecule in combination with the use of Woodward-Hoffmann rules (WHR) we were able to model a surface defect specific adsorption mechanism. Surface defects such as missing dimer defects seem to play an important role in the adsorption mechanism of NO on the silicon surface. The experimental results are consistent with this developed model. We also suggest a relation between the missing dimer defects and the number of steps on the silicon surface

3D Simulation of Partial Discharge in High Voltage Power Networks

Open accessPartial discharge (PD) events arise inside power cables due to defects of cable’s insulation material, characterized by a lower electrical breakdown strength than the surrounding dielectric material. These electrical discharges cause signals to propagate along the cable, manifesting as noise phenomena. More significantly, they contribute to insulation degradation and can produce a disruptive effect with a consequent interruption of power network operation. PD events are, therefore, one of the best ‘early warning’ indicators of insulation degradation and, for this reason, the modeling and studying of such phenomena, together with the development of on-line PDs location methods, are important topics for network integrity assessment, and to define methods to improve the power networks’ Electricity Security. This paper presents a 3D model of PD events inside a void in epoxy-resin insulation cables for High Voltage (HV) power networks. The 3D model has been developed using the High Frequency (HF) Solver of CST Studio Suite® software. PD events of a few µs duration have been modelled and analyzed. The PD behavior has been investigated using varying electrical stress. A first study of the PD signal propagation in a power network is described