发布求助
文献互助 智能选刊 最新文献

Symposium On Usable Privacy and Security最新文献

筛选
英文 中文
Helping users create better passwords: is this the right approach? 帮助用户创建更好的密码:这是正确的方法吗?
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280703
Alain Forget, S. Chiasson, R. Biddle
{"title":"Helping users create better passwords: is this the right approach?","authors":"Alain Forget, S. Chiasson, R. Biddle","doi":"10.1145/1280680.1280703","DOIUrl":"https://doi.org/10.1145/1280680.1280703","url":null,"abstract":"Users tend to form their own mental models of good passwords regardless of any instructions provided. They also tend to favour memorability over security. In our study comparing two mnemonic phrase-based password schemes, we found a surprising number of participants misused both schemes. Intentional or not, they misused the system such that their task of password creation and memorization became easier. Thus, we believe that instead of better instructions or password schemes, a new approach is required to convince users to create more secure passwords. One possibility may lie in employing Persuasive Technology.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131257924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 28
Measuring privacy loss and the impact of privacy protection in web browsing 衡量网络浏览中隐私损失及隐私保护的影响
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280688
B. Krishnamurthy, Delfina Malandrino, C. Wills
{"title":"Measuring privacy loss and the impact of privacy protection in web browsing","authors":"B. Krishnamurthy, Delfina Malandrino, C. Wills","doi":"10.1145/1280680.1280688","DOIUrl":"https://doi.org/10.1145/1280680.1280688","url":null,"abstract":"Various bits of information about users accessing Web sites. some of which are private, have been gathered since the inception of the Web. Increasingly the gathering, aggregation, and processing has been outsourced to third parties. The goal of this work is to examine the effectiveness of specific techniques to limit this diffusion of private information to third parties. We also examine the impact of these privacy protection techniques on the usability and quality of the Web pages returned. Using objective measures for privacy protection and page quality we examine their tradeoffs for different privacy protection techniques applied to a collection of popular Web sites as well as a focused set of sites with significant privacy concerns. We study privacy protection both at a browser and at a proxy.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123535316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 94
Defeat spyware with anti-screen capture technology using visual persistence 使用视觉持久性打败反屏幕捕获技术的间谍软件
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280701
J. Lim
{"title":"Defeat spyware with anti-screen capture technology using visual persistence","authors":"J. Lim","doi":"10.1145/1280680.1280701","DOIUrl":"https://doi.org/10.1145/1280680.1280701","url":null,"abstract":"In this paper, we describe a novel web-based method to generate an on-screen keypad with anti-screen capture technology for secure data entry. Our method protects against spying via keyboard, mouse and screen on a compromised computer.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"198 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132584474","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Perception and acceptance of fingerprint biometric technology 对指纹生物识别技术的认知和接受
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280704
Rosa R. Heckle, Andrew S. Patrick, Ant Ozok
{"title":"Perception and acceptance of fingerprint biometric technology","authors":"Rosa R. Heckle, Andrew S. Patrick, Ant Ozok","doi":"10.1145/1280680.1280704","DOIUrl":"https://doi.org/10.1145/1280680.1280704","url":null,"abstract":"The acceptance of biometric security services appears to be affected by several factors, one of which may be the context in which it is used. In this study, 24 participants were asked to roleplay the use of a fingerprint biometric identification system when making purchases at an online bookstore. The results show differences in opinions about the biometric system when the perceived benefits for the users were manipulated. Participants were more comfortable using biometrics, and considered them more beneficial, when they were used to secure personal information for personal purchases, in contrast to securing personal information for corporate purchases. The results suggest that application contexts with obvious, apparent benefits to the user tend to lead to greater perceptions of usability and higher acceptance rates than contexts where there are only system or corporate benefits...","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123563892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Facemail: showing faces of recipients to prevent misdirected email Facemail:显示收件人的面孔,以防止错误的电子邮件
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280696
Eric Lieberman, Rob Miller
{"title":"Facemail: showing faces of recipients to prevent misdirected email","authors":"Eric Lieberman, Rob Miller","doi":"10.1145/1280680.1280696","DOIUrl":"https://doi.org/10.1145/1280680.1280696","url":null,"abstract":"Users occasionally send email to the wrong recipients -- clicking Reply To All instead of Reply, mistyping an email address, or guessing an email address and getting it wrong - and suffer violations of security or privacy as a result. Facemail is an extension to a webmail system that aims to alleviate this problem by automatically displaying pictures of the selected recipients in a peripheral display, while the user is composing an email message. We describe techniques for obtaining faces from email addresses, and discovering mailing list memberships from existing web data sources, and a user interface design that keeps important faces recognizable while scaling up to hundreds or thousands of recipients. Preliminary experiments suggest that faces significantly improve users' ability to detect misdirected emails with only a brief glance.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116940909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Decision strategies and susceptibility to phishing 决策策略和对网络钓鱼的敏感性
Symposium On Usable Privacy and Security Pub Date : 2006-07-12 DOI: 10.1145/1143120.1143131
J. Downs, Mandy B. Holbrook, L. Cranor
{"title":"Decision strategies and susceptibility to phishing","authors":"J. Downs, Mandy B. Holbrook, L. Cranor","doi":"10.1145/1143120.1143131","DOIUrl":"https://doi.org/10.1145/1143120.1143131","url":null,"abstract":"Phishing emails are semantic attacks that con people into divulging sensitive information using techniques to make the user believe that information is being requested by a legitimate source. In order to develop tools that will be effective in combating these schemes, we first must know how and why people fall for them. This study reports preliminary analysis of interviews with 20 non-expert computer users to reveal their strategies and understand their decisions when encountering possibly suspicious emails. One of the reasons that people may be vulnerable to phishing schemes is that awareness of the risks is not linked to perceived vulnerability or to useful strategies in identifying phishing emails. Rather, our data suggest that people can manage the risks that they are most familiar with, but don't appear to extrapolate to be wary of unfamiliar risks. We explore several strategies that people use, with varying degrees of success, in evaluating emails and in making sense of warnings offered by browsers attempting to help users navigate the web.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121804109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 387
Passpet: convenient password management and phishing protection Passpet:方便的密码管理和网络钓鱼保护
Symposium On Usable Privacy and Security Pub Date : 2006-07-12 DOI: 10.1145/1143120.1143126
K. Yee, K. Sitaker
{"title":"Passpet: convenient password management and phishing protection","authors":"K. Yee, K. Sitaker","doi":"10.1145/1143120.1143126","DOIUrl":"https://doi.org/10.1145/1143120.1143126","url":null,"abstract":"We describe Passpet, a tool that improves both the convenience and security of website logins through a combination of techniques. Password hashing helps users manage multiple accounts by turning a single memorized password into a different password for each account. User-assigned site labels (petnames) help users securely identify sites in the face of determined attempts at impersonation (phishing). Password-strengthening measures defend against dictionary attacks. Customizing the user interface defends against user-interface spoofing attacks. We propose new improvements to these techniques, discuss how they are integrated into a single tool, and compare Passpet to other solutions for managing passwords and preventing phishing.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"141 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117189161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 205
Protecting domestic power-line communications 保护国内电力线通信
Symposium On Usable Privacy and Security Pub Date : 2006-07-12 DOI: 10.1145/1143120.1143136
R. Newman, S. Gavette, L. Yonge, Ross J. Anderson
{"title":"Protecting domestic power-line communications","authors":"R. Newman, S. Gavette, L. Yonge, Ross J. Anderson","doi":"10.1145/1143120.1143136","DOIUrl":"https://doi.org/10.1145/1143120.1143136","url":null,"abstract":"In this paper we describe the protection goals and mechanisms in HomePlug AV, a next-generation power-line communications standard. This is a fascinating case-history in security usability. There are also novel protocol issues; interactions with mechanisms at other layers; and opportunities for both researchers and third-party vendors to build on the mechanisms provided. The central problem -- being sure whether a device being enrolled in the network is the device you think, not a similar one nearby -- is not well solved by conventional mechanisms such as public-key infrastructures, but appears to require either very old-fashioned or very novel approaches.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121083949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Web wallet: preventing phishing attacks by revealing user intentions 网络钱包:通过揭示用户意图来防止网络钓鱼攻击
Symposium On Usable Privacy and Security Pub Date : 2006-07-12 DOI: 10.1145/1143120.1143133
Min Wu, Rob Miller, Greg Little
{"title":"Web wallet: preventing phishing attacks by revealing user intentions","authors":"Min Wu, Rob Miller, Greg Little","doi":"10.1145/1143120.1143133","DOIUrl":"https://doi.org/10.1145/1143120.1143133","url":null,"abstract":"We introduce a new anti-phishing solution, the Web Wallet. The Web Wallet is a browser sidebar which users can use to submit their sensitive information online. It detects phishing attacks by determining where users intend to submit their information and suggests an alternative safe path to their intended site if the current site does not match it. It integrates security questions into the user's workflow so that its protection cannot be ignored by the user. We conducted a user study on the Web Wallet prototype and found that the Web Wallet is a promising approach. In the study, it significantly decreased the spoof rate of typical phishing attacks from 63% to 7%, and it effectively prevented all phishing attacks as long as it was used. A majority of the subjects successfully learned to depend on the Web Wallet to submit their login information. However, the study also found that spoofing the Web Wallet interface itself was an effective attack. Moreover, it was not easy to completely stop all subjects from typing sensitive information directly into web forms.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114941551","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 206
Human selection of mnemonic phrase-based passwords 人工选择基于助记短语的密码
Symposium On Usable Privacy and Security Pub Date : 2006-07-12 DOI: 10.1145/1143120.1143129
C. Kuo, Sasha Romanosky, L. Cranor
{"title":"Human selection of mnemonic phrase-based passwords","authors":"C. Kuo, Sasha Romanosky, L. Cranor","doi":"10.1145/1143120.1143129","DOIUrl":"https://doi.org/10.1145/1143120.1143129","url":null,"abstract":"Textual passwords are often the only mechanism used to authenticate users of a networked system. Unfortunately, many passwords are easily guessed or cracked. In an attempt to strengthen passwords, some systems instruct users to create mnemonic phrase-based passwords. A mnemonic password is one where a user chooses a memorable phrase and uses a character (often the first letter) to represent each word in the phrase.In this paper, we hypothesize that users will select mnemonic phrases that are commonly available on the Internet, and that it is possible to build a dictionary to crack mnemonic phrase-based passwords. We conduct a survey to gather user-generated passwords. We show the majority of survey respondents based their mnemonic passwords on phrases that can be found on the Internet, and we generate a mnemonic password dictionary as a proof of concept. Our 400,000-entry dictionary cracked 4% of mnemonic passwords; in comparison, a standard dictionary with 1.2 million entries cracked 11% of control passwords. The user-generated mnemonic passwords were also slightly more resistant to brute force attacks than control passwords. These results suggest that mnemonic passwords may be appropriate for some uses today. However, mnemonic passwords could become more vulnerable in the future and should not be treated as a panacea.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121331562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 241
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信