Volkamer, Melanie ; Bartsch, Steffen ; Kauer, Michaela
Hrsg.: University Plymouth (2013)
Contextualized Security Interventions in Password Transmission Scenarios.
Lisbon, Spain
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2013 |
| Autor(en): | Volkamer, Melanie ; Bartsch, Steffen ; Kauer, Michaela |
| Art des Eintrags: | Bibliographie |
| Titel: | Contextualized Security Interventions in Password Transmission Scenarios |
| Sprache: | Englisch |
| Publikationsjahr: | Mai 2013 |
| Buchtitel: | European Information Security Multi-Conference (EISMC 2013) |
| Veranstaltungsort: | Lisbon, Spain |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. |
| Freie Schlagworte: | Security, Usability and Society, Secure Data |
| ID-Nummer: | TUD-CS-2013-0078 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra 20 Fachbereich Informatik > SECUSO - Security, Usability and Society Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 28 Jul 2016 18:35 |
| Letzte Änderung: | 25 Feb 2022 10:58 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum