TU Darmstadt / ULB / TUbiblio

Contextualized Security Interventions in Password Transmission Scenarios

Volkamer, Melanie ; Bartsch, Steffen ; Kauer, Michaela
Hrsg.: University Plymouth (2013)
Contextualized Security Interventions in Password Transmission Scenarios.
Lisbon, Spain
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. 

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2013
Autor(en): Volkamer, Melanie ; Bartsch, Steffen ; Kauer, Michaela
Art des Eintrags: Bibliographie
Titel: Contextualized Security Interventions in Password Transmission Scenarios
Sprache: Englisch
Publikationsjahr: Mai 2013
Buchtitel: European Information Security Multi-Conference (EISMC 2013)
Veranstaltungsort: Lisbon, Spain
Zugehörige Links:
Kurzbeschreibung (Abstract):

Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. 

Freie Schlagworte: Security, Usability and Society, Secure Data
ID-Nummer: TUD-CS-2013-0078
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 25 Feb 2022 10:58
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen