TU Darmstadt / ULB / TUbiblio

Contextualized Security Interventions in Password Transmission Scenarios

Volkamer, Melanie and Bartsch, Steffen and Kauer, Michaela
University, Plymouth (ed.) (2013):
Contextualized Security Interventions in Password Transmission Scenarios.
In: European Information Security Multi-Conference (EISMC 2013), Lisbon, Spain, [Conference or Workshop Item]

Abstract

Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. 

Item Type: Conference or Workshop Item
Erschienen: 2013
Editors: University, Plymouth
Creators: Volkamer, Melanie and Bartsch, Steffen and Kauer, Michaela
Title: Contextualized Security Interventions in Password Transmission Scenarios
Language: English
Abstract:

Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. 

Title of Book: European Information Security Multi-Conference (EISMC 2013)
Uncontrolled Keywords: Security, Usability and Society;Secure Data
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
20 Department of Computer Science > SECUSO - Security, Usability and Society
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Event Location: Lisbon, Spain
Date Deposited: 28 Jul 2016 18:35
Identification Number: TUD-CS-2013-0078
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item