TU Darmstadt / ULB / TUbiblio

Contextualized Security Interventions in Password Transmission Scenarios

Volkamer, Melanie ; Bartsch, Steffen ; Kauer, Michaela
ed.: University Plymouth (2013)
Contextualized Security Interventions in Password Transmission Scenarios.
Lisbon, Spain
Conference or Workshop Item, Bibliographie

Abstract

Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. 

Item Type: Conference or Workshop Item
Erschienen: 2013
Creators: Volkamer, Melanie ; Bartsch, Steffen ; Kauer, Michaela
Type of entry: Bibliographie
Title: Contextualized Security Interventions in Password Transmission Scenarios
Language: English
Date: May 2013
Book Title: European Information Security Multi-Conference (EISMC 2013)
Event Location: Lisbon, Spain
Corresponding Links:
Abstract:

Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios. 

Uncontrolled Keywords: Security, Usability and Society, Secure Data
Identification Number: TUD-CS-2013-0078
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
20 Department of Computer Science > SECUSO - Security, Usability and Society
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 28 Jul 2016 18:35
Last Modified: 25 Feb 2022 10:58
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details