Interaction Design Foundation
Free educational materials - made by the world's technology elite
 
Join us on Linkedin
Join us on Twitter
Join us on Google plus
Get our RSS Feed
 
 
ReferencesNavigation arrowAuthorsNavigation arrowJ. D. Tygar

Publication statistics

Pub. period:1994-2009
Pub. count:4
Number of co-authors:5



Co-authors

Number of publications with 3 favourite co-authors:

Rachna Dhamija:2
David Wagner:1
Chris Karlof:1

 

 

Productive colleagues

J. D. Tygar's 3 most productive colleagues in number of publications:

Marti A. Hearst:23
David Wagner:9
L. Jean Camp:8
 
 
 
May 20

The moment clients realize that revisions are not an all-you-can-eat buffet, suddenly they realize they are not hungry.

-- Lester Beall

 
 

Featured chapter

Read the fascinating history of Wearable Computing, told by its father, Steve Mann

Read Steve's chapter !

 
 

Help us help you!

 
 

J. D. Tygar

Picture of J. D. Tygar. Copyright unknown.
Add description
Add publication

Publications by J. D. Tygar (bibliography)

 what's this?
2009
 
Edit | Del

Karlof, Chris, Tygar, J. D. and Wagner, David (2009): Conditioned-safe ceremonies and a user study of an application to web authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 38.

2006
 
Edit | Del

Dhamija, Rachna, Tygar, J. D. and Hearst, Marti A. (2006): Why phishing works. In: Proceedings of ACM CHI 2006 Conference on Human Factors in Computing Systems 2006. pp. 581-590.

To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why. This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time. We also found that some visual deception attacks can fool even the most sophisticated users. These results illustrate that standard security indicators are not effective for a substantial fraction of users, and suggest that alternative approaches are needed.

© All rights reserved Dhamija et al. and/or ACM Press

2005
 
Edit | Del

Dhamija, Rachna and Tygar, J. D. (2005): The battle against phishing: Dynamic Security Skins. In: Proceedings of the 2005 Symposium on Usable Privacy and Security 2005. pp. 77-88.

Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users. We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. We describe the design of an extension to the Mozilla Firefox browser that implements this scheme. We present two novel interaction techniques to prevent spoofing. First, our browser extension provides a trusted window in the browser dedicated to username and password entry. We use a photographic image to create a trusted path between the user and this window to prevent spoofing of the window and of the text entry fields. Second, our scheme allows the remote server to generate a unique abstract image for each user and each transaction. This image creates a "skin" that automatically customizes the browser window or the user interface elements in the content of a remote web page. Our extension allows the user's browser to independently compute the image that it expects to receive from the server. To authenticate content from the server, the user can visually verify that the images match. We contrast our work with existing anti-phishing proposals. In contrast to other proposals, our scheme places a very low burden on the user in terms of effort, memory and time. To authenticate himself, the user has to recognize only one image and remember one low entropy password, no matter how many servers he wishes to interact with. To authenticate content from an authenticated server, the user only needs to perform one visual matching operation to compare two images. Furthermore, it places a high burden of effort on an attacker to spoof customized security indicators.

© All rights reserved Dhamija and Tygar and/or ACM Press

1994
 
Edit | Del

Camp, L. Jean and Tygar, J. D. (1994): Providing Auditing While Protecting Privacy. In The Information Society, 10 (1) .

 
Add publication
Show this list on your homepage
 
 

Join the technology elite and advance:

 
1.

Your career

 
2.

Your network

 
 3.

Your skills

 
 
 
 
 
 

Changes to this page (author)

23 Feb 2010: Modified
08 Sep 2009: Added
01 Jun 2009: Added
12 May 2008: Added
19 Jun 2007: Added

Page Information

Page maintainer: The Editorial Team
URL: http://www.interaction-design.org/references/authors/j__d__tygar.html

Publication statistics

Pub. period:1994-2009
Pub. count:4
Number of co-authors:5



Co-authors

Number of publications with 3 favourite co-authors:

Rachna Dhamija:2
David Wagner:1
Chris Karlof:1

 

 

Productive colleagues

J. D. Tygar's 3 most productive colleagues in number of publications:

Marti A. Hearst:23
David Wagner:9
L. Jean Camp:8
 
 
 
May 20

The moment clients realize that revisions are not an all-you-can-eat buffet, suddenly they realize they are not hungry.

-- Lester Beall

 
 

Featured chapter

Read the fascinating history of Wearable Computing, told by its father, Steve Mann

Read Steve's chapter !

 
 

Help us help you!

 
 
 
 
About | Press kit / Media kit | Copyright/IP Policy | General Terms of Use / General Site Terms and Conditions | Privacy Policy

How to help | Site Map

RSS Subscribe through an RSS feed
 
.