Proceedings of the 2006 Symposium on Usable Privacy and Security
Time and place:
Topics of SOUPS include, but are not limited to; innovative security or privacy functionality and design, new applications of existing models or technology, field studies of security or privacy technology, usability evaluations of security or privacy features or security testing of usability features, and lessons learned from deploying and using usable privacy and security features.
The following articles are from "Proceedings of the 2006 Symposium on Usable Privacy and Security":
DeWitt, Alexander J. and Kuljis, Jasna (2006): Aligning usability and security: a usability study of Polaris. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 1-7. Available online
Security software is often difficult to use thus leading to poor adoption and degraded security. This paper describes a usability study that was conducted on the software 'Polaris'. This software is an alpha release that uses the Principle of Least Authority (POLA) to deny viruses the authority to edit files. Polaris was designed to align security with usability. The study showed that despite this aim, usability problems remained, especially when the study participants had to make security related decisions. They also showed apathy towards security, and knowingly compromised their security to get work done faster. This study also demonstrates the difficulty in achieving security and usability alignment when the usability is a post hoc consideration added to a developed product, rather than being integrated from the start. The alleviation of usability problems from security software proposed in this paper are threefold: reducing the burden on the user to make security related decisions, counteracting user's apathy by ensuring that the fast way of doing things is the secure way, and integrating security software with the operating system throughout development.
Wu, Min, Miller, Robert C. and Little, Greg (2006): Web wallet: preventing phishing attacks by revealing user intentions. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 102-113. Available online
We introduce a new anti-phishing solution, the Web Wallet. The Web Wallet is a browser sidebar which users can use to submit their sensitive information online. It detects phishing attacks by determining where users intend to submit their information and suggests an alternative safe path to their intended site if the current site does not match it. It integrates security questions into the user's workflow so that its protection cannot be ignored by the user. We conducted a user study on the Web Wallet prototype and found that the Web Wallet is a promising approach. In the study, it significantly decreased the
Karger, Paul A. (2006): Privacy and security threat analysis of the federal employee personal identity verification (PIV) program. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 114-121. Available online
This paper is a security and privacy threat analysis of new Federal Information Processing Standard for Personal Identity Verification (FIPS PUB 201). It identifies some problems with the standard, and it proposes solutions to those problems, using standardized cryptographic techniques that are based on the Internet Key Exchange (IKE) protocol . When the standard is viewed in the abstract, it seems to effectively provide security and privacy, because it uses strong cryptographic algorithms. However, when you examine the standard in the context of potential user scenarios regarding its use; security, privacy, and usability problems can be identified. User scenarios are employed to provide the context for the identification of these problems, and the technical solutions are described to address the issues raised.
Newman, Richard, Gavette, Sherman, Yonge, Larry and Anderson, Ross (2006): Protecting domestic power-line communications. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 122-132. Available online
In this paper we describe the protection goals and mechanisms in HomePlug AV, a next-generation power-line communications standard. This is a fascinating case-history in security usability. There are also novel protocol issues; interactions with mechanisms at other layers; and opportunities for both researchers and third-party vendors to build on the mechanisms provided. The central problem -- being sure whether a device being enrolled in the network is the device you think, not a similar one nearby -- is not well solved by conventional mechanisms such as public-key infrastructures, but appears to require either very old-fashioned or very novel approaches.
Gideon, Julia, Cranor, Lorrie, Egelman, Serge and Acquisti, Alessandro (2006): Power strips, prophylactics, and privacy, oh my!. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 133-144. Available online
The focus of our approach to the usability considerations of privacy and security has been on providing people with information they can use to understand the implications of their interactions with a system, as well as, to assess whether or not a system is secure enough for their immediate needs. To this end, we have been exploring two design principles for secure interaction: visualizing system activity and integrating configuration and action. Here we discuss the results of a user study designed as a broad formative examination of the successes and failures of an initial prototype based around these principles. Our response to the results of this study has been twofold. First, we have fixed a number of implementation and usability problems. Second, we have extended our visualizations to incorporate new considerations regarding the temporal and structural organization of interactions.
Cao, Xiang and Iverson, Lee (2006): Intentional access management: making access control usable for end-users. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 20-31. Available online
The usability of access control mechanisms in modern distributed systems has been widely criticized but little studied. In this paper, we carefully examine one such widely deployed access control mechanism, the one embedded in the WebDAV standard, from the point-of-view of an end-user trying to decide how to grant or deny access to some resource to a third party. This analysis points to problems with the conceptual usability of the system. Significant effort is required on the part of the user to determine how to implement the desired access rules; the user, however, has low interest and expertise in this task, given that such access management actions are almost always secondary to the collaborative task at hand. The analysis does however indicate a possible solution: to recast the access control puzzle as a decision support problem in which user intentions (i.e. the descriptions of desired system outputs) are interpreted by an access mediator that either automatically or semi-automatically decides how to achieve the designated goals and provides enough feedback to the user. We call such systems intentional access management (IAM) systems and describe them in both specific and general terms. To demonstrate the feasibility and usability of the proposed IAM models, we develop an intentional access management prototype for WebDAV. The results of a user study conducted on the system show its superior usability compared to traditional access management tools like the access control list editor.
Yee, Ka-Ping and Sitaker, Kragen (2006): Passpet: convenient password management and phishing protection. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 32-43. Available online
We describe Passpet, a tool that improves both the convenience and security of website logins through a combination of techniques. Password hashing helps users manage multiple accounts by turning a single memorized password into a different password for each account. User-assigned site labels (petnames) help users securely identify sites in the face of determined attempts at impersonation (phishing). Password-strengthening measures defend against dictionary attacks. Customizing the user interface defends against user-interface spoofing attacks. We propose new improvements to these techniques, discuss how they are integrated into a single tool, and compare Passpet to other solutions for managing passwords and preventing phishing.
Gaw, Shirley and Felten, Edward (2006): Password management strategies for online accounts. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 44-55. Available online
Given the widespread use of password authentication in online correspondence, subscription services, and shopping, there is growing concern about identity theft. When people reuse their passwords across multiple accounts, they increase their vulnerability; compromising one password can help an attacker take over several accounts. Our study of 49 undergraduates quantifies how many passwords they had and how often they reused these passwords. The majority of users had three or fewer passwords and passwords were reused twice. Furthermore, over time, password reuse rates increased because people accumulated more accounts but did not create more passwords. Users justified their habits. While they wanted to protect financial data and personal communication, reusing passwords made passwords easier to manage. Users visualized threats from human attackers, particularly viewing those close to them as the most motivated and able attackers; however, participants did not separate the human attackers from their potentially automated tools. They sometimes failed to realize that personalized passwords such as phone numbers can be cracked given a large enough dictionary and enough tries. We discuss how current systems support poor password practices. We also present potential changes in website authentication systems and password managers.
Tari, Furkan, Ozok, A. Ant and Holden, Stephen H. (2006): A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 56-66. Available online
Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased susceptibility of graphical passwords to shoulder-surfing. This appears to be yet another example of the classic trade-off between usability and security for authentication systems. This paper explores whether graphical passwords' increased memorability necessarily leads to risks of shoulder-surfing. To date, there are no studies examining the vulnerability of graphical versus alphanumeric passwords to shoulder-surfing. This paper examines the real and perceived vulnerability to shoulder-surfing of two configurations of a graphical password, Passfaces, compared to non-dictionary and dictionary passwords. A laboratory experiment with 20 participants asked them to try to shoulder surf the two configurations of Passfaces (mouse versus keyboard data entry) and strong and weak passwords. Data gathered included the vulnerability of the four authentication system configurations to shoulder-surfing and study participants' perceptions concerning the same vulnerability. An analysis of these data compared the relative vulnerability of each of the four configurations to shoulder-surfing and also compared study participants' real and perceived success in shoulder-surfing each of the configurations. Further analysis examined the relationship between study participants' real and perceived success in shoulder-surfing and determined whether there were significant differences in the vulnerability of the four authentication configurations to shoulder-surfing. Findings indicate that configuring data entry for Passfaces through a keyboard is the most effective deterrent to shoulder-surfing in a laboratory setting and the participants' perceptions were consistent with that result. While study participants believed that Passfaces with mouse data entry would be most vulnerable to shoulder-surfing attacks, the empirical results found that strong passwords were actually more vulnerable.
Kuo, Cynthia, Romanosky, Sasha and Cranor, Lorrie Faith (2006): Human selection of mnemonic phrase-based passwords. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 67-78. Available online
Textual passwords are often the only mechanism used to authenticate users of a networked system. Unfortunately, many passwords are easily guessed or cracked. In an attempt to strengthen passwords, some systems instruct users to create mnemonic phrase-based passwords. A mnemonic password is one where a user chooses a memorable phrase and uses a character (often the first letter) to represent each word in the phrase. In this paper, we hypothesize that users will select mnemonic phrases that are commonly available on the Internet, and that it is possible to build a dictionary to crack mnemonic phrase-based passwords. We conduct a survey to gather user-generated passwords. We show the majority of survey respondents based their mnemonic passwords on phrases that can be found on the Internet, and we generate a mnemonic password dictionary as a proof of concept. Our 400,000-entry dictionary cracked 4% of mnemonic passwords; in comparison, a standard dictionary with 1.2 million entries cracked 11% of control passwords. The user-generated mnemonic passwords were also slightly more resistant to brute force attacks than control passwords. These results suggest that mnemonic passwords may be appropriate for some uses today. However, mnemonic passwords could become more vulnerable in the future and should not be treated as a panacea.
Downs, Julie S., Holbrook, Mandy B. and Cranor, Lorrie Faith (2006): Decision strategies and susceptibility to phishing. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 79-90. Available online
Phishing emails are semantic attacks that con people into divulging sensitive information using techniques to make the user believe that information is being requested by a legitimate source. In order to develop tools that will be effective in combating these schemes, we first must know how and why people fall for them. This study reports preliminary analysis of interviews with 20 non-expert computer users to reveal their strategies and understand their decisions when encountering possibly suspicious emails. One of the reasons that people may be vulnerable to phishing schemes is that awareness of the risks is not linked to perceived vulnerability or to useful strategies in identifying phishing emails. Rather, our data suggest that people can manage the risks that they are most familiar with, but don't appear to extrapolate to be wary of unfamiliar risks. We explore several strategies that people use, with varying degrees of success, in evaluating emails and in making sense of warnings offered by browsers attempting to help users navigate the web.
Fu, Anthony Y., Deng, Xiaotie, Wenyin, Liu and Little, Greg (2006): The methodology and an application to fight against Unicode attacks. In: Proceedings of the 2006 Symposium on Usable Privacy and Security 2006. pp. 91-101. Available online
Unicode is becoming a dominant character representation format for information processing. This presents a very dangerous usability and security problem for many applications. The problem arises because many characters in the UCS (Universal Character Set) are visually and/or semantically similar to each other. This presents a mechanism for malicious people to carry out Unicode Attacks, which include spam attacks, phishing attacks, and web identity attacks. In this paper, we address the potential attacks, and propose a methodology for countering them. To evaluate the feasibility of our methodology, we construct a Unicode Character Similarity List (UC-SimList). We then implement a visual and semantic based edit distance (VSED), as well as a visual and semantic based Knuth-Morris-Pratt algorithm (VSKMP), to detect Unicode attacks. We develop a prototype Unicode attack detection tool, IDN-SecuChecker, which detects phishing weblinks and fake user name (account) attacks. We also introduce the possible practical use of Unicode attack detectors.
12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified 12 May 2008: Modified
Page maintainer: The Editorial Team