Publication statistics

Pub. period:1994-2009
Pub. count:4
Number of co-authors:5


Number of publications with 3 favourite co-authors:

David Wagner:
Chris Karlof:
L. Jean Camp:



Productive colleagues

J. D. Tygar's 3 most productive colleagues in number of publications:

Marti A. Hearst:23
David Wagner:9
L. Jean Camp:8

Upcoming Courses

go to course
Become a UX Designer from scratch
go to course
User Research - Methods and Best Practices
Starts the day after tomorrow !

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !


Our Latest Books

The Glossary of Human Computer Interaction
by Mads Soegaard and Rikke Friis Dam
start reading
The Social Design of Technical Systems: Building technologies for communities. 2nd Edition
by Brian Whitworth and Adnan Ahmad
start reading
Gamification at Work: Designing Engaging Business Software
by Janaki Mythily Kumar and Mario Herger
start reading
The Social Design of Technical Systems: Building technologies for communities
by Brian Whitworth and Adnan Ahmad
start reading
The Encyclopedia of Human-Computer Interaction, 2nd Ed.
by Mads Soegaard and Rikke Friis Dam
start reading

J. D. Tygar


Publications by J. D. Tygar (bibliography)

 what's this?
Edit | Del

Karlof, Chris, Tygar, J. D. and Wagner, David (2009): Conditioned-safe ceremonies and a user study of an application to web authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 38.

Edit | Del

Dhamija, Rachna, Tygar, J. D. and Hearst, Marti A. (2006): Why phishing works. In: Proceedings of ACM CHI 2006 Conference on Human Factors in Computing Systems 2006. pp. 581-590.

To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why. This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time. We also found that some visual deception attacks can fool even the most sophisticated users. These results illustrate that standard security indicators are not effective for a substantial fraction of users, and suggest that alternative approaches are needed.

© All rights reserved Dhamija et al. and/or ACM Press

Edit | Del

Dhamija, Rachna and Tygar, J. D. (2005): The battle against phishing: Dynamic Security Skins. In: Proceedings of the 2005 Symposium on Usable Privacy and Security 2005. pp. 77-88.

Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users. We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. We describe the design of an extension to the Mozilla Firefox browser that implements this scheme. We present two novel interaction techniques to prevent spoofing. First, our browser extension provides a trusted window in the browser dedicated to username and password entry. We use a photographic image to create a trusted path between the user and this window to prevent spoofing of the window and of the text entry fields. Second, our scheme allows the remote server to generate a unique abstract image for each user and each transaction. This image creates a "skin" that automatically customizes the browser window or the user interface elements in the content of a remote web page. Our extension allows the user's browser to independently compute the image that it expects to receive from the server. To authenticate content from the server, the user can visually verify that the images match. We contrast our work with existing anti-phishing proposals. In contrast to other proposals, our scheme places a very low burden on the user in terms of effort, memory and time. To authenticate himself, the user has to recognize only one image and remember one low entropy password, no matter how many servers he wishes to interact with. To authenticate content from an authenticated server, the user only needs to perform one visual matching operation to compare two images. Furthermore, it places a high burden of effort on an attacker to spoof customized security indicators.

© All rights reserved Dhamija and Tygar and/or ACM Press

Edit | Del

Camp, L. Jean and Tygar, J. D. (1994): Providing Auditing While Protecting Privacy. In The Information Society, 10 (1) .

Add publication
Show list on your website

Join our community and advance:




Join our community!

Page Information

Page maintainer: The Editorial Team