Global ETD Search

21	Pwm: A Secure Webmail System Designed for Easy Adoption Burgon, Benjamin W. 07 March 2014 (has links) (PDF) None of the three largest webmail service providers (serving over 1 billion users) support end-to-end message encryption. Encrypted email has never seen mass adoption because it is prohibitive for non-experts to use. Private WebMail (Pwm) is our extension to popular webmail systems that lets users easily encrypt sensitive messages without having to first contact the recipient and share information. It is designed to spread quickly in a grassroots fashion so that a user receiving their first encrypted message can quickly and easily start using the system. This thesis describes the design and implementation of Pwm, then measures its usability through analysis and a user study. secure email webmail end-to-end encryption usable security Computer Sciences
22	Browser-Based Manual Encryption Song, Yuanzheng 08 August 2014 (has links) (PDF) Billions of web-based email and chat messages are sent over the Internet every day. However, very few service providers support end-to-end privacy protection. While providing security for these messages is technically feasible, usability remains a challenge in this field. Recent research attempts to hide security details like key management and encryption in order to make the system more usable. However usability studies demonstrated that hiding these details may confuse the user and contribute to mistakes (e.g., sending out an email in plaintext when the user thought it would be encrypted). In an effort to increase trust and eliminate mistakes, this thesis presents the design of a browser-based manual encryption mechanism that supports automatic key-management and manual encryption. It also describes the Message Protector (MP) prototype. An evaluations of MP is presented based on a user study conducted on the campus of BYU. Usable security secure email manual encryption end-to-end encryption Computer Sciences
23	Usability and security of human-interactive security protocols Kainda, Ronald January 2011 (has links) We investigate the security and usability of Human-Interactive Security Protocols (HISPs); specifically, how digests of 4 or more digits can be compared between two or more sys- tems as conveniently as possible while ensuring that issues such as user complacency do not compromise security. We address the research question: given different association scenarios and modes of authentication in HISPs, how can we improve on existing, or design new, empirical channels that suit human and contextual needs to achieve acceptable effective security? We review the literature of HISPs, proposed empirical channels,and usability studies of HISPs; we follow by presenting the methodology of the research reported in this thesis. We then make a number of contributions discussing the effectiveness of empirical channels and address the design, analysis, and evaluation of these channels. In Chapter 4 we present a user study of pairwise device associations and discuss the factors affecting effective security of empirical channels in single-user scenarios. In Chapter 5 we present a user study of group device associations and discuss the factors affecting effective security of empirical channels in multi-user scenarios. In Chapter 7 we present a framework designed for researchers and system designers to reason about empirical channels in HISPs. The framework is grounded in experimental data, related research, and validated by experts. In Chapter 8 we present a methodology for analysing and evaluating the security and usability of HISPs. We validate the methodology by applying it in laboratory experiments of HISPs. Finally, in Chapter 6 we present a set of principles for designing secure and usable empirical channels. We demonstrate the effectiveness of these principles by proposing new empirical channels. 621.382
24	Usable Firewall Rule Sets Voronkov, Artem January 2017 (has links) Correct functioning is the most important requirement for any system. Nowadays there are a lot of threats to computer systems that undermine confidence in them and, as a result, force a user to abandon their use. Hence, a system cannot be trusted if there is no proper security provided. Firewalls are an essential component of network security and there is an obvious need for their use. The level of security provided by a firewall depends on how well it is configured. Thus, to ensure the proper level of network security, it is necessary to have properly configured firewalls. However, setting up the firewall correctly is a very challenging task. These configuration files might be hard to understand even for system administrators. This is due to the fact that these configuration files have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is being added to the set, and a proper position, where to place it, needs to be found. Misconfiguration might sooner or later be made and that will lead to an inappropriate system's security. This brings us to the usability problem associated with the configuration of firewalls. The overall aim of this thesis is to identify existing firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conducted a series of interviews with system administrators. In the interviews, system administrators were asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we turned to literature to get an understanding on the state-of-the-art of the field and therefore conducted a systematic literature review. This review presents a classification of available solutions and identifies open challenges in this area. To achieve the second part of the objective, we started working on one identified challenge. A set of usability metrics was proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability was identified. / Network security is an important aspect that must be taken into account. Firewalls are systems that are used to make sure that authorized network traffic is allowed and unauthorized traffic is prohibited. However, setting up a firewall correctly is a challenging task. Their configuration files might be hard to understand even for system administrators. The overall aim of this thesis is to identify firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conduct a series of interviews with system administrators. In the interviews, system administrators are asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we conduct a systematic literature review to get an understanding on the state of the art of the field. This review classifies available solutions and identifies open challenges. To achieve the second part of the objective, a set of usability metrics is proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability is identified. / HITS, 4707 Network Security Usable Security Firewall Configuration Systematic Literature Review Usability Metrics User Studies Computer Sciences Datavetenskap (datalogi)
25	Usable, Secure Content-Based Encryption on the Web Ruoti, Scott 01 July 2016 (has links) Users share private information on the web through a variety of applications, such as email, instant messaging, social media, and document sharing. Unfortunately, recent revelations have shown that not only is users' data at risk from hackers and malicious insiders, but also from government surveillance. This state of affairs motivates the need for users to be able to encrypt their online data.In this dissertation, we explore how to help users encrypt their online data, with a special focus on securing email. First, we explore the design principles that are necessary to create usable, secure email. As part of this exploration, we conduct eight usability studies of eleven different secure email tools including a total of 347 participants. Second, we develop a novel, paired-participant methodology that allows us to test whether a given secure email system can be adopted in a grassroots fashion. Third, we apply our discovered design principles to PGP-based secure email, and demonstrate that these principles are sufficient to create the first PGP-based system that is usable by novices. We have also begun applying the lessons learned from our secure email research more generally to content-based encryption on the web. As part of this effort, we develop MessageGuard, a platform for accelerating research into usable, content-based encryption. Using MessageGuard, we build and evaluate Private Facebook Chat (PFC), a secure instant messaging system that integrates with Facebook Chat. Results from our usability analysis of PFC provided initial evidence that our design principles are also important components to usable, content-based encryption on the Web. Security HCI Usable security Content-based encryption Secure email Webmail End-to-end encryption user study Computer Sciences
26	Addressing ambiguity within information security policies in higher education to improve compliance Buthelezi, Mokateko Portia 06 1900 (has links) nformation security (InfoSec) policies are widely used by institutions as a form of InfoSec control measure to protect their information assets. InfoSec policies are commonly documented in natural language, which is prone to ambiguity and misinterpretation, thereby making it hard, if not impossible, for users to comply with. These misinterpretations may lead the students or staff members to wrongfully execute the required actions, thereby making institutions vulnerable to InfoSec attacks. According to the literature review conducted in this work, InfoSec policy documents are often not followed or complied with; and the key issues facing InfoSec policy compliance include the lack of management support for InfoSec, organisational cultures of non-compliance, intentional and unintentional policy violation by employees (the insider threat), lack of policy awareness and training as well as the policy being unclear or ambiguous. This study is set in the higher education context and explores the extent to which the non-compliance problem is embedded within the policy documents themselves being affected by ambiguity. A qualitative method with a case study research strategy was followed in the research, in the form of an inductive approach with a cross-sectional time horizon, whereby a selection case of relevant institutional InfoSec policies were analysed. The data was collected in the form of academic literature and InfoSec policies of higher education institutions to derive themes for data analysis. A qualitative content analysis was performed on the policies, which identified ambiguity problems in the data. The findings indicated the presence of ambiguity within the policy documents, making it possible to misinterpret some of the policy statements. Formal methods were explored as a possible solution to the policy ambiguity. A framework was then proposed to address ambiguity and improve on the clarity of the semantics of policy statements. The framework can be used by policy writers in paying attention to the presence of ambiguity in their policies and address these when drafting or revising their policy documents. / School of Computing / M. Sc.(Computing) Formal methods Policy ambiguity Usable security Policy clarity Policy human aspects Security policy compliance Information policy Information society Universities and colleges
27	Enhancing security risk awareness in end-users via affective feedback Shepherd, Lynsay A. January 2016 (has links) Background: Risky security behaviour displayed by end-users has the potential to leave devices vulnerable to compromise, despite the availability of security tools designed to aid users in defending themselves against potential online threats. This indicates a need to modify the behaviour of end-users, allowing them to consider the security implications of their actions online. Previous research has indicated affective feedback may serve as a successful method of educating users about risky security behaviours. Thus, by influencing end-users via affective feedback it may be possible to engage users, improving their security awareness. Aims: Develop and apply knowledge of monitoring techniques and affective feedback, establishing if this changes users’ awareness of risky security behaviour in the context of a browser-based environment. Methodology: The methodology employs the use of log files derived from the monitoring solution, and information provided by users during the experiments. Questionnaire data was compared against log files and information provided during experiments, providing an overall quantitative approach. Results: In the case of the log files and questionnaires, participants were found to have engaged in instances of risky security behaviours, which they were unaware of, and this indicated a low-level of awareness of risky security behaviour. Whilst the results indicate the affective feedback did not make a difference to behaviour during the course of the experiments, participants felt that the affective feedback delivered had an impact, raising their security awareness, encouraging them to learn about online security. Conclusions: This body of research has made a novel contribution to the field of affective feedback and usable security. Whilst the results indicate the affective feedback made no difference to behaviour, users felt it had an impact on them, persuading them to consider their security behaviours online, and encouraging them to increase their knowledge of risky security behaviours. The research highlights the potential application of affective feedback in the field of usable security. Future work seeks to explore different ways in which affective feedback can be positioned on-screen, and how feedback can be tailored to target specific groups, such as children, or elderly people, with the aim of raising security awareness.
28	Towards Seamless and Secure Mobile Authentication January 2014 (has links) abstract: With the rise of mobile technology, the personal lives and sensitive information of everyday citizens are carried about without a thought to the risks involved. Despite this high possibility of harm, many fail to use simple security to protect themselves because they feel the benefits of securing their devices do not outweigh the cost to usability. The main issue is that beyond initial authentication, sessions are maintained using optional timeout mechanisms where a session will end if a user is inactive for a period of time. This interruption-based form of continuous authentication requires constant user intervention leading to frustration, which discourages its use. No solution currently exists that provides an implementation beyond the insecure and low usability of simple timeout and re-authentication. This work identifies the flaws of current mobile authentication techniques and provides a new solution that is not limiting to the user, has a system for secure, active continuous authentication, and increases the usability and security over current methods. / Dissertation/Thesis / Masters Thesis Computer Science 2014 Computer science continuous mobile authentication evaluation framework mobile computing mobile device security physical smart key usable security
29	Usable Security and Privacy for Secure Messaging Applications Vaziripour, Elham 01 December 2018 (has links) The threat of government and corporate surveillance around the world, as well as the publicity surrounding major cybersecurity attacks, have increased interest in secure and private end-to-end communications. In response to this demand, numerous secure messaging applications have been developed in recent years. These applications have been welcomed and publically used not just by political activists and journalists but by everyday users as well. Most of these popular secure messaging applications are usable because they hide many of the details of how encryption is provided. The strength of the security properties of these applications relies on the authentication ceremony, wherein users validate the keys being used for encryption that is exchanged through the service providers. The validation process typically involves verifying the fingerprints of encryption keys to protect the communication from being intercepted.In this dissertation, we explore how to help users enhance the privacy of their communica- tions, with a particular focus on secure messaging applications. First, we explore whether secure messaging applications are meeting the security and privacy needs of their users, especially in countries that practice censorship and restrict civil liberties, including blocking access to social media and communication applications. Second, we studied existing popular secure messaging applications to explore how users interact with these applications and how well they are using the authentication ceremony during lab studies. Third, we applied design principles to improve the interfaces for the authentication ceremony, and also to help users find and perform the authentication ceremony faster. Forth, we applied the lessons from our interviews with participants in our user studies to help users comprehend the importance of authentication. As part of the effort, we developed an authentication ceremony using social media accounts to map key fingerprints to social features, pushing the ceremony to a more natural domain for users. We modified the Signal secure messaging application to include this social authentication ceremony and used a user study to compare this method to other common methods. We found that social authentication has some promising features, but that social media companies are too distrusted by users. Based on our results, we make several recommendations to improve the use of security and privacy features in secure messaging applications and outline areas for future work. Security HCI Authentication Ceremony Usable Security User Study End-to-End Encryption Secure Messaging Applications Computer Sciences
30	SSASy: A Self-Sovereign Authentication Scheme Manzi, Olivier January 2023 (has links) Amidst the wild west of user authentication, this study introduces a new sheriff in town: the Self-Sovereign Authentication Scheme (SSASy). Traditional authentication methods, like passwords, are often fraught with usability and security concerns, leading users to find workaround ways that compromise the intended security. Federated Identities (FI) offer a convenient alternative, yet, they infringe on users' sovereignty over their identity and lead to privacy concerns. To address these challenges, this study proposes SSASy, which leverages cryptography and browser technology to provide a sovereign, usable, and secure alternative to the existing user authentication schemes. The proposal, which is a proof-of-concept, is comprised of a core library, which provides the authentication protocol to developers, and a browser extension that simplifies the authentication process for users. SSASy is available as an open-source project on GitHub for practical demonstration on multiple browser stores, bringing our theoretical study into the realm of tangible, real-world application. SSASy is evaluated and compared to existing authentication schemes using the "Usability-Deployability-Security" (UDS) framework. The results demonstrate that, although other authentication schemes may excel in a specific dimension, SSASy delivers a more balanced performance across the three dimensions which makes it a promising alternative. Authentication Usable Security Federated Identity Self-Sovereign Identity Self-Sovereign Authentication Natural Sciences Naturvetenskap Computer and Information Sciences Data- och informationsvetenskap

Search results