Human Aspects of Information Security, Privacy, and Trust

This paper presents an authentication system that uses brain waves as a biometric discriminant trait. It utilizes Electroencephalogram (EEG) signals generated from mental writing of the user-owned password. Independent Component Analysis (ICA) and baseline correction has been used for preprocessing and noise removal. The effect of two types of features, multivariate autoregressive (MVAR) model parameters and power spectral density (PSD) features, have been studied for this activity. Performance results based on single trial analysis have revealed that imagined password writing can reach average Half Total Error Rate (HTER) of 5 % for PSD features vs 3 % obtained with MVAR coefficients. The experiments have shown that mental password writing can be used for increasing the user acceptance for enrollment conditions while maintaining high performance results.

The Leap Motion controller is a consumer gesture sensor aimed to augment a user’s interactive experience with their computer. Using infrared sensors, it is able to collect data about the position and motions of a user’s hands. This data allows the Leap to be used as an authentication device. This study explores the possibility of performing both login as well as continuous authentication using the Leap Motion device. The work includes classification of static data gathered by the Leap Motion using trained classifiers, with over 99 % accuracy. In addition, data was recorded from the users while utilizing the Leap Motion to read and navigate through Wikipedia pages. A template was created using the user attributes that were found to have the highest merit. The algorithm found when matching the template to the users newly collected data, the authentication provided an accuracy of over 98 %, and an equal error rate of 0.8 % even for a small number of attributes. This study demonstrates that the Leap Motion can indeed by used successfully to both authenticate users at login as well as while performing continuous activities. As the Leap Motion is an inexpensive device, this raises the potential of using its data in the future for authentication instead of traditional keyboard passwords.

Over the last decade, the popularity of graphical passwords has increased tremendously. They can now be found on various devices and systems, including platforms such as the Windows 8 and Android operating systems. In this paper, we focus on the PassPoints graphical-password scheme and investigate the extent to which these passwords might be predicted based on knowledge of the individual (e.g., their age, gender, education, learning style). We are particularly interested in understanding whether graphical passwords may suffer the same weaknesses as textual passwords, which are often strongly correlated with an individual using memorable information (such as the individuals spouses, pets, preferred sports teams, children, and so on). This paper also introduces a novel metric for graphical-password strength to provide feedback to an individual without the requirement of knowing the image or having password statistics a priori.

Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini’s principles of influence, Gragg’s psychological triggers, and Stajano

et al.

principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.

In this paper, we propose “Chimera CAPTCHA” that requests users to select only a

chimera object

, merged from two 3D objects, in a question image, which consists of some 3D objects and the chimera object. The Chimera CAPTCHA is easy for humans to solve because chimera objects, whose appearance are different from ones judged by common sense, cause a feeling of strangeness. Usability survey suggests that the correct response rate is 90.5 % and the average response time is about 5.7 s. In addition, the CAPTCHA system is able to generate questions countlessly and easily by using 3DCG technologies. We also describe threats to its security.

The current work examines the effects of password permutation on subjective usability across platforms, using system-generated passwords that adhere to the password requirements found in higher-security enterprise environments. This research builds upon a series of studies at the National Institute of Standards and Technology by testing a previously proposed idea of password permutation: grouping like character classes together in order to improve password usability. Password permutation improves mobile device entry by reducing the number of keystrokes required to enter numbers and symbols. Across platforms (smartphone, tablet, and desktop computer) participants rated the longer (length 14) permuted passwords as easier to type than the shorter (length 10) non-permuted passwords. This demonstrates that the composition and structure of a password are important; people are sensitive to factors beyond simple password length. By combining qualitative and quantitative research, we will ultimately arrive at a more complete understanding of how password construction impacts usability.

The security and usability issues associated with passwords have encouraged the development of a plethora of alternative authentication schemes. These aim to provide stronger and/or more usable authentication, but it is hard for the developers to anticipate how users will perform with and react to such schemes. We present a case study of a one-time password entry method called the Vernitski Authentication Grid (VAG), which requires users to enter their password in pairs of characters by finding where the row and the column containing the characters intersect and entering the character from this intersection. We conducted a laboratory user evaluation (

n

= 36) and found that authentication took 88.6 s on average, with login times decreasing with practice. Participants were faster authenticating on a tablet than on a PC. Overall, participants found using the grid complex and time-consuming. Their stated willingness to use it depended on the context of use, with most participants considering it suitable for accessing infrequently used and high-stakes accounts and systems. While using the grid, 31 out of 36 participants pointed at the characters, rows and columns with their fingers or mouse, which undermines the shoulder-surfing protection that the VAG is meant to offer. Our results demonstrate there cannot be a one-size-fits-all replacement for passwords – usability and security can only be achieved through schemes designed to fit a specific context of use.

The generation stage of the user password management lifecycle is arguably the most important yet perilous step. Fulfilling minimum length and character type requirements while attempting to create something memorable can become an arduous task, leaving the users frustrated and confused. Our study focuses on two areas – password requirements and formatting – and examines the differences in user performance to understand the human password generation space. The results show a clear drop in performance when users generate passwords following a complex rule set as opposed to a simple rule set, with fewer passwords, more errors, and longer times for rule comprehension and password generation. Better formatted presentation helps reduce cognitive load in reading complex password rules and facilitates comprehension. Findings from this study will contribute to a better understanding of the user password generation stage and shed light on future development of password policies balancing security and usability.

Password management is a ubiquitous struggle of the modern human. Despite usability playing a vital role in authentication, many password policies and requirements focus on security without sufficient consideration of human factors. In fact, security and usability needs are often in contention. Until an improved authentication method beyond character input is implemented on a large scale, developing new methodologies for balancing competing requirements is vital.

This research project focused on building a data visualization tool to explore password usability and security metrics. The visualization tool integrates various measurements of passwords, enabling exploration of the intersection of their usability and security components. The tool is based on insight from previously gathered data from usability studies conducted at the United States National Institute of Standards and Technology. It also leverages web technologies to flexibly display data sets computed from sets of passwords. The tool is available at

https://github.com/usnistgov/DataVis

.

Older adults in the US are the fastest-growing demographic group, and also the fastest-growing group of internet users [

1

]. Many computer related tasks, such as user authentication, could be a challenge for the seniors as their cognitive and physical capabilities decline. To date, the most commonly used authentication method is alphanumeric passwords, which have substantial challenges regarding security and usability [

2

]. Authentication using traditional alphanumeric passwords can be particularly problematic for the seniors because secure passwords are usually hard to remember [

3

]. Therefore, due to memory loss, one common problem associated with aging, the traditional alphanumeric passwords could be challenging for the seniors to recall and manage. To address this challenge, we developed a gesture-based password application as an alternative to the traditional alphanumeric passwords [

4

]. Preliminary studies suggest that users could learn the new password method in fairly short amount of time [

5

]. In this paper, we report an empirical user study to investigate how the seniors interact with the gesture password application.

Password policies – documents which regulate how users must create, manage, and change their passwords – can have complex and unforeseen consequences on organizational security. Since these policies regulate user behavior, users must be clear as to what is expected of them. Unfortunately, current policies are written in language that is often ambiguous. To tackle ambiguity, we previously developed a formal language for stating what behavior is and is not allowed regarding password management. Unfortunately, manual translation of the policy to this formal language is time consuming and error prone. This work focuses on providing an interface for policy users to generate accurate models of their interpretations of a password policy. This will aid password policy research, formalization, and ultimately more usable password policies. This paper describes the requirements, design, high-level application features, application validation, user testing, and includes a discussion of how this work is expected to progress.

There has been a renewed interest in secure authentication of students in online examinations. Online examinations are important and high stake assets in the context of remote online learning. The logistical challenges and absence of live invigilation in remote un-supervised online examination makes the identification and authentication process extremely difficult. The authors implemented pre-defined text-based challenge questions for student authentication in online examination using a Profile Based Authentication Framework (PBAF) approach. The pre-defined questions require students to register their answers, which causes distraction and usability challenges. In this study, a non-invasive activity-based learning journey questions approach was implemented combined with the image-based questions, using the PBAF approach. Findings of the study shows significant difference in the efficiency of activity-based and image-based questions during the learning process (p < 0.01). There was no significant difference in the accuracy of multiple-choice image-based and activity-based questions (p > 0.01). There was a significant difference in the accuracy of activity-based questions and activity-date questions (p < 0.01).

Cyber security operators use Security Information and Event Management systems to process and summarize the huge amount of heterogeneous logs and alerts. However, these systems do not give to the operator a concise view of the attack status or context, a mandatory feature to understand and remediate properly a threat. Moreover, the number of alerts to analyze for a single information system is high, and thus requires to be split into several levels of responsibility distributed among several operators. This layered security monitoring implies a decision problem as well as an automation problem tackled in this paper with the support of an attack graph-based feature. An attack graph is a risk assessment model that accurately describes, in a concise way, the threats on an information system. In this article, we describe how an attack graph can be used for pattern searching and fusion algorithms, in order to add context to the alerts. We also present recommendations for designing future interactive application based on adjustable fusion and a risk assessment model, for cyber security monitoring.

Our aim is to understand how information security awareness (ISA) programs affect the intention of employees for compliant information security behavior. We draw on Protection Motivation Theory (PMT) to uncover indirect influences of ISA programs, and seek to identify the extent to which intention translates into actual compliance is contingent on monitoring. Based on partial least squares structural equation modeling analysis of 183 survey responses consisting of German bank employees, we find strong empirical evidence for the importance of ISA programs, protection motivation and monitoring. While ISA programs effectively change how employees cope with and assess security threats, only coping appraisal is an important condition for the positive behavioral effects of such programs to occur. However, ISA programs may cause a false sense of security, as vulnerability perceptions are reduced by consuming ISA programs but not affecting intentions for compliant security behavior. Perceived monitoring strengthens this confirmed intention-behavior link.

Smart environments integrate Information and Communication Technologies (ICT) into devices, vehicles, buildings and cities to offer an increased quality of life, energy efficiency and economical sustainability. In this perspective, the individual has a core role and so has networking, which enables such entities to cooperate. However, the huge amount of sensitive data, social aspects and the mixed set of protocols offer many opportunities to inject hazards, exfiltrate information, mass profiling of citizens, or produce a new wave of attacks. This work reviews the major risks arising from the usage of ICT-techniques for smart environments, with emphasis on networking. Its main contribution is to explain the role of different stakeholders for causing a lack of security and to envision future threats by considering human aspects.

Malicious insider threats are difficult to detect and to mitigate. Many approaches for explaining behaviour exist, but there is little work to relate them to formal approaches to insider threat detection. In this work we present a general formal framework to perform analysis for malicious insider threats, based on probabilistic modelling, verification, and synthesis techniques. The framework first identifies insiders’ intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking.

This paper introduces the KYPO – a cloud-based virtual environment faithfully simulating real networks and enabling users to study cyber attacks as well as to train users in isolated and controlled environment. Particularly, the paper focuses on the user environment and visualizations, providing views and interactions improving the understanding of processes emerged during experiments. Web user interface of the KYPO system supports several collaboration modes enabling the participants to experiment and replay different types of security related tasks.

Previously, the current authors (Hopkins et al.

2015

) described research in which subjects provided a tool that facilitated their construction of a narrative account of events performed better in conducting cyber security forensic analysis. The narrative tool offered several distinct features. In the current paper, an analysis is reported that considered which features of the tool contributed to superior performance. This analysis revealed two features that accounted for a statistically significant portion of the variance in performance. The first feature provided a mechanism for subjects to identify suspected perpetrators of the crimes and their motives. The second feature involved the ability to create an annotated visuospatial diagram of clues regarding the crimes and their relationships to one another. Based on these results, guidance may be provided for the development of software tools meant to aid cyber security professionals in conducting forensic analysis.

The entire world faces various threats, with a significantly increasing rate. These threats are associated with international terrorism, natural catastrophes, power cuts due to cyber-attacks etc. Without doubt there is a need that an industrial or critical infrastructure should be prepared to face such threats. There exist several methodologies which give guidelines on how to organize and implement an exercise to address these threats at various time instances. After a short description of some of these methodologies, this paper investigates whether they are compliant with the standard ISO. Also, this paper proposes appropriate changes in order for these methodologies to be compliant with the standard and, thus, to become more effective.

The goal of the paper is to describe the main results of a European research project, namely CYSM, (The authors serve as technical managers of the CYSM project.) which is oriented to address the security and safety requirements of the commercial ports’ Critical Information Infrastructures (CII). It aims to introduce an integrated security management system (for port operators) enabling asset modelling, risk analysis, anticipation/management of attacks, as well as stakeholders’ collaboration. The proposed system helps port to identify, assess and treat their security and safety problems in an efficient, harmonized and unified manner.

Information Security professionals have been attempting to convince senior management for many years that humans represent a major risk to the security of an organization’s computer systems and the information that these systems process. This major threat relates to the behavior of employees whilst they are using a computer at work. This paper examines the non-malicious computer-based behavior and how it is influenced by a mixture of individual, organizational and interventional factors. The specific factors reported herein include an employee’s age; education level; ability to control impulsivity; familiarity with computers; and personality. This research utilized the Qualtrics online web-based survey software to develop and distribute a questionnaire that resulted in 500 valid responses. The major conclusions of this research are that an employee’s accidental-naive behavior is likely to be less risky if they are more conscientious; older; more agreeable; less impulsive; more open; and, surprisingly, less familiar with computers.

Revelations that the United States’ National Security Agency implemented a global surveillance programme with the help of its allies have drawn increased attention to pervasive monitoring activities in general. With the Internet Engineering Task Force characterising pervasive monitoring as an advanced persistent threat, the possibility of modelling pervasive monitoring as a threat activity has been raised. This paper proposes that pervasive monitoring can be considered an insider threat, with private or state actors using legitimate network functions and credentials to exfiltrate the data of governments, corporations, and end-users. The insider threat model put forth by Nurse

et al.

is examined and adapted with the help of pervasive monitoring case studies.

The present paper examines quality aspects of models created by stakeholders to identify blind spots in information systems security risk management (ISSRM) processes via a multi-method research study at the organizational level. Stakeholders were interviewed to gain an understanding of their awareness of business processes, models of the information system (IS), and related security requirements in the context of an ongoing ISSRM process. During several modeling sessions, stakeholders were asked to model various aspects of the IS under investigation in the form of component, activity and business process diagrams. We then analyzed the created models qualitatively and linked identified inconsistencies to security issues omitted during the ISSRM process (blind spots). The findings indicate that various quality aspects of models created by stakeholders that describe either the IS or related business processes can contribute to an improved ISSRM process, better alignment to the business environment and improved elicitation of security requirements. Following current research that considers users as the most important resource in ISSRM, this study highlights the importance of using and analyzing model diagrams from appropriate stakeholders at the right time during the ISSRM process to identify potential blind spots and avoid unclarity, that might be introduced by verbal communication. The research provides risk managers with a process for identifying blind spots to improve results and reduce overhead.

We live in a world where the flow of electronic information and communication has become a ubiquitous part of our everyday life. While our lives are enhanced in many ways, we also experience a myriad of challenges especially to our privacy and security. Survey data shows that the majority of people are ‘very concerned’ about privacy and security but that they don’t always act in ways to protect their privacy. Our goal was to explore how participants understand and experience privacy and security as they engage in online activities. To that end we used a qualitative approach to understand the participants’ mental models of online privacy and security. The data from our 40 interviews show that users have multiple mental models that guide their understanding of and experience with privacy and security. These mental models not only operate simultaneously but are rarely fully formed and often contradict each other.

This paper aims to unravel the intricacies of the mechanisms of trust vis-à-vis ICTs and the contextual logic guiding user deployment and experience, necessitating a view of trust in the digital realm as a dynamic process. Trust models tend to highlight ‘well-placed trust’ in their focus on drawing out (sub)components of (perceived) trustworthiness as attributes of the trusted system or party from the trustor’s stance. However, less attention has been given to the trustworthy attributes, or behavior of the trusted actor. Therefore, this paper sets out to explore this linkage between ICTs and different trust-related user experiences guided by different sets of trustor attributes. In order to explore the conceptual dynamics, a two-step approach is deployed. On the basis of empirical data attention is drawn to trust levels and user segments. Preliminary insights are yielded into the trustors’ segmentation validity and trust estimation accuracy by performing a small-scale experiment in the context of a fictitious online security service.

The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone user’s data from unauthorized physical access. We conducted a survey to measure their adoption and the reasons behind users’ selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access.

Organizations establish policies on how employees should generate, maintain, and use passwords to authenticate and gain access to the organization’s information systems. This paper focuses on employees’ attitudes towards organizational password policies and examines the impacts on their work-related password activities that have security implications. We conducted a large-scale survey (4,573 respondents) to investigate the relationships between the organizational password policies and employees’ password behaviors. The key finding of this study is that employees’ attitudes toward the rationale behind cybersecurity policies are statistically significant with their password behaviors and experiences. Positive attitudes are related to more secure behaviors such as choosing stronger passwords and writing down passwords less often, less frustration with authentication procedures, and better understanding and respecting the significance to protect passwords and system security. We propose future research to promote positive employees’ attitudes toward organizational security policy that could facilitate the balance between security and usability.

The growth of the Internet as a means of communication has sparked a need for researchers to investigate the issues surrounding different social behaviors associated with Internet use. Of particular interest is the importance of a user’s perception of anonymity. The independent variables for the study were demographic information, social networking habits and prior negative experience. The dependent variable for this study was perception of online anonymity. Data for this analysis were taken from the Pew Research Center’s Internet & American Life Project’s July 2013 Pew Internet Anonymity Survey. A binomial logistic regression analysis was performed to predict perception of anonymity on the Web. Results indicated that gender, income level, education level, social networking habits and compromised identity are significant in predicting one’s perception of anonymity on the web. Age and prior negative experience were not significant predictors. Differences in technological proficiency and access to the web are two factors believed to have contributed to these results, particularly those related to demographics. The findings from this research could be used to help target demographics with the education and support needed to protect their identity on the web. This study also offers insight about who are more likely to attempt to use the web anonymously and will help further identify the patterns of behavior associated with anonymous web use. This paper calls for further studies to analyze to what extent do the opinions and experiences of friends and relatives impact an individual’s perception of anonymity.

We study whether the padlock and the signal strength bars, two visual cues shown in network managers, convey their intended messages. Since users often choose insecure networks when they should not, finding the answer is not obvious; in our study we clarify whether the problem lies in uninformative and ambiguous cues or in the user who, despite understanding the cues, chooses otherwise. This paper describes experiments and comments the results that bring evidence to our study.

Developing software products which align security and usability to make a synergistic relationship between security and usability is an engineering process that starts from the first phase of the Software Development Life-Cycle (SDLC), and continues through the rest of the phases: design, construction, and testing. However, a summative evaluation of such a process must be done after the software product is completely developed with careful attention to measuring the alignment between security and usability (i.e.: usable-security), and integrating such alignment properly within the SDLC. Therefore, this paper proposes a usable-security measuring matrix that provides a summative evaluation of the whole process of applying usable-security on software products.

Privacy is a well-documented issued for users of social networks were observable behaviour does not appear to match stated levels of concern. Given that the User Interface (UI) is the environment with which users react to, it would appear to be ideally placed to address the potential causes of poor privacy. This paper looks at the use of the Theory of Planned Behaviour and its Behavioral Attitude aspect to examine how users could be reminded or informed of the behavioral consequences of information disclosure. A series of “Privacy Lights” are presented that aim to highlight the potential sensitivity of data items. An experiment explores the effect of these lights on participants who are asked to register to a new social network by answering a series of questions of varying sensitivity. Exposure to the lights in the treatment group resulted in significantly less disclosure than the control suggesting that simple UI additions can be utilized to address the privacy problem.

Service providers face the ever-increasing problem of meeting customer expectations while maximizing profits. This optimal balance is very important for delivering better service quality to users and keeping costs under control through efficient resource allocation. In this paper we suggest optimal strategies for managing system trustworthiness in two different contexts. In the first one the provider has limited information about the users’ trustworthiness preferences, which have to be satisfied on every transaction. In the second context, the provider knows what the effect of possible outcomes on customer’s trust level and, given that the customer will perform a certain number of transactions, would like to know whether the system trustworthiness should be managed at any point in time in order to meet customer’s expectations in a cost-effective way. The optimality of the proposed strategies is demonstrated via both analytical techniques and simulations.

Many corporations and organizations support a Bring Your Own Device (BYOD) policy, which allows employees to use their personal smartphones for work-related purposes. Access to proprietary company data and information from an employee’s smartphone raises serious privacy and security concerns. Companies are vulnerable to data breaches if employees are unable to discern which applications are safe to install. Situating privacy requirements ought to encourage safer application install decisions and decrease risker ones. This study examines the use of context-relevant warning messages, which alert employees to be cautious when the company’s BYOD policy may be violated. We also explore the impact of presenting permission requirements before and after making the install decision. We provide evidence that the presence of warnings, despite the timing of when they were presented, facilitated a lower number of risky installations. In situations when it was safe to install an application, warning messages presented before the install decision drastically encouraged installations compared to when there were no warnings. Interestingly, the opposite pattern was found when warning messages were presented after the decision. Overall, better privacy and security decisions will be made if permission requirements are displayed with relevant warning messages. In addition, safe installations will be encouraged through the placement of these meaningful warnings on the description page of a mobile application before a user has decided to install it.

In this paper, we investigated the definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems, which may be very useful for identifying the malicious apps from ’normal’ apps. We also investigated the injection technology, service binding, and service proxy in Android system, which are widely used by normal apps to steal privacy information. A real-time monitoring system (app) is developed on Android system to monitor potential privacy data abuse. The app is able to monitor permission requests for all installed apps as well as analyse the potential privacy abuse behaviors.

When users face problems while using social systems, they tend to expose these problems in the own system, by asking their contacts for solutions. The other users, in turn, interact differently with certain types of content. In this study, we conducted an experiment with 52 postings of Facebook users in order to investigate the user interaction regarding postings about system problems. The results show that most users interact by providing help and solutions.

Visualising data is an important part of the forensic analysis process. Many cell phone forensic tools have specialised visualisation components, but are as of yet able to tackle questions concerning the broad spectrum of social media communication sources. Visualisation tools tend to be stove-piped, it is difficult to take information seen in one visualisation tool and obtain a different perspective in another tool. If an interesting relationship is observed, needing to be explored in more depth, the process has to be reiterated by manually generating a subset of the data, converting it into the correct format, and invoking the new application. This paper describes a cloud-based data storage architecture and a set of interactive visualisation tools developed to allow for a more straightforward exploratory analysis. This approach developed in this tool suite is demonstrated using a case study consisting of social media data extracted from two mobile devices.

Mobile application (app) stores are a critical source of information about risk in an uncertain environment. App stores ought to assess and communicate the risk associated with an installation so that users are discouraged from installing risky or harmful apps in app stores. However, only a limited number of studies offer designers information about how to communicate risk effectively. We focused on the user’s trust associated with security information stemming from crowd-sourced evaluations compared to those generated from an automated system. Both of these sources of security information are pervasively used to indicate possible risk associated with an app. We investigated whether biases exist for a particular source of information given similar amount of security information being available. We found that participants preferred to install apps rated by automation to those rated by humans despite equivalence in stated risk. Further, we found evidence of a gender difference in trust in automation.

When a user enters a personal identification number (PIN) into an automated teller machine or a point of sale terminal, there is a risk of some one watching from behind, trying to guess the PIN code. Such shoulder-surfing is a major security threat. In order to overcome this problem different PIN entry methods have been suggested. In this regard, gaze interaction methods are receiving attention in recent years, owing to the lowering cost of eye tracking technology. In this paper, we present SafetyPIN - an eye tracking based PIN entry system - which is aimed at making the PIN entry more secure with the help of an eye tracking device. We discuss the implementation and the initial evaluation of this system.

A significant volume of security breaches occur as a result of the human aspects and it is consequently important for these to be given attention alongside technical aspects. Many breaches occur due to human error. Researchers have argued that security culture stimulates appropriate employees’ security behavior towards adherence and therefore developing a culture of security can contribute in minimizing or avoiding security breaches. Although, research on the concept of security culture has received little attention this paper aims to address the security culture concept, and it’s relation to the national culture. Specifically, it is largely hypothesized that cultivating security culture can have a positive effect on employees’ security compliance. The purpose of this paper is to identify variables that influence cultivating a security culture. In order to do so, a comprehensive literature review has been conducted. The outcome of the literature analysis has identified potential variables that influence security culture (e.g. top management support, information security behavior, and awareness), and the paper subsequently outlines a framework for modeling security culture that indicates the relationship between these variables.

Guaranteeing privacy in digital systems is an effort that moves several computing areas such as computer security, cryptography, computer networks, safe protocols, system design and human-computer interaction. One of the hypotheses in our work is that many users of mobile applications are not aware of the risks they run of their data being accessed by intruders, mainly because they do not know what they are exposed to and then, because the terms used in access policies are difficult to understand, too long for a dynamic reading and offer little or no flexibility to allow users to make adjustments according to their preferences. Improving users’ experience means verifying if the implementation of new ways of interaction that provide freedom and flexibility in the control of privacy settings as well as access policies for mobile applications has allowed for higher levels of security and reliability on the users’ side.

This study sought to understand voter’s mental models for three end-to-end (e2e) voting systems: Helios, Prêt à Voter, and Scantegrity II. To study voters’ mental models of e2e systems, 16 Houston area voters participated in mock elections that required them to vote first with a paper ballot and then with the three e2e systems. After using each system, subjects were asked to draw their mental model—or how the system works, then describe it to the experimenter, and last complete an interview. We found that most participants think about the systems first and foremost in terms of how-to-vote procedures, rather than detailed, conceptual models that describe all aspects of a system, including how they work. When designing e2e voting systems, the findings from this study can be used by system developers to ensure that voters find the systems easy to use and that the designs align with voters’ pre-existing mental models for voting.

Sentiment Analysis aims to extract information related to the emotional state of the person that produced a text document and also describe the sentiment polarity of the short or long message. This kind of information might be useful to a forensic analyst because it provides indications about the psychological state of the person under investigation at a given time. In this paper we use machine-learning algorithms to classify short texts (SMS), which could be found in the internal memory of a smartphone and extract the mood of the person that sent them. The basic goal of our method is to achieve low False Positive Rates. Moreover, we present two visualization schemes with the intention to provide the ability to digital forensic analysts to see graphical representations of the messaging activity of their suspects and therefore focus on specific areas of interest reducing their workload.

Because many members of the armed services are overseas during elections, they are unable to cast their ballot in person. Although the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) gives soldiers located overseas the right to mail in absentee ballots, they are often left uncounted due to issues with shipping. This paper presents Televoting, an approach to Internet voting (E-Voting) modeled after Telemedicine systems that utilizes video communication technology. Televoting attempts to address security issues that have plagued previous E-Voting platforms by producing a paper ballot instead of storing votes on a server. This paper discusses the system design and the voting process users experience when using Televoting.

Current research and development being conducted by the international Global Public Inclusive Infrastructure Consortium (GPII) is to create technology for cloud-based accessibility. Using this new technology, users of computer systems can create personal profiles that specify how computer applications should be configured to meet their individual needs. National Institute of Standards and Technology researchers have developed a prototype voting support system with enhanced accessibility capabilities based on the cloud-based accessibility work of the GPII, to evaluate the applicability of this new technology in the voting domain. Using this prototype, the Next Generation Voting Platform (NGVP), voters can use a mobile device (e.g. tablet computer) to exchange data with a cloud-based system to download settings in order to configure complex ballot interfaces for marking a blank ballot. The research performed on the NGVP suggests that cloud-based accessibility has the potential to be useful to voters when integrated into mobile ballot-marking systems.

The use of smartphones and tablet devices has grown rapidly over recent years and the widespread availability of software, often from unknown developers, has led to security and privacy concerns. In order to prevent security compromises, these devices use access control as a means by which a user is able to specify an application’s ability to interact with services and data. However, the use of access control as a security countermeasure in this environment is severely limited. For example, once permissions are granted to software, they may share data, such as location or unique identifiers with third persons without informing the user, whether or not the application is itself running. This paper presents the results of a comparative study conducted with computing students at two UK universities that identifies the issues surrounding software access control permissions in Android and iOS operating systems. Through this study, we are able to quantify the impact of security access permissions on mobile device security and privacy, even amongst specialist users.

In order to design on-line services that are able to support the end-user in making informed choices about when and how to disclose personal information, a close understanding of the relationship between privacy and confidence is therefore needed. UK citizens accessing on-line services have privacy concerns about sharing personal information with government organizations. The physical distance between service user and service provider (increased by on-line service delivery) can reduce confidence in the management of personal information. A close understanding of the relationship between user confidence and information presentation can suggest new design principles to support them in making informed choices about when and how to disclose personal information. This paper presents the result of three user studies to understand user confidence with relation to graphical information presentation, which led to three distinct types of confidence: Institutional; Technological; and Relationship. The final study represents the impact of using graphical information presentation on users’ privacy concern and their confidence in using on-line services. The result indicated service users’ privacy concerns decrease when their privacy awareness increase.

Privacy is considered as a main concern in developing and implementing smart home systems for elderly care (SHSEC). Privacy-by-Design (PbD) can help to ensure privacy in such systems and can support the designers in taking the protection of the privacy into account during the development of such systems. In this paper, we investigate the suitability of the PbD principles (PbDPs) suggested by Cavoukian et al. [

1

] in the context of SHSEC. This research is conducted as a qualitative case study, where we highlight limitations of existing PbDPs in this context. Based on our findings, we suggest seven additional PbDPs which complement the existing PbDPs and adjust them in the context of SHSEC.

Literature has emphasized on human computer interaction as the backbone of technology use and acceptance. The authors made use of the task-technology fit theory and argue that any pre-occupation with the theory from the perspective of task and technology characteristics that does not embrace the user technology self-efficacy is unrealistic and unauthentic. Contributing to debates on task technology fit theory; this study provides self-efficacy as an antecedent for mobile phone voting task technology fit. The purpose of this study is to empirically examine the possibility of extending the task technology fit theory by cooperating self-efficacy to the task and technology characteristics within the voting context. The participants voted for their representatives using a mobile phone voting application. Data was collected using a self-completion questionnaire and the partial least squares was employed. The proposed model displayed a good fit with the data and rendered satisfactory explanatory power for mobile phone voting.

Social networking sites (SNS) retain status updates, pictures and links on profiles dating back years. Because recent and outdated information intermingle in people’s SNS profiles over time, SNS interfaces risk portraying profile owners’ biography and true current identity in a false light. Visualizing the passage of time in SNS interfaces can preserve profile information’s temporal contextual integrity and a truthful light on people’s biographies. Focus groups with SNS users were conducted and digital media experts were consulted to develop temporal interface signs for presenting SNS profiles in a time-sensitive way. Some of the temporal signs were implemented in an SNS interface prototype that was evaluated with users. The usability challenges of implementing the temporal signs in SNS interfaces are discussed. The paper concludes that SNS interfaces presenting people in a truthful temporal light sometimes need to transform the original appearance of profile information itself.

How do poll workers in tens of thousands of precincts across the nation contribute to (or detract from) election security and integrity? This project aimed to fill a gap in the research and focus in a meaningful way on what must happen to make poll workers truly effective in their vital role in administering elections securely on Election Day. We learned that there are many different ideas about what “security” means in the context of elections, and different patterns about poll workers’ attitudes about their responsibilities.

Beyond the increasing quality of car technology in the last decade, road and fast-paced city traffic in metropolises still impose high accident rates. Mostly, drivers’ inattentiveness, tiredness or just bad driving abilities are responsible for safety risks. Novel developments such as the combination of in-vehicle systems and vehicle sensors in the environment could lower these risks. While on the one hand the V2X-technologies bare a huge potential for safety and efficiency, on the other hand, the missing trust and concerns about privacy could represent major obstacles for a successful implementation. Hence, historically, trust in new technology is a major issue, which need to be integrated into the technological development. The perceived trust and control in the field of V2X-technology, with a focal point on automated driving, is the main research focus. Using a quantitative approach, users were examined regarding their perception of V2X-technologies. Results reveal an obvious reluctance towards V2X-technologies, independent of user diversity. Data disclosure of personal data is mostly denied homogeneously. Findings hint at a considerable need for a sensitive and individually tailored information and communication strategy regarding V2X-technology.

Voting security and accessibility are important concerns that must be addressed when designing new voting systems or integrating technologies into the voting process, e.g., remote voting, mobile voting, and/or supporting personal assistive technologies in the polling place. We researched the security implications of allowing users with disabilities to vote using their personal assistive technologies, which would significantly improve the accessibility of the voting process, as well as potentially reduce the risks to security, such as data security, data reliability, voter verification, and auditability, among others. Based on this research and feedback from users with disabilities regarding using a tablet device to vote, we proposed using an intermediary device (such as a computer or tablet) to enable the secure use of personal assistive technologies in voting and enhance the user experience.

Nowadays all Western societies are confronted with the challenges resulting from demographic change, which are (partially) manageable by technical innovations, ranging from sophisticated single devices up to Ambient Assisted Living. However, exceeding the threshold to people’s homes evokes diverse privacy concerns. In this paper, aspects of personal privacy are exposed and validated by three different research methods: focus groups, questionnaire, and an experimental study.

The results of the perceived relevance of privacy across the three methodologies showed a decrease of the attributed importance from the focus group to the hands-on experimental study and an increase of the variability of the data. In order to gain genuine exhaustive information about the user’s perceptions of (aspects of) new technologies it is therefore insufficient to rely on one single research method. Instead, a multi-method research approach is postulated.

Petri Nets (PNs) and their variations are a graphical, mathematical language that can be used for the specification, analysis and verification of discrete event systems, including Critical Infrastructures (CIs). Colored PNs are an extension of classical PNs that are suitable for modeling and analyzing complex interconnected CIs. Timed PNs are another extension of PNs that support timing constraints and events. In this work we present a novel Risk Assessment methodology based on Timed Colored PNs for modeling and analyzing CIs with interdependencies, time-critical events and cascading effects.

The need to manage embedded systems, brought forward by the wider adoption of pervasive computing, is particularly vital in the context of secure and safety-critical applications. This work presents RT-SPDM, a framework for the real-time management of devices populating ambient environments. The proposed framework utilizes a formally validated approach to reason the composability of heterogeneous embedded systems, evaluate their current security, privacy and dependability levels based on pre-defined metrics, and manage them in real-time. An implementation of Event Calculus is used in the Jess rule engine in order to model the ambient environment context and the rule-based management procedure. The reasoning process is modeled as an agent’s behavior and applied on an epistemic multi-agent reasoner for ambient intelligence applications. Agents monitor distinct embedded systems and are deployed as OSGi bundles to enhance the real-time management of embedded devices. A Service Oriented Architecture is adopted, through the use of the Devices Profile for Web Services standard, in order to provide seamless interaction between the framework’s entities, which exchange well-formed information, determined by the OASIS CAP standard. Proof-of-concept implementations of all entities are developed, also investigating user-friendly GUIs for both the front-end and back-end of the framework. A preliminary performance evaluation on typical embedded devices confirms the viability of the proposed approach.

Mainly based on an increasing dependence on ICT, the protection of crucial assets has become increasingly important for organizations. Beside external hacker attacks and malware, malicious insider threat continues to be one of the main security issues facing organizations. This article presents motives, characteristics and other influencing factors of employees to commit to criminal behavior. Therefore, results from the background of German economic offenders’ research and related theories of crime are analyzed. The work closes with recommendations for further research and starting points for insider threat prevention management.

Maritime supply chain is a dynamic system in which a set of organizations, people, activities, information and resources are involved aiming at delivering a service or a product to the final users. The paper describes the business processes of a representative example of a cross-border supply chain service, namely the “Vehicles Transport Chain”; analyses its interdependencies and threats; revealing the limitations of existing risk management methodologies in terms of addressing the cascading effects and the complexity of the maritime security ecosystem; highlights and underlines the need for a targeted risk assessment approach applicable to maritime supply chains.

Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.

Organizations are increasingly adopting cloud-based services to meet their business needs. However, due to the complexity and diversity of cloud systems, it is important to evaluate the user experience within a framework that encompasses multiple characteristics. In this paper, we propose a cloud usability framework to provide a structure to evaluate the key attributes of the cloud user experience. The framework includes five attributes and 20 elements. Generally these describe the consumer’s expectations of the cloud. The framework can be foundation for developing usability metrics for organizations interested in measuring the user experience when adopting cloud-based services.

A method for predicting software failures to critical information infrastructures is presented in this paper. Software failures in critical infrastructures can stem from logical errors in the source code which manipulates controllers that handle machinery; i.e. Remote Terminal Units and Programmable Logic Controllers in SCADA systems. Since these controllers are often responsible for handling hardware in critical infrastructures, detecting such logical errors in the software controlling their functionality implies detecting possible failures in the machine itself and, consequently, predicting single or cascading infrastructure failures. Our method may also be tweaked to provide estimates of the impact and likelihood of each detected error. An existing source code analysis method is adjusted to analyze code able to send commands to SCADA systems. A practical implementation of the method is presented and discussed. Examples are given using open-source SCADA operating interfaces.

The increasing variety of Internet enabled hardware devices is creating a world of semi-autonomous, interconnected systems capable of control, automation and monitoring of a built environment. Many building automation and control systems that have previously been limited in connectivity, or due to cost only used in commercial environments, are now seeing increased uptake in domestic environments. Such systems may lack the management controls that are in place in commercial environments. The risk to these systems is further increased when they are connected to the Internet to allow control via a web browser or smartphone application. This paper explores the application of traditional digital forensics practices by applying established good practice guidelines to the field of building automation. In particular, we examine the application of the UK Association of Chief Police Officers guidelines for Digital Evidence, identifying the challenges and the gaps that arise in processes, procedures and available tools.

Building automation systems (BAS) are interlinked networks of hardware and software, which monitor and control events in the buildings. One of the data communication protocols used in BAS is Building Automation and Control networking protocol (BACnet) which is an internationally adopted ISO standard for the communication between BAS devices. Although BAS focus on providing safety for inhabitants, decreasing the energy consumption of buildings and reducing their operational cost, their security suffers due to the inherent complexity of the modern day systems. The issues such as monitoring of BAS effectively present a significant challenge, i.e., BAS operators generally possess only partial situation awareness. Especially in large and inter-connected buildings, the operators face the challenge of spotting meaningful incidents within large amounts of simultaneously occurring events, causing the anomalies in the BAS network to go unobserved. In this paper, we present the techniques to analyze and visualize the data for several events from BAS devices in a way that determines the potential importance of such unusual events and helps with the building-security decision making. We implemented these techniques as a mobile (

Android

) based application for displaying application data and as tools to analyze the communication flows using directed graphs.

This paper describes a Scratch-based eXtensible Access Control Markup Language (XACML) editor ViSPE that can be used for designing authorisation and anonymisation policies, as well as how these policies can be enforced by using the Reversible anonymiser. Private and confidential information can be protected based on identified security requirements, as described in two case studies. The first case covers privacy-enhanced IDS-alarm handling in a traffic control centre, and in the second case, we mitigate insider threats with a secure configuration deployment policy.