Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Indicators and Warnings

Published byΘαλής Γιάγκος Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Indicators and Warnings"— Presentation transcript:

1 Security Indicators and Warnings

2 Agenda Goals Study Design Results Discussion Redesign Conclusion
I am going to focus on the optional paper-Emperor’s new security indicators and commentary on that paper

3 Goals Role playing Knowledge of the focus of the study
Ethical replication of real attacks Authors were concerned with how studies are designed and what can be done to create an “ecologically valid” study. A study where users behave as they would in the real-world

4 Study Design 3 categories of participants Set of tasks
Tweaks between groups 1 and 2 Participants: role playing, role playing w/ security language in tasks, own account no security language Tasks: first removed https warning, 2nd removed sitekey image, displayed IE7 security warning page Group 1 Role based Group 2 Role based w/ security context clues Group 3 Used own accounts

5 Results Statistical differences No one noticed absent https
Missing security image not noticed Effect of warning page Role playing effect Results: no difference between security primed and role playing, statistical difference between real accounts and all others Https: not new result Security image: 92% users w/ own account still sent login info Warning page: 36% users still sent login info, 66% role playing

6 Discussion Problems you see? Criticism Recruiting realistic sample
Setting of study Psychology of research participants Weaknesses of design: paper discusses security biasing might not have been strong enough. Given results between groups 1 and 2 maybe more subjects should be run? Criticism of design: recuiting eliminates privacy fundamentalists Using a university location to conduct the study gives users trust most interesting: research participants WANT to complete the tasks given them demand charactaristics- participants try to guess purpose of study and validate results task focus – users take tasks seriously and might jeopardize their security to complete the study obedience to authority- participants see researchers as an authority figure and try to do as they are told

7 Redesign In groups redesign experiment to eliminate these problems
Other ways to ethically create “ecologically valid” study? Ways to avoid task based studies?

8 Conclusion Study shows some important results
Users do not act the same while role playing Users can be easily convinced to disregard current security measures Critique of study also provides insight Need new methods for testing security Creating right setting for survey is difficult Papers referenced: S. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies IEEE Symposium on Security and Privacy, May 20-27, 2007, Oakland California. Andrew Patrick's Commentary on Research on New Security Indicators .

Download ppt "Security Indicators and Warnings"

Similar presentations

1 + 1 = You Measuring the comprehensibility of metaphors for configuring backup authentication Stuart SchechterRobert W. Reeder Symposium on Usable Privacy.

1 + 1 = You Measuring the comprehensibility of metaphors for configuring backup authentication Stuart SchechterRobert W. Reeder Symposium on Usable Privacy.
Research Methods in Psychology (Pp 45-59). Observations Can be used in both experimental and nonexperimental research; can be used quantitatively or qualitatively.

Research Methods in Psychology (Pp 45-59). Observations Can be used in both experimental and nonexperimental research; can be used quantitatively or qualitatively.
1 User Centered Design and Evaluation. 2 Overview Why involve users at all? What is a user-centered approach? Evaluation strategies Examples from “Snap-Together.

1 User Centered Design and Evaluation. 2 Overview Why involve users at all? What is a user-centered approach? Evaluation strategies Examples from “Snap-Together.
Jesper Kjeldskov & Jan Stage Department of Computer Science Aalborg University Denmark New Techniques for Usability Evaluation of Mobile Systems.

Jesper Kjeldskov & Jan Stage Department of Computer Science Aalborg University Denmark New Techniques for Usability Evaluation of Mobile Systems.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.
An evaluation framework

An evaluation framework
James Tam Evaluating Interfaces With Users Why evaluation is crucial to interface design General approaches and tradeoffs in evaluation The role of ethics.

James Tam Evaluating Interfaces With Users Why evaluation is crucial to interface design General approaches and tradeoffs in evaluation The role of ethics.
Identify and List… Theory behind the study Aim of study.

Identify and List… Theory behind the study Aim of study.
Validity “The extent to which a test or research study measures what it was designed to measure” www.psychlotron.org.uk.

Validity “The extent to which a test or research study measures what it was designed to measure”
11 Reasons Why Manuscripts are Rejected www.sfedit.net.

11 Reasons Why Manuscripts are Rejected
Evaluating Research Articles Approach With Skepticism Rebecca L. Fiedler January 16, 2002.

Evaluating Research Articles Approach With Skepticism Rebecca L. Fiedler January 16, 2002.
Testing & modeling users. The aims Describe how to do user testing. Discuss the differences between user testing, usability testing and research experiments.

Testing & modeling users. The aims Describe how to do user testing. Discuss the differences between user testing, usability testing and research experiments.
©2011 www.id-book.com1 An Evaluation Framework Chapter 13.

© An Evaluation Framework Chapter 13.
SurveyMonkey.com What is it good for? A teacher’s critique.

SurveyMonkey.com What is it good for? A teacher’s critique.
SOCIAL PSYCHOLOGY. Social Psychology Assumptions: That other people influence our behaviour. 1. Individuals and groups affect behavior (you act differently.

SOCIAL PSYCHOLOGY. Social Psychology Assumptions: That other people influence our behaviour. 1. Individuals and groups affect behavior (you act differently.
A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.

A Quick Insight Paper about phishing attacks based on usability study Users required to classify websites as fraudulent/legitimate using security tools.
An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks Collin Jackson et. all Presented by Roy Ford.
1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.

1.  Usability study of phishing attacks & browser anti-phishing defenses – extended validation certificate.  27 Users in 3 groups classified 12 web.
Designing psychological investigations

Designing psychological investigations
Chapter 13: An evaluation framework. The aims are: To discuss the conceptual, practical and ethical issues involved in evaluation. To introduce and explain.

Chapter 13: An evaluation framework. The aims are: To discuss the conceptual, practical and ethical issues involved in evaluation. To introduce and explain.

Similar presentations

Ads by Google