1 / 8

The Emperor’s New Security Indicators: Analyzing User Awareness and Security Vigilance

This paper evaluates website authentication threats, particularly focusing on phishing and man-in-the-middle attacks. Conducted at Harvard, the study found that 53% of participants did not notice any security threats, with role-playing participants showing less secure behavior than those using personal accounts. The research highlights the implications of role-playing on security vigilance and raises ethical questions about revealing vulnerabilities, like proxy-induced HTTPS deactivation. It emphasizes the need for understanding user behavior and ethical considerations in disclosing security information.

ethan
Télécharger la présentation

The Emperor’s New Security Indicators: Analyzing User Awareness and Security Vigilance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. S. Schechter, R. Dhamija, A. Ozment, I. Fischer “The Emperor’s New Security Indicators” in IEEE Symposium on Security and Privacy (S&P 2007), pp. 51-65, 2007 The Emperor's New Security Indicators Sachini Yapa

  2. Summary • Aim • Evaluate site authentication • Man-in-the-middle, Phishing, Other • Investigate participant behaviour • Role playing vs real data • Results • 53% of all participants didn’t notice any security threats • Role playing participants behave less securely compared to users using personal accounts

  3. Appreciative commentEmpirical study on role-playing VS real data • Role playing • 53% of users never noticed security threat • Using personal accounts • 36% of users never noticed security threat

  4. Critical comment 1What is the population being represented? • Advertised experiment around Harvard campus • Students & staff • 91% of participants were University students “Role playing has a significant negative effect on the security vigilance of study participants”

  5. Critical comment 2Ethical to reveal that a proxy can prevent HTTPS activation? • The good people can understand • The bad people can extend to cause harm • Pfleeger • The right to know • Everyone has a right to know this information • The right to privacy • Bad people can exploit the innocent’s privacy through this information

  6. Critical comment 2…Ethical to reveal that a proxy can prevent HTTPS activation? • Confucian ethics • Yi (right conduct): “how can I accommodate you?” • De (power of moral example): leaders must show good character • Wen (the arts of peace): scholars should practice peace not war • Consequential ethics • Authors may have revealed because they decided it was best to be informed (Source: Thomborson, C. “Software Law” Lecture, August 1, 2007)

  7. Discussion question • Is it ethical to reveal that a proxy can prevent HTTPS activation?

  8. Back up slide The experiment

More Related