Abstract. Current trends inspired from the development of the Web 2.0 advocate designing smart things (e.g., wireless sensors nodes or home appliances) as service platforms. Interoperable services are mainly achieved using two different approaches: WS-* and RESTful Web services. These approaches have previously been compared with respect to performance and features, but no work has been done to elicit the developers' preferences and programming experiences. We conducted a study in which 69 novice developers learned both technologies and implemented mobile phone applications that retrieve sensor data, both through a RESTful and through a WS-* service architecture. The results complement the available technological decision framework when building Internet of Things applications. The results suggest that developers find REST easier to learn than WS-* and consider it more suitable for programming smart things. However, for applications with advanced security and Quality of Service requirements, WS-* Web services are perceived to be better suited.
Recent years have seen a proliferation of secure device pairing methods that try to improve both the usability and security of today's de-facto standard -PIN-based authentication. Evaluating such improvements is difficult. Most comparative laboratory studies have so far mainly focused on completeness, trying to find the single best method among the dozens of proposed approaches -one that is both rated the most usable by test subjects, and which provides the most robust security guarantees. This search for the "best" pairing method, however, fails to take into account the variety of situations in which such pairing protocols may be used in real life. The comparative study reported here, therefore, explicitly situates pairing tasks in a number of more realistic situations. Our results indicate that people do not always use the easiest or most popular method -they instead prefer different methods in different situations, based on the sensitivity of data involved, their time constraints, and the social conventions appropriate for a particular place and setting. Our study also provides qualitative data on factors influencing the perceived security of a particular method, the users' mental models surrounding security of a method, and their security needs. General TermsHuman Factors, Security.
With so much of our lives digital, online, and not entirely under our control, we risk losing access to our communications, reputation, and data. Recent years have brought a rash of high-profile account compromises, but account hijacking is not limited to high-profile accounts. In this paper, we report results of a survey about people's experiences with and attitudes toward account hijacking. The problem is widespread; 30% of our 294 participants had an email or social networking account accessed by an unauthorized party. Five themes emerged from our results:(1) compromised accounts are often valuable to victims, (2) attackers are mostly unknown, but sometimes known, to victims, (3) users acknowledge some responsibility for keeping their accounts secure, (4) users' understanding of important security measures is incomplete, and (5) harm from account hijacking is concrete and emotional. We discuss implications for designing security mechanisms to improve chances for user adoption.
Abstract-Authenticating spontaneous interactions between devices and users is challenging for several reasons: the wireless (and therefore invisible) nature of device communication, the heterogeneous nature of devices and lack of appropriate user interfaces in mobile devices, and the requirement for unobtrusive user interaction. The most promising approach that has been proposed in literature involves the exploitation of so-called auxiliary channels for authentication to bridge the gap between usability and security. This concept has spawned the independent development of various authentication methods and research prototypes, that, unfortunately, remain hard to compare and interchange and are rarely available to potential application developers. We present a novel, unified cryptographic authentication protocol framework (UACAP) to unify these approaches on using auxiliary channels and analyze its security properties. This protocol and a selection of auxiliary channels aimed at authentication of mobile devices has been implemented and released in an open source ubiquitous authentication toolkit (OpenUAT). We also present an initial user study evaluating four of these channels.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.