Modeling and analysis of influence power for information security decisions

Yevseyeva, Iryna; Morisset, Charles; Moorsel, Aad P. A. van

doi:10.1016/j.peva.2016.01.003

Cited by 6 publications

(6 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They reported that nudges could be effective, but that personal differences also played a role in security decisions. Yevseyeva et al (2016) also experimented with the use of influential techniques to steer people towards the most secure Wi-Fi option. Among other insights, they found that adding a padlock symbol had the highest impact, but also that the influence decreased as the number of options increased, and that different clusters of decision-makers existed.…”

Section: Related Workmentioning

confidence: 99%

Nudging folks towards stronger password choices: providing certainty is the key

Renaud

Zimmermann

2018

Behav. Public Policy

View full text Add to dashboard Cite

Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations (i.e. 'nudges') have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here, we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords. We carried out three longitudinal studies to analyse the efficacy of a range of 'nudges' by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing 'nudges'. Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password and that it was this certainty that made the difference.

show abstract

Section: Related Workmentioning

confidence: 99%

Nudging folks towards stronger password choices: providing certainty is the key

Renaud

Zimmermann

2018

Behav. Public Policy

View full text Add to dashboard Cite

show abstract

“…A security-related nudge study [54] successfully nudged users towards a more secure WiFi by using colour and menu order. This finding was confirmed by [55]. Privacy researchers have deployed nudges with some success [56,57,58] making people more aware of privacy invasions.…”

Section: What About the Information Security Context?mentioning

confidence: 76%

“…Once the data has been aligned, the resultant data will be sent to the Correlation Power Analysis (CPA) [55] attack. The CPA attack is utilised to recover the secret key used by the AES-128 algorithm with the EM emissions as input data.…”

mentioning

confidence: 99%

Guidelines for Ethical Nudging in Password Authentication

Renaud¹,

Zimmermann²

2018

SAIEE Afr. Res. J.

View full text Add to dashboard Cite

This research investigates the Electromagnetic (EM) side channel leakage of a Raspberry Pi 2 B+. An evaluation is performed on the EM leakage as the device executes the AES-128 cryptographic algorithm contained in the libcrypto++ library in a threaded environment. Four multi-threaded implementations are evaluated. These implementations are Portable Operating System Interface Threads, C++11 threads, Threading Building Blocks, and OpenMP threads. It is demonstrated that the various thread techniques have distinct variations in frequency and shape as EM emanations are leaked from the Raspberry Pi. It is demonstrated that the AES-128 cryptographic implementation within the libcrypto++ library on a Raspberry Pi is vulnerable to Side Channel Analysis (SCA) attacks. The cryptographic process was seen visibly within the EM spectrum and the data for this process was extracted where digital filtering techniques was applied to the signal. The resultant data was utilised in the Differential Electromagnetic Analysis (DEMA) attack and the results revealed 16 sub-keys that are required to recover the full AES-128 secret key. Based on this discovery, this research introduced a multi-threading approach with the utilisation of Secure Hash Algorithm (SHA) to serve as a software based countermeasure to mitigate SCA attacks. The proposed countermeasure known as the FRIES noise generator executed as a Daemon and generated EM noise that was able to hide the cryptographic implementations and prevent the DEMA attack and other statistical analysis.

show abstract

“…Developer-centered security is an emerging research area focused on how to get developers to build more secure systems from the start [44,57]. While the traditional focus of cybersecurity research has been on developing new technologies and systems, in recent years, this is shifting to understanding the software engineer and how they are supported in creating secure products [53,23].…”

Section: Related Workmentioning

confidence: 99%

A Privacy Awareness System for Software Design

Omoronyia

Etuk

Inglis

2019

Int. J. Soft. Eng. Knowl. Eng.

View full text Add to dashboard Cite

There have been concerting policy and legal initiatives to mitigate the privacy harm resulting from badly designed software technology. But one main challenge to realizing these initiatives is the difficulty in translating proposed principles and regulations into concrete and verifiable evidence in technology. This is partly due to the lack of systematic techniques and tools to address privacy in the software design, hence making it difficult for the designer to measure disclosure risk in a more intuitive way, taking into account the privacy objective that matters to each end user. To bridge this gap, we propose a framework for verifying the satisfaction of user privacy objectives in software design. Our approach is based on the (un)awareness that users acquire when information is disclosed, as it relates to the communication properties of objects in a design. This property is used to determine the expected privacy utility that users will derive from the design for a specified privacy objective. We demonstrate through case studies how this approach can help designers determine which design decision undermines users’ privacy expectations and better design alternatives.

show abstract

Modeling and analysis of influence power for information security decisions

Cited by 6 publications

References 31 publications

Nudging folks towards stronger password choices: providing certainty is the key

Nudging folks towards stronger password choices: providing certainty is the key

Guidelines for Ethical Nudging in Password Authentication

A Privacy Awareness System for Software Design

Contact Info

Product

Resources

About