DOCSLIB.ORG

Soteria: a Persuasive Esecurity Assistant

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Soteria: a Persuasive Esecurity Assistant Soteria: A Persuasive eSecurity Assistant By Punica Bhardwaj A thesis submitted to Florida Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science Degree in Information Assurance and Cyber Security Melbourne, Florida December, 2016 We the undersigned committee hereby approve the attached thesis, “Soteria: A Persuasive eSecurity Assistant” by Punica Bhardwaj. _________________________________________________ Advisor: Heather Crawford, PhD Title: Assistant Professor College: School of Computing _________________________________________________ Committee Member: Thomas Eskridge, Ph.D. Title: Associate Professor College: School of Computing _________________________________________________ External Committee Member: Gisela Susanne Bahr, Ph.D.,Ph.D Title: Graduate Faculty College: Harris Corporation _________________________________________________ Department Head: Marco M. Carvalho, Ph.D. Title: Associate Dean College: School of Computing Abstract Title: Soteria: A Persuasive eSecurity Assistant Author: Punica Bhardwaj Advisor: Major Advisor Heather Crawford, Ph. D “…security is only as good as the weakest link, and people are the weakest link in the chain.” – B Schneier, 2002 Humans are often referred to as the “weakest link” in the security chain because of the poor security decisions taken by them. There can be many reasons for these decisions, such as lack of understandability of the software, lack of education, and lack of relevant information required to do that particular action. In this Thesis, we focus on the lack of relevant information required at the time of performing the action. In order to provide the user with relevant required at the time of performing an action, such as authentication using password, we created an eSecurity Assistant called Soteria. For the possible ways of delivering the information, we acquired the input of the actual user space. We conducted two mutually supporting user studies. The first study was an online questionnaire that was aimed at asking users whether they needed any security advice, and if they did, what the best way to deliver it to them was. The second study was a lab based study that was conducted on the basis of the results we obtained from the first study. We built a mockup design for Soteria on the basis of the results of this study and did the second user study to test the usability and acceptability of the system. Statistical analysis of both studies provide evidence that users do need help while they take security related decisions and were willing to get interrupted if the security of their smartphone was at stake. iii Table of contents List of Figures .................................................................................................................... vii Acknowledgement ............................................................................................................. viii Chapter 1 Introduction ....................................................................................................... 1 1.1 Background ................................................................................................................ 2 1.2 Motivation.............................................................................................................. 3 1.3 Thesis Statement .................................................................................................... 4 1.4 Organization of the Thesis ..................................................................................... 4 Chapter 2 .............................................................................................................................. 6 Literature review ................................................................................................................. 6 2.1 Usable Security ............................................................................................................ 6 2.2 Human-Computer Interaction (HCI) ........................................................................... 7 2.3 The Functional Triad and Computers .......................................................................... 9 2.4 Computers as Persuasive Technologies: Captology .................................................. 10 2.5 Computer Persuaders vs Human Persuaders ............................................................. 11 2.6 Persuasion and Coercion: A Very Thin Line ............................................................. 13 2.7 Can Computer Personalities Be Human Personalities? ............................................. 13 2.8 Anthropomorphization of Technology ...................................................................... 14 2.9 For Each of Their Own .............................................................................................. 15 2.10 User Interface Agents .............................................................................................. 17 2.11 Office Assistants of the Past .................................................................................... 19 2.12 User Attention .......................................................................................................... 21 2.13 Security Warnings ................................................................................................... 22 2.14 Password Strength Meters ....................................................................................... 24 2.15 Sesame: Security interface to Help Users Understand the Meaning of Security Warnings .......................................................................................................................... 24 2.16 Our Solution ............................................................................................................ 26 Chapter 3 ............................................................................................................................ 26 Our Proposed eSecurity Assistant: Soteria ..................................................................... 26 iv 3.1 Soteria: Functionality ................................................................................................. 27 3.2 Soteria: Design........................................................................................................... 29 Chapter 4 ............................................................................................................................ 31 4.1 Study Design .............................................................................................................. 32 4.1.1 Participants ............................................................................................................. 32 4.1.2 Tasks ................................................................... Error! Bookmark not defined. 4.2 Results ....................................................................................................................... 33 4.3 Where can Soteria help? ............................................................................................ 38 4.4 Qualitative Analysis of the Data ................................................................................ 40 4.5 Study Limitations....................................................................................................... 42 4.6 Conclusion and Discussion ........................................................................................ 43 Chapter 5 ............................................................................................................................ 45 User Study 2: A Lab Based Elicitation Study for Soteria .............................................. 45 5.1 Research Question and Hypotheses ......................................................................... 46 5.2 Structure of the study ................................................................................................. 46 5.3 Hypotheses Testing .................................................................................................... 50 5.4 System Usability Scale .............................................................................................. 52 5.5 Results ....................................................................................................................... 53 5.6 Qualitative Data Analysis .......................................................................................... 60 5.7 Study Limitations........................................................................................................... 63 5.8 Design and Usability of Soteria ..................................................................................... 63 5.9 Conclusion: .................................................................................................................... 64 Chapter 6 ............................................................................................................................ 65 Conclusion and Future Directions ................................................................................... 65 6.1 Summary of User Study 1: An Online Questionnaire ............................................... 66 6.2 Summary of User Study 2: A Lab Based Elicitation Study for Soteria ..................... 67 6.3 Future Directions ....................................................................................................... 68 References ..........................................................................................................................
Load more

Recommended publications
  • I Hate Comic Sans!
    I HATE COMIC SANS! It’s Overused It’s Badly used It’s not serious typography Used Incorrectly by Hospitals, Businesses, and Banks, etc. ? “A Computer on Every Desk, In every Home, Running Microsoft Software” the Microsoft Mission statement c. 1980 Computers were expensive Marketed mostly to businesses Expensive Dial up internet Off peak use only on AOL (after 6pm-6am) Screen savers were products Microsoft Scenes After Dark (flying toasters) CD-ROM ‘multimedia’ software MS Beethoven, Schubert, Stravinsky, Strauss MS Ultimate Frank Lloyd Wright MS Wine Guide, MS Dogs, MS Complete Gardening Microsoft Home (1993 Consumer Division) •Goal: To create software for Mums, Dads, and kids Product titles: •Microsoft Flight Simulator* •Microsoft Encarta* •Microsoft Scenes* •Microsoft Creative Writer Wall Street Journal: Aug 24, 1995 • Home computers in US home electronic stores for about $1000 •First affordable computers available • with Windows 95 installed • MSN Online network released to compete with America Online (AOL), Compuserve, Genie etc. • First Generation Internet Explorer released in the Plus Pack for Windows 95 ‘Utopia’ Project Lead: Melinda French (future Mrs. BillG) UI used a simple method of Launching Applications Similar to Hypercard stacks of the late 1980s For children and novice users Release: to coincide with Win95 and 1995 Christmas Season Rover talks in Times New Roman 1994 Microsoft Bob DC Comics: DC Comics The Dark Knight Returns Watchmen DC COMICS: WATCHMEN 1986-87 ILLUSTRATOR/LETTERER : DAVE GIBBONS •
    [Show full text]
  • Microsoft Word 1 Microsoft Word
    Microsoft Word 1 Microsoft Word Microsoft Office Word 2007 in Windows Vista Developer(s) Microsoft Stable release 12.0.6425.1000 (2007 SP2) / April 28, 2009 Operating system Microsoft Windows Type Word processor License Proprietary EULA [1] Website Microsoft Word Windows Microsoft Word 2008 in Mac OS X 10.5. Developer(s) Microsoft Stable release 12.2.1 Build 090605 (2008) / August 6, 2009 Operating system Mac OS X Type Word processor License Proprietary EULA [2] Website Microsoft Word Mac Microsoft Word is Microsoft's word processing software. It was first released in 1983 under the name Multi-Tool Word for Xenix systems.[3] [4] [5] Versions were later written for several other platforms including IBM PCs running DOS (1983), the Apple Macintosh (1984), SCO UNIX, OS/2 and Microsoft Windows (1989). It is a component of the Microsoft Office system; however, it is also sold as a standalone product and included in Microsoft Microsoft Word 2 Works Suite. Beginning with the 2003 version, the branding was revised to emphasize Word's identity as a component within the Office suite; Microsoft began calling it Microsoft Office Word instead of merely Microsoft Word. The latest releases are Word 2007 for Windows and Word 2008 for Mac OS X, while Word 2007 can also be run emulated on Linux[6] . There are commercially available add-ins that expand the functionality of Microsoft Word. History Word 1981 to 1989 Concepts and ideas of Word were brought from Bravo, the original GUI writing word processor developed at Xerox PARC.[7] [8] On February 1, 1983, development on what was originally named Multi-Tool Word began.
    [Show full text]
  • Jim Allchin on Longhorn, Winfs, 64-Bit and Beyond Page 34 Jim
    0805red_cover.v5 7/19/05 2:57 PM Page 1 4 Scripting Solutions to Simplify Your Life Page 28 AUGUST 2005 WWW.REDMONDMAG.COM MrMr WindowsWindows Jim Allchin on Longhorn, WinFS, 64-Bit and Beyond Page 34 > $5.95 05 • AUGUST Make Room for Linux Apps Page 43 25274 867 27 Active Directory Design Disasters Page 49 71 Project1 6/16/05 12:36 PM Page 1 Exchange Server stores & PSTs driving you crazy? Only $399 for 50 mailboxes; $1499 for unlimited mailboxes! Archive all mail to SQL and save 80% storage space! Email archiving solution for internal and external email Download your FREE trial from www.gfi.com/rma Project1 6/16/05 12:37 PM Page 2 Get your FREE trial version of GFI MailArchiver for Exchange today! GFI MailArchiver for Exchange is an easy-to-use email archiving solution that enables you to archive all internal and external mail into a single SQL database. Now you can provide users with easy, centralized access to past email via a web-based search interface and easily fulfill regulatory requirements (such as the Sarbanes-Oxley Act). GFI MailArchiver leverages the journaling feature of Exchange Server 2000/2003, providing unparalleled scalability and reliability at a competitive cost. GFI MailArchiver for Exchange features Provide end-users with a single web-based location in which to search all their past email Increase Exchange performance and ease backup and restoration End PST hell by storing email in SQL format Significantly reduce storage requirements for email by up to 80% Comply with Sarbanes-Oxley, SEC and other regulations.
    [Show full text]
  • The Evolution of Fail Pets : Strategic Whimsy and Brand Awareness in Error Message...Page 1 of 20
    The Evolution of Fail Pets : Strategic Whimsy and Brand Awareness in Error Message...Page 1 of 20 About Sponsorship & Advertising Sign In or Register A @ C > = The Evolution of Fail Pets : Strategic Whimsy and Brand Awareness in Error Messages Error message s present a strategic moment for brands. This article looks at the history and evolution of error screens from Microsoft's Blue Screen of Death, to friendly "fail pets" like Twitter's Fail Whale, to more recent approaches. Article No :759 | November 2, 2011 | by Sean Rintel Traditional usability guidelines (http://www.useit.com/alertbox/20010624.html) propose that error messages should be rationally informative. (http://msdn.microsoft.com/en- us/library/aa511267.aspx) However, error messages are also inherently brand messages. http://uxmag.com/articles/the-evolution-of-fail-pets 24/01/2016 The Evolution of Fail Pets : Strategic Whimsy and Brand Awareness in Error Message...Page 2 of 20 (/topics/marketing-and-brand) Branding seeks to create emotional (/topics/emotion) responses to products, and failure evokes emotional responses. Current failure reflects backwards to prior experiences and forward to prospective experiences, and the form of an error message is indicative of the the brand’s sensitivity to the user experience. Error messages are therefore a critical strategic moment in brand awareness and loyalty. Fred Wenzel refers to error mascots, such as Twitter’s (/topics/twitter) Fail Whale (Figure 1) as fail pets (http://fredericiana.com/tag/failpet/page/2/). Fail pets are of particular interest in terms of branding because they can result in brand recognition through earned media.
    [Show full text]
  • Nonprofit Kit for Dummies 4Th Edition Pdf, Epub, Ebook
    NONPROFIT KIT FOR DUMMIES 4TH EDITION PDF, EPUB, EBOOK Stan Hutton | 9781118604175 | | | | | Nonprofit Kit For Dummies 4th edition PDF Book Visual Basic 5 for Dummies by Wallace Wang. Statistics For Dummies Accounting For Dummies, 4th edition. Second Life for Dummies by Sarah Robbins. London, England, UK. Access for Windows for Dummies by John Kaufeld. Negotiating for Dummies. Portuguese Phrases For Dummies. Spanish All-in-One for dummies by Consumer Dummies. Electronics Projects for Dummies by Earl Boysen. Pomeranians For Dummies. Honeymoon Vacations for Dummies by Reid Bramblett. Alternative Medicine for Dummies by James Dillard. Sociology For Dummies by Jay Gabler. Norton Internet security for dummies by Greg Holden. Hypnotherapy For Dummies. Gardening Basics for Dummies. Women's Health for Dummies by Pamela Maraldo. Coaching Baseball For Dummies. Gardening for Dummies by Michael MacCaskey. Bipolar Disorder for Dummies by Candida Fink. England, UK. Yoga for Dummies by Georg Feuerstein. Related book awards Axiom Business Book Award. Arthritis for Dummies by Barry Fox. Serving as an ambassador for the organization — making more people aware of its work. Quicken for Windows for Dummies by Stephen L. Allergic Asthma for Dummies by William Berger. With the immense success of that book the company expanded their series into what it is today with such diverse subjects as World History for Dummies, Rabbits for Dummies, Parenting for Dummies, Spirituality for Dummies, and Sex for Dummies. Stan Hutton is a senior program officer at the Clarence E. Orchids for Dummies Prezi for Dummies by Stephanie Diamond. Personal Finance for Dummies by Eric Tyson. Web Design for Dummies by Lisa Lopuck.
    [Show full text]
  • Animist Interface: Experiments in Mapping Character Animation to Computer Interface
    71 Animist Interface: Experiments in Mapping Character Animation to Computer Interface by Richard W. Lachman B.S. Computer Science and Engineering Massachusetts Institute of Technology Cambridge, MA 1995 Submitted to the Program in Media Arts and Sciences, School of Architecture and Planning, in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE IN MEDIA ARTS AND SCIENCES at the Massachusetts Institute of Technology September 1997 C Massachusetts Institute of Technology, 1997 All Rights Reserved Signature of Author ; Program in Media Arts and Sciences August 8, 1997 Certified by ee/6 ? C idGlorianna Davenport Principal Research Associate Media Laboratory Thesis Supervisor Accepted byCO Ab(/Stephen A. Benton Chairman Departmental Committee on Graduate Students Program in Media Arts and Sciences Animist Interface: Experiments in Mapping Character Animation to Computer Interface by Richard W. Lachman Submitted to the Program in Media Arts and Sciences, School of Architecture and Planning, on August 9,1997, In partial fulfillment of the requirements for the degree of MASTER OF SCIENCE IN MEDIA ARTS AND SCIENCES at the Massachusetts Institute of Technology September 1997 Abstract This thesis presents a collection of techniques for integrating character and setting with software agent communication. "Animist Interface" supplements and supplants traditional interface elements such as plain-text dialogue boxes, static images and monotone audio to create a richer, more cinematic messaging environment. The techniques animate
    [Show full text]
  • Designing a Virtual Journalist with Human Emotions Kevin K
    I Probe, Therefore I Am: Designing a Virtual Journalist with Human Emotions Kevin K. Bowden, University of California, Santa Cruz, Tommy Nilsson, University of Nottingham, Christine P. Spencer, Queen’s University Belfast, Kubra¨ Cengiz, Istanbul Technical University, Alexandru Ghitulescu, University of Nottingham and Jelte B. van Waterschoot, University of Twente Abstract—By utilizing different communication channels, such advantages. It has, for instance, been established that direct, as verbal language, gestures or facial expressions, virtually em- first-person speech increases the memorability of a message bodied interactive humans hold a unique potential to bridge the [1], [2]. Moreover, research also shows that dialogue is more gap between human-computer interaction and actual interhuman communication. The use of virtual humans is consequently persuasive than monolog [3]. To achieve a natural conversa- becoming increasingly popular in a wide range of areas where tional flow, it is necessary for virtual humans to be able to such a natural communication might be beneficial, including sustain an interaction whilst reacting appropriately to both entertainment, education, mental health research and beyond. the verbal and non-verbal behavioral cues of the user. This Behind this development lies a series of technological advances demands a range of diverse technological solutions to be in in a multitude of disciplines, most notably natural language processing, computer vision, and speech synthesis. In this paper place and operate in unison. we discuss a Virtual Human Journalist, a project employing For this purpose, the ARIA-VALUSPA project brings to- a number of novel solutions from these disciplines with the gether an international consortium of academic and industrial goal to demonstrate their viability by producing a humanoid institutions, including CereProc2 specialized in the devel- conversational agent capable of naturally eliciting and reacting to opment of text-to-speech (TTS) solutions, a research team information from a human user.
    [Show full text]
  • Models and Metaphors
    Lecture 4 – Models and Metaphors Terry Winograd CS147 - Introduction to Human-Computer Interaction Design Computer Science Department Stanford University Autumn 2006 CS147 - Terry Winograd - 1 Learning Goals • Understand the use of metaphors in designing interfaces and be able to choose them appropriately • Understand the need for a clear conceptual model in interface design and be able to analyze and create appropriate models for specific applications CS147 - Terry Winograd - 2 Conceptual Models • In interacting with any system (software or others), a person has a concept of what the system is: what its components are, what properties they have, and what interactions they can enter into. This conceptual model underlies the more specific aspects of interface, such as screen representations and command structures. CS147 - Terry Winograd - 3 Metaphors • A key issue in software design is to make the model as clear and comprehensible as possible, and to relate it appropriately to the person's models based on prior experience with other systems and aspects of ordinary life. • Metaphors can help the designer communicate the mental model based on the user’s prior understanding. CS147 - Terry Winograd - 4 Three Paradigms [Cooper] • Technology paradigm – To use the device (or program) you need to understand the mechanism • Metaphor paradigm – Let users apply what they know from some familiar part of life in understanding the interface • Idiomatic Paradigm – Design simple interactions and imbue them with meaning CS147 - Terry Winograd - 5 The Desktop
    [Show full text]
  • Josh Blalock P a G E | 2
    Version 2.0 Written By Josh Blalock http://www.get-csjosh.com P a g e | 2 Table of Contents A Bit about the Author .................................................................................................................................. 4 Author’s Opening Notes................................................................................................................................ 5 Terminology Review...................................................................................................................................... 6 Chapter 1: Introduction to Skype for Business Environments ...................................................................... 7 Skype for Business Server 2015 (On-Premises) ........................................................................................ 7 Skype for Business Online ......................................................................................................................... 9 Chapter 2: On-Premises vs. Online: Feature Comparison .......................................................................... 10 Chapter 3: Supported Hybrid Configurations and Available Features ........................................................ 13 Exchange Server On-Premises Integration ............................................................................................. 13 Exchange Online Integration ................................................................................................................... 15 SharePoint Server On-Premises Integration ..........................................................................................
    [Show full text]
  • Ebook - Informations About Operating Systems Version: September 3, 2016 | Download
    eBook - Informations about Operating Systems Version: September 3, 2016 | Download: www.operating-system.org AIX Operating System (Unix) Internet: AIX Operating System (Unix) AmigaOS Operating System Internet: AmigaOS Operating System Android operating system Internet: Android operating system Aperios Operating System Internet: Aperios Operating System AtheOS Operating System Internet: AtheOS Operating System BeIA Operating System Internet: BeIA Operating System BeOS Operating System Internet: BeOS Operating System BSD/OS Operating System Internet: BSD/OS Operating System CP/M, DR-DOS Operating System Internet: CP/M, DR-DOS Operating System Darwin Operating System Internet: Darwin Operating System Debian Linux Operating System Internet: Debian Linux Operating System eComStation Operating System Internet: eComStation Operating System Symbian (EPOC) Operating System Internet: Symbian (EPOC) Operating System FreeBSD Operating System (BSD) Internet: FreeBSD Operating System (BSD) Gentoo Linux Operating System Internet: Gentoo Linux Operating System Haiku Operating System Internet: Haiku Operating System HP-UX Operating System (Unix) Internet: HP-UX Operating System (Unix) GNU/Hurd Operating System Internet: GNU/Hurd Operating System Inferno Operating System Internet: Inferno Operating System IRIX Operating System (Unix) Internet: IRIX Operating System (Unix) JavaOS Operating System Internet: JavaOS Operating System LFS Operating System (Linux) Internet: LFS Operating System (Linux) Linspire Operating System (Linux) Internet: Linspire Operating
    [Show full text]
  • Microsoft-English Dictionary
    The Microsoft-English Dictionary 1.0 (What Microsoft Really Means To Say) Article #2001-04 8 July 2001 Richard Forno ([email protected]) (c) 2001 Author. Permission granted to freely reproduce - in whole or in part for noncommercial use - with appropriate credit to author and INFOWARRIOR.ORG. For his novel “1984” George Orwell developed “Newspeak”, a modified English language using ambiguous or deceptive words, metaphors, or euphemisms to influence public opinion on various matters - a common business practice refined to an exacting science by news media, marketing companies, and corporate PR departments. Nowhere is Newspeak more perfected than in the halls of the Microsoft Campus in Redmond, Washington - a place where legions of well-paid spin-meisters attempt to morph the reality of their company’s business, legal, and product information into innocuous -sounding, politically- correct, calm-inducing statements when released to the public. Naturally, this has a confusing effect on the general public who is unfamiliar with this particular form of language. As a public service, this article contains a helpful list of terms used by the company and what, in reality - not Newspeak - such terms actually mean. It’s my hope that such insight - culled from personal experience and the input of technology professionals - will cut through the Newspeak fog and assist readers in determining for themselves what Microsoft is really saying in its public statements. The Microsoft-English Dictionary is organized into four sections: (1) Legal, Marketing, and Internet Community Terms; (2) Security-Oriented Terms; (3) Product-Related Terms; and (4) Miscellaneous Terms. KEY: (n) = Noun; (v)=Verb; (colloq)=Colloquial; (pl)=Plural; (adj)=adjective Feel free to send updates or suggestions regarding this dictionary to [email protected] for possible inclusion in future editions.
    [Show full text]
  • Study on Technology and Learning
    University of Central Florida STARS Honors Undergraduate Theses UCF Theses and Dissertations 2019 Study on Technology and Learning Jeremy Bramwell University of Central Florida Part of the Psychology Commons Find similar works at: https://stars.library.ucf.edu/honorstheses University of Central Florida Libraries http://library.ucf.edu This Open Access is brought to you for free and open access by the UCF Theses and Dissertations at STARS. It has been accepted for inclusion in Honors Undergraduate Theses by an authorized administrator of STARS. For more information, please contact [email protected]. Recommended Citation Bramwell, Jeremy, "Study on Technology and Learning" (2019). Honors Undergraduate Theses. 526. https://stars.library.ucf.edu/honorstheses/526 STUDY ON TECHNOLOGY AND LEARNING by JEREMY BRAMWELL A thesis submitted in partial fulfillment of the requirements for the Honors in the Major Program in Psychology in the College of the Sciences and in the Burnett Honors College at the University of Central Florida Orlando, Florida Spring Term 2019 Thesis Chair: Daniel S. McConnell ©2019 Jeremy Bramwell ii ABSTRACT The purpose of this research thesis is to investigate technologies effects on learning. Specifically the researchers studied the usability of intelligent personal assistant-enabled devices for learning assistance. It is assumed that using technology in educational context helps both students and educators because there is a positive effect on engagement which increases learning curves. Although, this is not always the case. The present study yielded results that were not consistent with the assumption that using any type of technology as an aid for learning has a positive effect.
    [Show full text]