Soteria: a Persuasive Esecurity Assistant
Total Page:16
File Type:pdf, Size:1020Kb
Soteria: A Persuasive eSecurity Assistant By Punica Bhardwaj A thesis submitted to Florida Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science Degree in Information Assurance and Cyber Security Melbourne, Florida December, 2016 We the undersigned committee hereby approve the attached thesis, “Soteria: A Persuasive eSecurity Assistant” by Punica Bhardwaj. _________________________________________________ Advisor: Heather Crawford, PhD Title: Assistant Professor College: School of Computing _________________________________________________ Committee Member: Thomas Eskridge, Ph.D. Title: Associate Professor College: School of Computing _________________________________________________ External Committee Member: Gisela Susanne Bahr, Ph.D.,Ph.D Title: Graduate Faculty College: Harris Corporation _________________________________________________ Department Head: Marco M. Carvalho, Ph.D. Title: Associate Dean College: School of Computing Abstract Title: Soteria: A Persuasive eSecurity Assistant Author: Punica Bhardwaj Advisor: Major Advisor Heather Crawford, Ph. D “…security is only as good as the weakest link, and people are the weakest link in the chain.” – B Schneier, 2002 Humans are often referred to as the “weakest link” in the security chain because of the poor security decisions taken by them. There can be many reasons for these decisions, such as lack of understandability of the software, lack of education, and lack of relevant information required to do that particular action. In this Thesis, we focus on the lack of relevant information required at the time of performing the action. In order to provide the user with relevant required at the time of performing an action, such as authentication using password, we created an eSecurity Assistant called Soteria. For the possible ways of delivering the information, we acquired the input of the actual user space. We conducted two mutually supporting user studies. The first study was an online questionnaire that was aimed at asking users whether they needed any security advice, and if they did, what the best way to deliver it to them was. The second study was a lab based study that was conducted on the basis of the results we obtained from the first study. We built a mockup design for Soteria on the basis of the results of this study and did the second user study to test the usability and acceptability of the system. Statistical analysis of both studies provide evidence that users do need help while they take security related decisions and were willing to get interrupted if the security of their smartphone was at stake. iii Table of contents List of Figures .................................................................................................................... vii Acknowledgement ............................................................................................................. viii Chapter 1 Introduction ....................................................................................................... 1 1.1 Background ................................................................................................................ 2 1.2 Motivation.............................................................................................................. 3 1.3 Thesis Statement .................................................................................................... 4 1.4 Organization of the Thesis ..................................................................................... 4 Chapter 2 .............................................................................................................................. 6 Literature review ................................................................................................................. 6 2.1 Usable Security ............................................................................................................ 6 2.2 Human-Computer Interaction (HCI) ........................................................................... 7 2.3 The Functional Triad and Computers .......................................................................... 9 2.4 Computers as Persuasive Technologies: Captology .................................................. 10 2.5 Computer Persuaders vs Human Persuaders ............................................................. 11 2.6 Persuasion and Coercion: A Very Thin Line ............................................................. 13 2.7 Can Computer Personalities Be Human Personalities? ............................................. 13 2.8 Anthropomorphization of Technology ...................................................................... 14 2.9 For Each of Their Own .............................................................................................. 15 2.10 User Interface Agents .............................................................................................. 17 2.11 Office Assistants of the Past .................................................................................... 19 2.12 User Attention .......................................................................................................... 21 2.13 Security Warnings ................................................................................................... 22 2.14 Password Strength Meters ....................................................................................... 24 2.15 Sesame: Security interface to Help Users Understand the Meaning of Security Warnings .......................................................................................................................... 24 2.16 Our Solution ............................................................................................................ 26 Chapter 3 ............................................................................................................................ 26 Our Proposed eSecurity Assistant: Soteria ..................................................................... 26 iv 3.1 Soteria: Functionality ................................................................................................. 27 3.2 Soteria: Design........................................................................................................... 29 Chapter 4 ............................................................................................................................ 31 4.1 Study Design .............................................................................................................. 32 4.1.1 Participants ............................................................................................................. 32 4.1.2 Tasks ................................................................... Error! Bookmark not defined. 4.2 Results ....................................................................................................................... 33 4.3 Where can Soteria help? ............................................................................................ 38 4.4 Qualitative Analysis of the Data ................................................................................ 40 4.5 Study Limitations....................................................................................................... 42 4.6 Conclusion and Discussion ........................................................................................ 43 Chapter 5 ............................................................................................................................ 45 User Study 2: A Lab Based Elicitation Study for Soteria .............................................. 45 5.1 Research Question and Hypotheses ......................................................................... 46 5.2 Structure of the study ................................................................................................. 46 5.3 Hypotheses Testing .................................................................................................... 50 5.4 System Usability Scale .............................................................................................. 52 5.5 Results ....................................................................................................................... 53 5.6 Qualitative Data Analysis .......................................................................................... 60 5.7 Study Limitations........................................................................................................... 63 5.8 Design and Usability of Soteria ..................................................................................... 63 5.9 Conclusion: .................................................................................................................... 64 Chapter 6 ............................................................................................................................ 65 Conclusion and Future Directions ................................................................................... 65 6.1 Summary of User Study 1: An Online Questionnaire ............................................... 66 6.2 Summary of User Study 2: A Lab Based Elicitation Study for Soteria ..................... 67 6.3 Future Directions ....................................................................................................... 68 References ..........................................................................................................................