Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 10 of 10
Full-Text Articles in Entire DC Network
"I Think They're Poisoning My Mind": Understanding The Motivations Of People Who Have Voluntarily Adopted Secure Email, Warda Usman
Theses and Dissertations
Secure email systems that use end-to-end encryption are the best method we have for ensuring user privacy and security in email communication. However, the adoption of secure email remains low, with previous studies suggesting mainly that secure email is too complex or inconvenient to use. However, the perspectives of those who have, in fact, chosen to use an encrypted email system are largely overlooked. To understand these perspectives, we conducted a semi-structured interview study that aims to provide a comprehensive understanding of the mindsets underlying adoption and use of secure email services. Our participants come from a variety of countries …
After Https: Indicating Risk Instead Of Security, Matthew Wayne Holt
After Https: Indicating Risk Instead Of Security, Matthew Wayne Holt
Theses and Dissertations
Browser security indicators show warnings when sites load without HTTPS, but more malicious sites are using HTTPS to appear legitimate in browsers and deceive users. We explore a new approach to browser indicators that overcomes several limitations of existing indicators. First, we develop a high-level risk assessment framework to identify risky interactions and evaluate the utility of this approach through a survey. Next, we evaluate potential designs for a new risk indicator to communicate risk rather than security. Finally, we conduct a within-subjects user study to compare the risk indicator to existing security indicators by observing participant behavior and collecting …
Usable Secure Email Through Short-Lived Keys, Tyler Jay Monson
Usable Secure Email Through Short-Lived Keys, Tyler Jay Monson
Theses and Dissertations
Participants from recent secure email user studies have expressed a need to use secure email tools only a few times a year. At the same time, Internet users are expressing concerns over the permanence of personal information on the Internet. Support for short-lived keys has the potential to address both of these problems. However, the short-lived keys usability and security space is underdeveloped and unexplored. In this thesis, we present an exploration of the short-lived keys usability and security design space. We implement both a short-lived keys and a long-term keys secure email prototype. With these two prototypes, we conduct …
Peering Through The Cloud—Investigating The Perceptions And Behaviors Of Cloud Storage Users, Justin Chun Wu
Peering Through The Cloud—Investigating The Perceptions And Behaviors Of Cloud Storage Users, Justin Chun Wu
Theses and Dissertations
We present the results of a survey and interviews focused on user perceptions and behaviors with respect to cloud storage services. In particular, we study behaviors such as which services are used, what types of data are stored, and how collaboration and sharing are performed. We also investigate user attitudes toward cloud storage on topics such as payment, privacy, security, and robustness. We find that users are drawn to cloud storage because it enables robust, ubiquitous access to their files, as well as enabling sharing and collaborative efforts. However, users' preferred medium for file sharing continues to be email, due …
A Privacy Risk Scoring Framework For Mobile, Jedidiah Spencer Montgomery
A Privacy Risk Scoring Framework For Mobile, Jedidiah Spencer Montgomery
Theses and Dissertations
Protecting personal privacy has become an increasingly important issue as computers become a more integral part of everyday life. As people begin to trust more personal information to be contained in computers they will question if that information is safe from unwanted intrusion and access. With the rise of mobile devices (e.g., smartphones, tablets, wearable technology) users have enjoyed the convenience and availability of stored personal information in mobile devices, both in the operating system and within applications.For a mobile application to function correctly it needs permission or privileges to access and control various resources and controls on the mobile …
Kiwivault: Encryption Software For Portable Storage Devices, Trevor Bradshaw Florence
Kiwivault: Encryption Software For Portable Storage Devices, Trevor Bradshaw Florence
Theses and Dissertations
While many people use USB flash drives, most do not protect their stored documents. Solutions for protecting flash drives exist but inherently limit functionality found in unprotected drives such as portability, usability, and the ability to share documents between multiple people. In addition, other drawbacks are introduced such as the possibility of losing access to protected documents if a password is lost. Assuming protecting portable documents is important, in order for people to be willing to protect their documents they should be required to make as few sacrifices in functionality as possible. We introduce KiwiVault, a USB flash drive encryption …
Or Best Offer: A Privacy Policy Negotiation Protocol, Daniel David Walker
Or Best Offer: A Privacy Policy Negotiation Protocol, Daniel David Walker
Theses and Dissertations
Users today are concerned about how their information is collected, stored and used by Internet sites. Privacy policy languages, such as the Platform for Privacy Preferences (P3P), allow websites to publish their privacy practices and policies in machine readable form. Currently, software agents designed to protect users' privacy follow a "take it or leave it" approach when evaluating these privacy policies. This approach is inflexible and gives the server ultimate control over the privacy of web transactions. Privacy policy negotiation is one approach to leveling the playing field by allowing a client to negotiate with a server to determine how …
Trust Negotiation For Open Database Access Control, Paul A. Porter
Trust Negotiation For Open Database Access Control, Paul A. Porter
Theses and Dissertations
Hippocratic databases are designed to protect the privacy of the individuals whose personal information they contain. This thesis presents a model for providing and enforcing access control in an open Hippocratic database system. Previously unknown individuals can gain access to information in the database by authenticating to roles through trust negotiation. Allowing qualified strangers to access the database increases the usefulness of the system without compromising privacy. This thesis presents the design and implementation of two methods for filtering information from database queries. First, we extend a query modification method for use in an open database system. Second, we introduce …
Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies, Travis S. Leithead
Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies, Travis S. Leithead
Theses and Dissertations
This thesis challenges the assumption that policies will "play fair" within trust negotiation. Policies that do not "play fair" contain requirements for authentication that are misleading, irrelevant, and/or incorrect, based on the current transaction context. To detect these unfair policies, trust negotiation ontologies provide the context to determine the relevancy of a given credential set for a particular negotiation. We propose a credential relevancy framework for use in trust negotiation that utilizes ontologies to process the set of all available credentials C and produce a subset of credentials C' relevant to the context of a given negotiation. This credential relevancy …
Protecting Sensitive Credential Content During Trust Negotiation, Ryan D. Jarvis
Protecting Sensitive Credential Content During Trust Negotiation, Ryan D. Jarvis
Theses and Dissertations
Keeping sensitive information private in a public world is a common concern to users of digital credentials. A digital credential may contain sensitive attributes certifying characteristics about its owner. X.509v3, the most widely used certificate standard, includes support for certificate extensions that make it possible to bind multiple attributes to a public key contained in the certificate. This feature, although convenient, potentially exploits the certificate holder's private information contained in the certificate. There are currently no privacy considerations in place to protect the disclosure of attributes in a certificate. This thesis focuses on protecting sensitive credential content during trust negotiation …