Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 21 of 21
Full-Text Articles in Physical Sciences and Mathematics
"I Think They're Poisoning My Mind": Understanding The Motivations Of People Who Have Voluntarily Adopted Secure Email, Warda Usman
Theses and Dissertations
Secure email systems that use end-to-end encryption are the best method we have for ensuring user privacy and security in email communication. However, the adoption of secure email remains low, with previous studies suggesting mainly that secure email is too complex or inconvenient to use. However, the perspectives of those who have, in fact, chosen to use an encrypted email system are largely overlooked. To understand these perspectives, we conducted a semi-structured interview study that aims to provide a comprehensive understanding of the mindsets underlying adoption and use of secure email services. Our participants come from a variety of countries …
Who Uses Multi-Factor Authentication?, Leah Roberts
Who Uses Multi-Factor Authentication?, Leah Roberts
Undergraduate Honors Theses
A sample of 47 BYU students were recruited to participate in this study to determine who was using Multi-factor Authentication (MFA) on their online accounts. This study determined that there were many different factors that separated those who used MFA and those who did not. Some of those factors included: time spent on the internet each day, gender, the website itself, and personal privacy behaviors.
Managing Two-Factor Authentication Setup Through Password Managers, Jonathan William Dutson
Managing Two-Factor Authentication Setup Through Password Managers, Jonathan William Dutson
Theses and Dissertations
Two-factor authentication (2FA) provides online accounts with protection against remote account compromise. Despite the security benefits, adoption of 2FA has remained low, in part due to poor usability. We explore the possibility of improving the usability of the 2FA setup process by providing setup automation through password managers. We create a proof-of-concept KeePass (a popular password manager) extension that adds browser-based automation to the 2FA setup process and conduct a 30-participant within-subjects user study to measure user perceptions about the system. Our system is found to be significantly more usable than the current manual method of 2FA setup for multiple …
After Https: Indicating Risk Instead Of Security, Matthew Wayne Holt
After Https: Indicating Risk Instead Of Security, Matthew Wayne Holt
Theses and Dissertations
Browser security indicators show warnings when sites load without HTTPS, but more malicious sites are using HTTPS to appear legitimate in browsers and deceive users. We explore a new approach to browser indicators that overcomes several limitations of existing indicators. First, we develop a high-level risk assessment framework to identify risky interactions and evaluate the utility of this approach through a survey. Next, we evaluate potential designs for a new risk indicator to communicate risk rather than security. Finally, we conduct a within-subjects user study to compare the risk indicator to existing security indicators by observing participant behavior and collecting …
The Security Layer, Mark Thomas O'Neill
The Security Layer, Mark Thomas O'Neill
Theses and Dissertations
Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix …
User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson
User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson
Undergraduate Honors Theses
Simple password-based authentication provides insufficient protection against increasingly common incidents of online identity theft and data loss. Although two-factor authentication (2FA) provides users with increased protection against attackers, users have mixed feelings about the usability of 2FA. We surveyed the students, faculty, and staff of Brigham Young University (BYU) to measure user sentiment about DUO Security, the 2FA system adopted by BYU in 2017. We find that most users consider DUO to be annoying, and about half of those surveyed expressed a preference for authentication without using a second-factor. About half of all participants reported at least one instance of …
Usable Security And Privacy For Secure Messaging Applications, Elham Vaziripour
Usable Security And Privacy For Secure Messaging Applications, Elham Vaziripour
Theses and Dissertations
The threat of government and corporate surveillance around the world, as well as the publicity surrounding major cybersecurity attacks, have increased interest in secure and private end-to-end communications. In response to this demand, numerous secure messaging applications have been developed in recent years. These applications have been welcomed and publically used not just by political activists and journalists but by everyday users as well. Most of these popular secure messaging applications are usable because they hide many of the details of how encryption is provided. The strength of the security properties of these applications relies on the authentication ceremony, wherein …
The State Of Man-In-The-Middle Tls Proxies: Prevalence And User Attitudes, Mark Thomas Oneill
The State Of Man-In-The-Middle Tls Proxies: Prevalence And User Attitudes, Mark Thomas Oneill
Theses and Dissertations
We measure the prevalence and uses of Man-in-the-Middle TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 15.2 million certificate tests across two large-scale measurement studies and find that 1 in 250 TLS connections are intercepted by proxies. The majority of these proxies appear to be benevolent, however we identify over 3,600 cases where eight malware products are using this technology nefariously. We also find thousands of instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a …
Usable, Secure Content-Based Encryption On The Web, Scott Ruoti
Usable, Secure Content-Based Encryption On The Web, Scott Ruoti
Theses and Dissertations
Users share private information on the web through a variety of applications, such as email, instant messaging, social media, and document sharing. Unfortunately, recent revelations have shown that not only is users' data at risk from hackers and malicious insiders, but also from government surveillance. This state of affairs motivates the need for users to be able to encrypt their online data.In this dissertation, we explore how to help users encrypt their online data, with a special focus on securing email. First, we explore the design principles that are necessary to create usable, secure email. As part of this exploration, …
A Privacy Risk Scoring Framework For Mobile, Jedidiah Spencer Montgomery
A Privacy Risk Scoring Framework For Mobile, Jedidiah Spencer Montgomery
Theses and Dissertations
Protecting personal privacy has become an increasingly important issue as computers become a more integral part of everyday life. As people begin to trust more personal information to be contained in computers they will question if that information is safe from unwanted intrusion and access. With the rise of mobile devices (e.g., smartphones, tablets, wearable technology) users have enjoyed the convenience and availability of stored personal information in mobile devices, both in the operating system and within applications.For a mobile application to function correctly it needs permission or privileges to access and control various resources and controls on the mobile …
Dynamic Near Field Communication Pairing For Wireless Sensor Networks, Steven Charles Cook
Dynamic Near Field Communication Pairing For Wireless Sensor Networks, Steven Charles Cook
Theses and Dissertations
Wireless sensor network (WSN) nodes communicate securely using pre-installed cryptographic keys. Although key pre-installation makes nodes less expensive, the technical process of installing keys prevents average users from deploying and controlling their own WSNs. Wireless pairing enables users to set up WSNs without pre-installing keys, but current pairing techniques introduce numerous concerns regarding security, hardware expense, and usability. This thesis introduces dynamic Near Field Communication (NFC) pairing, a new pairing technique designed for WSNs. This pairing overcomes the limitations of both key pre-installation and current pairing techniques. Dynamic NFC pairing is as secure as using pre-installed keys, requires only inexpensive …
Trusted Mobile Overlays, Robert Scott Robertson
Trusted Mobile Overlays, Robert Scott Robertson
Theses and Dissertations
Sensitive information is increasingly moving online and as data moves further from the control of its owner, there are increased opportunities for it to fall into malicious hands. The Web is comprised of three untrusted components where there is a risk of information compromise: networks, service providers, and clients. This thesis presents Trusted Mobile Overlays: a system that leverages trusted mobile devices to protect users from these untrusted components of the Web, while minimizing deployment difficulties. It presents a high-level design of the system as well as a prototype that implements the design.
Kiwivault: Encryption Software For Portable Storage Devices, Trevor Bradshaw Florence
Kiwivault: Encryption Software For Portable Storage Devices, Trevor Bradshaw Florence
Theses and Dissertations
While many people use USB flash drives, most do not protect their stored documents. Solutions for protecting flash drives exist but inherently limit functionality found in unprotected drives such as portability, usability, and the ability to share documents between multiple people. In addition, other drawbacks are introduced such as the possibility of losing access to protected documents if a password is lost. Assuming protecting portable documents is important, in order for people to be willing to protect their documents they should be required to make as few sacrifices in functionality as possible. We introduce KiwiVault, a USB flash drive encryption …
State Of Secure Application Development For 802.15.4, Janell Armstrong
State Of Secure Application Development For 802.15.4, Janell Armstrong
Theses and Dissertations
A wireless sensor network consists of small, limited-resource embedded systems exchanging environment data and activating controls. These networks can be deployed in hostile environments to monitor wildlife habitats, implemented in factories to locate mobile equipment, and installed in home environments to optimize the use of utilities. Each of these scenarios requires network security to protect the network data. The IEEE 802.15.4 standard is designed for WSN communication, yet the standard states that it is not responsible for defining the initialization, distribution, updating, or management of network public keys. Individuals seeking to research security topics will find that there are many …
Simple, Secure, Selective Delegation In Online Identify Systems, Bryant Gordon Cutler
Simple, Secure, Selective Delegation In Online Identify Systems, Bryant Gordon Cutler
Theses and Dissertations
The ability to delegate privileges to others is so important to users of online identity systems that users create ad hoc delegation systems by sharing authentication credentials if no other easy delegation mechanism is available. With the rise of internet-scale relationship-based single sign-on protocols like OpenID, the security risks of password sharing are unacceptable. We therefore propose SimpleAuth, a simple modification to relationship-based authentication protocols that gives users a secure way to selectively delegate subsets of their privileges, making identity systems more flexible and increasing user security. We also present a proof-of-concept implementation of the SimpleAuth pattern using the sSRP …
Extensible Pre-Authentication In Kerberos, Phillip L. Hellewell
Extensible Pre-Authentication In Kerberos, Phillip L. Hellewell
Theses and Dissertations
Organizations need to provide services to a wide range of people, including strangers outside their local security domain. As the number of users grows larger, it becomes increasingly tedious to maintain and provision user accounts. It remains an open problem to create a system for provisioning outsiders that is secure, flexible, efficient, scalable, and easy to manage. Kerberos is a secure, industry-standard protocol. Currently, Kerberos operates as a closed system; all users must be specified upfront and managed on an individual basis. This paper presents EPAK (Extensible Pre-Authentication in Kerberos), a framework that enables Kerberos to operate as an open …
Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies, Travis S. Leithead
Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies, Travis S. Leithead
Theses and Dissertations
This thesis challenges the assumption that policies will "play fair" within trust negotiation. Policies that do not "play fair" contain requirements for authentication that are misleading, irrelevant, and/or incorrect, based on the current transaction context. To detect these unfair policies, trust negotiation ontologies provide the context to determine the relevancy of a given credential set for a particular negotiation. We propose a credential relevancy framework for use in trust negotiation that utilizes ontologies to process the set of all available credentials C and produce a subset of credentials C' relevant to the context of a given negotiation. This credential relevancy …
Improving Routing Security Using A Decentralized Public Key Distribution Algorithm, Jeremy C. Goold
Improving Routing Security Using A Decentralized Public Key Distribution Algorithm, Jeremy C. Goold
Theses and Dissertations
Today's society has developed a reliance on networking infrastructures. Health, financial, and many other institutions deploy mission critical and even life critical applications on local networks and the global Internet. The security of this infrastructure has been called into question over the last decade. In particular, the protocols directing traffic through the network have been found to be vulnerable. One such protocol is the Open Shortest Path First (OSPF) protocol. This thesis proposes a security extension to OSPF containing a decentralized certificate authentication scheme (DecentCA) that eliminates the single point of failure/attack present in current OSPF security extensions. An analysis …
Network-Layer Selective Security, Casey T. Deccio
Network-Layer Selective Security, Casey T. Deccio
Theses and Dissertations
The Internet and other large computer networks have become an integral part of numerous daily processes. Security at the network layer is necessary to maintain infrastructure survivability in the case of cyber attacks aimed at routing protocols. In order to minimize undesired overhead associated with added security at this level, the notion of selective security is proposed. This thesis identifies elements in network topologies that are most important to the survivability of the network. The results show that the strategic placement of network security at critical elements will improve overall network survivability without the necessity of universal deployment.
Preserving Trust Across Multiple Sessions In Open Systems, Fuk-Wing Thomas Chan
Preserving Trust Across Multiple Sessions In Open Systems, Fuk-Wing Thomas Chan
Theses and Dissertations
Trust negotiation, a new authentication paradigm, enables strangers on the Internet to establish trust through the gradual disclosure of digital credentials and access control policies. Previous research in trust negotiation does not address issues in preserving trust across multiple sessions. This thesis discusses issues in preserving trust between parties who were previously considered strangers. It also describes the design and implementation of trust preservation in TrustBuilder, a prototype trust negotiation system. Preserving trust information can reduce the frequency and cost of renegotiation. A scenario is presented that demonstrates that a server supporting trust preservation can recoup the cost of the …
Protecting Sensitive Credential Content During Trust Negotiation, Ryan D. Jarvis
Protecting Sensitive Credential Content During Trust Negotiation, Ryan D. Jarvis
Theses and Dissertations
Keeping sensitive information private in a public world is a common concern to users of digital credentials. A digital credential may contain sensitive attributes certifying characteristics about its owner. X.509v3, the most widely used certificate standard, includes support for certificate extensions that make it possible to bind multiple attributes to a public key contained in the certificate. This feature, although convenient, potentially exploits the certificate holder's private information contained in the certificate. There are currently no privacy considerations in place to protect the disclosure of attributes in a certificate. This thesis focuses on protecting sensitive credential content during trust negotiation …