| CS395 Computer Privacy and Security |
| CS455 Computer Systems Security |
| TM436 Advanced Network Security |
| Home |
| Welcome to Usable Security Education Project Home Page |
Usable Security ReferencesAbu-Nimeh,
S., Nappa, D., Wang, X., & Nair, S. (2007).
A Comparison of Machine
Learning Techniques for Phishing Detection. Paper presented at the
APWG eCrime Researchers Summit,,
Pittsburgh, PA. Anandpara, V., Dingman, A., Jakobsson,
M., Liu, D., & Roinestad, H. (2007).
Phishing IQ tests measure fear, not ability ,Computer Science Research Report No. 643.. Anderson, R. (2008). Security
Engineering ( 2nd ed. ed.). Indianapolis, IN: John
Wiley & Sons, Inc. Bardram, J. E., Kjær, R. E., & Pedersen, M.
Ø. (2003).Context-Aware User Authentication – Supporting
Proximity-Based Login in Pervasive Computing In A. K , Dey,
A. Schmidt & J. F. McCarthy (Eds.), UbiComp 2003:
Ubiquitous Computing (Vol. 2864, pp. 107-123). Berlin / Heidelberg:
Springer Bergholz, A., Chang, J.-H., Paaß, G., Reichartz, F., & Strobel, S.
(2008). Improved
Phishing Detection using Model-Based Features, Paper presented at
the Proceedings of the Conference on Email and Anti-Spam (CEAS), Mountain View,
CA. Bishop, M. (2005). Psychological
acceptability revisited. In L. F. Cranor & S. L. Garfinkel (Eds.), Security
and Usability: Designing Secure Systems that People Can Use (pp. 1-11).
Sebastopol, CA: O'Reilly Media, Inc. Bolten, J. B. (2003). E-Authentication Guidance for
Federal Agencies , Retrieved. Brody, R. G., Mulig,
E., & Kimball, V. (2007). Phishing, pharming and identity theft. Academy of Accounting and Financial Studies Journal, 11(3), 43-56. Burr, W. E., Dodson, D. F., & Polk,
T. W. (2006). Electronic
Authentication Guideline , (No. NIST Special
Publication 800-63). Gaithersburg, MD: National Institute of Standards
and Technology. Camp, J., Asgharpour,
F., & Liu, D. (2007). Experimental Evaluations of Expert and Non-expert Computer Users'
Mental Models of Security Risks. Paper presented at the Workshop on
the Economics of Information Security, Pittsburgh, PA. Chiasson, S., Forget,
A., & Biddle, R. (2008). Accessibility and graphical passwords, .Paper presented at the Presented at SOAPS: Symposium on Accessible Privacy and Security. Chiasson, S., van Oorschot, P. C., & Biddle, R. (2006). A usability study and critique of two password managers, Paper presented at the
USENIX-SS'06: Proceedings of the 15th Conference on USENIX Security Symposium,
Vancouver, B.C., Canada. . Cranor, L. F., Egelman, S., Hong, J., & Zhang, Y. (2006). Phinding Phish: An Evaluation of Anti-Phishing Toolbars, Pittsburgh, PA: Carnegie Mellon University. Cranor, L. F., & Garfinkel, S. L. (2005).
Security and Usability: Designing Secure
Systems that People Can Use. Sebastopol, CA: O'Reilly Media, Inc. Davis, D., Monrose,
F., & Reiter, M. K. (2004). On user choice in graphical password schemes., Paper presented at the Proceedings of the 13th USENIX Security Symposium. DeWitt, A. J., & Kuljis,
J. (2006). Aligning
usability and security: a usability study of Polaris. Paper
presented at the Proceedings of the 2nd Symposium on Usable Privacy and
Security (SOUPS), Pittsburgh, Pennsylvania. Dhamija, R., & Perrig, A. (2000). Deja vu: A user study using images for
authentication. Paper presented at the Proceedings of the 9th USENIX
Security Symposium. Dhamija, R., Tygar, J., & Hearst, M. (2006).
Why phishing works. Paper presented
at the CHI '06: Proceedings of the SIGCHI Conference on Human Factors in
Computing Systems, Montréal, Québec, Canada. Dhamija, R., & Tygar, J. D. (2005). The battle against phishing: Dynamic
security skins. Paper presented at the SOUPS '05: Proceedings of the 2005
Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania. Downs, J. S., Holbrook, M. B., & Cranor, L. F. (2006). Decision strategies and susceptibility to
phishing. Paper presented at the SOUPS '06: Proceedings of the 2nd Symposium on
Usable Privacy and Security, Pittsburgh, Pennsylvania. Downs, J. S., Holbrook, M. B., & Cranor, L. F. (2007). Behavioral response to phishing risk.
Paper presented at the ECrime '07: Proceedings of the
Anti-Phishing Working Groups 2nd Annual eCrime
Researchers Summit, Pittsburgh, Pennsylvania. Drake, C. E., Oliver, J. J., & Koontz, E. J. (2004,
July 30-31). Anatomy of
a Phishing Email. Paper presented at the CEAS 2004 - First
Conference on Email and Anti-Spam, Mountain View, CA. Dunphy, P., & Yan, J. (2007). Do background images improve "draw a secret" graphical
passwords? Paper presented at the Proceedings of the 14th ACM conference on
Computer and communications security, Alexandria, VA. Egelman, S., Cranor, L. F., & Hong, J.
(2008). You've been warned: An
empirical study of the effectiveness of web browser phishing warnings.
Paper presented at the CHI '08: Proceeding of the Twenty-Sixth Annual SIGCHI
Conference on Human Factors in Computing Systems, Florence, Italy. Finch, J., Furnell,
S., & Dowland, P. (2003). Assessing IT Security
Culture: System Administrator and End-User Perspectives. Paper
presented at the Proceedings of ISOneWorld, Las
Vegas, NV. Florencio, D., & Herley,
C. (2007). A LargeScale Study of Web Password Habits. Paper
presented at the Proceedings of the 16th international conference on World Wide
Web, Banff, Alberta, Canada. Forget, A., Chiasson, S., &
Biddle, R. (2007). Helping users create
better passwords: Is this the right approach? .
Paper presented at the SOUPS '07: Proceedings of the 3rd Symposium on Usable
Privacy and Security, Pittsburgh, Pennsylvania. Forget, A., Chiasson, S., van Oorschot, P. C., & Biddle, R. (2008). Improving text passwords
through persuasion. Paper presented at the SOUPS '08: Proceedings of
the 4th Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania. Furnell, S. (2007). An assessment of website password practices. Computers & Security, 26(7-8),
445-451. Gartner Inc. (2009). Gartner Says Number of Phishing
Attacks on U.S. Consumers Increased 40 Percent in 2008., Retrieved 11th April, 2010. Gibson, M., Renaud,
K., Conrad, M., & Maple, C. (2009). Musipass: authenticating me softly with "my" song. Paper
presented at the Proceedings of the 2009 workshop on New
security paradigms workshop, Oxford, United Kingdom. Gross, J. B., & Rosson, M. B.
(2007). Looking for
trouble: Understanding end-user security management. Paper presented
at the CHIMIT '07: Proceedings of the 2007 Symposium on Computer Human
Interaction for the Management of Information Technology, Cambridge,
Massachusetts. Halderman, J. A., Waters, B.,
& Felten, E. W. (2005). A convenient method for securely managing
passwords. Paper presented at the WWW '05: Proceedings of the 14th
International Conference on World Wide Web, Chiba, Japan. Hamilton, S. S., Carlisle, M. C., &
Hamilton Jr., J. A. (2007). A Global Look at Authentication. Paper presented at the
Proceedings of the 2007 IEEE Workshop on Information Assurance, West Point, NY. Herzberg, A., & Jbara,
A. (2008). Security and identification indicators for
browsers against spoofing and phishing attacks. ACM Transactions on Internet Technology, 8(4), 1-36. Jagatic, T. N., Johnson, N. A., Jakobsson, M.,
& Menczer, F. (2007). Social
phishing. Communications of the
ACM, 50, 94-100. Jakobsson, M., & Meyers, S.
(2007). Phishing and
countermeasures. Hoboken, NJ: John Wiley & Sons, Inc. Jakobsson, M., Stolterman, E., Wetzel, S., &
Yang, L. (2008). Love
and authentication. Paper presented at the CHI '08: Proceeding of
the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing
Systems, Florence, Italy. Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., & Rubin, A. (1999). The design and analysis of
graphical passwords. Paper presented at the Proceedings of the 8th
USENIX Security Symposium. Jeyaraman, S., & Topkara, U. (2005). Have the cake and eat it too - infusing
usability into text-password based authentication systems. Paper presented
at the ACSAC '05: Proceedings of the 21st Annual Computer Security Applications
Conference. Keith, M., Shao,
B., & Steinbart, P. J. (2007). The
usability of passphrases for authentication: An empirical field study International Journal of Human-Computer
Studies, 65(1), 17-28. Kim, D. J., Agrawal,
M., Jayaraman, B., & Rao,
H. R. (2003). A Comparison of B2B E-Service Solutions.
Communications of the ACM, 46(12),
317-324. Kirda, E., & Kruegel, C. (2006).
Protecting Users against Phishing Attacks The Computer Journal, 49(5), 554-561. Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L. F., Hong, J., & Nunge,
E. (2007). Protecting people from
phishing: the design and evaluation of an embedded training email system.
Paper presented at the Proceedings of the SIGCHI conference on Human factors in
computing systems. Kumaraguru, P., Sheng, S., Acquisti,
A., Cranor, L. F., & Hong, J. (2008). Lessons from a real world
evaluation of anti-phishing training. Paper presented at the
Anti-Phishing Working Group’s 2nd Annual eCrime
Researchers Summit. Kurzban, S. A. (1985). Easily remembered passphrases: a better approach. ACM SIGSAC Review, 3(2-4), 10-21. Man, S., Hong, D., & Mathews, M. (2003). A shoulder-surfing resistant
graphical password scheme. Paper presented at the Proceedings of
International Conference on Security and Management, Las Vegas, NV. Mannan, M., & van Oorschot, P. C. (2008).
Digital objects as
passwords. Paper presented at the Presented at the 3rd USENIX
Workshop on Hot Topics in Security. Menzel, M., Thomas, I., & Meinel, C.
(2009). Security
Requirements Specification in Service-Oriented Business Process Management.
Paper presented at the International Conference on Availability, Reliability
and Security, Fukuoka, Japan. Milletary, J. (2005). Technical Trends in Phishing Attacks:
US-CERT. Moore, T., & Clayton, R. (2008).
The consequence of non-cooperation
in the fight against phishing. Paper presented at the Anti-Phishing
Working Group’s 2nd Annual eCrime Researchers Summit. Nielsen, J. (1994). Usability Engineering. San Francisco, CA: Morgan Kaufmann. Pan, Y., & Ding, X. (2006). Anomaly based web phishing page detection.
Paper presented at the ACSAC '06: Proceedings of the 22nd Annual Computer
Security Applications Conference on Annual Computer Security Applications
Conference. Rabkin, A. (2008). Personal knowledge questions for fallback authentication:
Security questions in the era of facebook. Paper
presented at the SOUPS '08: Proceedings of the 4th Symposium on Usable Privacy
and Security, Pittsburgh, Pennsylvania. Ramzan, Z. (2010). Phishing
Attacks and Countermeasures In P. Stavroulakis
& M. Stamp (Eds.), Handbook of
Information and Communication Security (pp. 433-448). Heidelberg, Germany:
Springer Berlin Heidelberg. Renaud, K. V. (2009). Web Authentication using Mikon Images. Paper presented at the World
Congress on Privacy, Security, Trust and the Management of e-Business, Saint
John, New Brunswick. Ronda, T., Saroiu,
S., & Wolman, A. (2008). Itrustpage: A
user-assisted anti-phishing tool. Paper presented at the Eurosys '08: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems Glasgow,
Scotland UK. Ross, B., Jackson, C., Miyake, N., Boneh, D., & Mitchell, J. C. (2005). Stronger password
authentication using browser extensions. Paper presented at the
SSYM'05: Proceedings of the 14th Conference on USENIX Security Symposium,
Baltimore, MD. Saltzer, J. H., & Schroeder, M. D. (1975). The protection of information in computer
systems. Paper presented at the Proceedings of the IEEE. Sasse, & Flechais. (2005). Security
and Usability: Designing Secure Systems that People Can Use. In L. F. Cranor & S. L. Garfinkel
(Eds.), (pp. 1-11). Sebastopol, CA: O'Reilly Media, Inc. Sasse, A. M. (2007). Usability
and trust in Information Systems. In R. Mansell
& B. S. Collins (Eds.), Trust and
crime in information societies (pp. 319-348). Glos,
UK: Edward Elgar Publishing Limited. Schneier, B. (2005). Schneier on
security. A blog covering security and security
technology, . Retrieved January
30, 2009. Sheng, S., Holbrook, M. B., Kumaraguru, P., Cranor, L., & Downs, J. S. (2010). Who Falls for Phish? A
Demographic Analysis of Phishing Susceptibility and Effectiveness of
Interventions. Paper presented at the CHI 2010, ACM Conference on
Human Factors in Computing Systems, Atlanta, GA. Sheng, S., Magnien, B., P., K., Acquisti, A., Cranor, L. F.,
Hong, J., et al. (2007). Anti-Phishing
Phil: the design and evaluation of a game that teaches people not to fall for
phish. . Paper presented at the Proceedings of the 3rd Symposium on Usable
Privacy and Security, Pittsburgh, PA. Shih, D.-H., Kao, D.-Y., & Shen, J.-C. (2009). An Embedded TOP System for m-Commerce User Authentication. Paper
presented at the Eighth International Conference on Mobile Business. Sobrado, L., & Birget, J. C. (2002).
Graphical passwords The Rutgers Scholar An Electronic
Bulletin for Undergraduate Research,
Retrieved January 30, 2009. Stinchcombe, N. (2010). Imperva Releases Detailed Analysis of 32 Million BreachedConsumer Passwords, Retrieved 1st May,
2010. Stoll, J., Tashman,
C. S., Edwards, W. K., & Spafford, K. (2008).
Sesame: Informing user security decisions
with system visualization. Paper presented at the CHI '08: Proceeding of
the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing
Systems, Florence, Italy. Suo, X., Zhu, Y., & Owen, G. S. (2005). Graphical passwords: A survey. Paper
presented at the ACSAC '05: Proceedings of the 21st Annual Computer Security
Applications Conference. Symantec. (2010). Symantec Global Internet Security Threat
Report Trends for 2009. Mountain View, CA. Syukri, A. F., Okamoto, E., & Mambo, M. (1998). A user identification
system using signature written with mouse. Paper presented at the
Third Australasian conference on Information Security and Privacy (ACISP). Tao, H., & Adams, C. (2008).
Pass-Go: A Proposal to Improve the Usability of Graphical Passwords. International Journal of Network Security, 7(2),
273-292. Tari, F., Ozok,
A. A., & Holden, S. H. (2006). A comparison of perceived and real shoulder-surfing risks between
alphanumeric and graphical passwords. Paper presented at the
Proceedings of the second symposium on Usable privacy and security, Pittsburgh,
PA. Topkara, U., Atallah, M. J., & Topkara, M. (2007). Passwords decay, words endure: Secure and re-usable multiple password
mnemonics. Paper presented at the SAC '07: Proceedings of the 2007 ACM
Symposium on Applied Computing, Seoul, Korea. Wash, R., & MacKie-Mason, J.
K. (2007). Security when people matter:
Structuring incentives for user behavior. Paper presented at the ICEC '07: Proceedings
of the Ninth International Conference on Electronic Commerce, Minneapolis, MN,
USA. West, R. (2008). The psychology of
security. Communications of the
ACM, 51(4), 34-40. Whitten, A., & Tygar,
J. D. (1999). Why Johnny can't
encrypt: a usablility evaluation of PGP 5.0.
Paper presented at the Proceedings of the 8th Usenix
Security Symposium, Berkeley, CA. Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A., & Memon, N.
(2005). Authentication using
graphical passwords: Effects of tolerance and image choice. Paper presented
at the SOUPS '05: Proceedings of the 2005 Symposium on Usable Privacy and
Security, Pittsburgh, Pennsylvania. Wu, M., Miller, R. C., & Garfinkel,
S. L. (2006). Do Security Toolbars
Actually Prevent Phishing Attacks? . Paper
presented at the Proceedings of the Conference on Human Factors in Computing
Systems, Montreal, Canada. Wu, M., Miller, R. C., & Little, G.
(2006). Web wallet: Preventing
phishing attacks by revealing user intentions. Paper presented at the SOUPS
'06: Proceedings of the Second Symposium on Usable Privacy and Security,
Pittsburgh, Pennsylvania. Yan, J., Blackwell, A., Anderson, R.,
& Grant, A. (2004). Password Memorability
and Security: Empirical Results. IEEE
Security & Privacy, 2(5), 25-31. Zhang, Y., Egelman, S., Cranor, L., & Hong, J. (2007). Phinding Phish: Evaluating Anti-Phishing Tools. Paper presented at the
Proceedings of the 14th Annual Network and Distributed System Security
Symposium (NDSS 2007). Zhang, Y., Hong, J., & Cranor, L. F. (2007). Cantina: A content-based approach to detecting phishing web sites.
Paper presented at the WWW '07: Proceedings of the 16th International
Conference on World Wide Web, Banff, Alberta, Canada. Zurko, M. E., & Simon, R. T. (1996). User-Centered Security. Proceedings of the
Workshop on New Security Paradigms, Lake
Arrowhead, CA. Zviran, M., & Haga, W. J. (1990).
Cognitive passwords: The key to easy access control. Computers and Security, 9(9), 723-736. (These are references from our paper, Usable Authentication in E-Business. Authors: B. George, A.K. Valeva, and G. A. Mangalaraj) |
| Cybersecurity Education Project Stipes 447I Computer Science Department Western Illinois University 1 University Circle Macomb IL-61455 |
 |
 |
 |
This material is based upon work supported by the National Science Foundation under Grant No. 0736643. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.