Security

会議の名前
CHI 2024
Comparing the Use and Usefulness of Four IoT Security Labels
要旨

There are currently multiple proposed security label designs for consumer products, with each prioritizing different security and privacy factors. These differences risk making product comparisons more confusing than informative. Standardized labels could potentially resolve this by informing consumers of a product's security features at the point of purchase. But which standard? This survey, of 500 participants, studied four label designs and measured comprehension, response time, acceptability, and cognitive load. We gauged understanding of participant perception and preferences using three smart devices: light bulbs, cameras, and thermostats. We identified preferences and behaviors before, during, and after label use for product selection. At first, participants believed more information-dense labels would better support their purchasing behavior; however, after they evaluated and compared products, participants gravitated towards less cognitively demanding designs. We identified how participants utilized and prioritized label elements to provide recommendations for US label design efforts.

著者
Peter Caven
Indiana Unviersity, Bloomington, Indiana, United States
Zitao Zhang
Indiana University Bloomington, Bloomington, Indiana, United States
Jacob Abbott
Indiana University Bloomington, Bloomington, Indiana, United States
Xinyao Ma
Indiana University, Bloomington, Indiana, United States
LJean Camp
Indiana University, Bloomington, Indiana, United States
論文URL

https://doi.org/10.1145/3613904.3642951

動画
Better Together: The Interplay Between a Phishing Awareness Video and a Link-centric Phishing Support Tool
要旨

Two popular approaches for helping consumers avoid phishing threats are phishing awareness videos and tools supporting users in identifying phishing emails. Awareness videos and tools have each been shown on their own to increase people's phishing detection rate. Videos have been shown to be a particularly effective awareness measure; link-centric warnings have been shown to provide effective tool support. However, it is unclear how these two approaches compare to each other. We conducted a between-subjects online experiment (n=409) in which we compared the effectiveness of the NoPhish video and the TORPEDO tool and their combination. Our main findings suggest that the TORPEDO tool outperformed the NoPhish video and that the combination of both performs significantly better than just the tool. We discuss the implications of our findings for the design and deployment of phishing awareness measures and support tools.

著者
Benjamin Berens
Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany
Florian Schaub
University of Michigan, Ann Arbor, Michigan, United States
Mattia Mossano
SECUSO / AIFB, Karlsruhe Institute of Technology, Karlsruhe, Germany
Melanie Volkamer
SECUSO, Karlsruhe Institute of Technology, Karlsruhe, Germany
論文URL

https://doi.org/10.1145/3613904.3642843

動画
The Effects of Group Discussion and Role-playing Training on Self-efficacy, Support-seeking, and Reporting Phishing Emails: Evidence from a Mixed-design Experiment
要旨

Organizations rely on phishing interventions to enhance employees' vigilance and safe responses to phishing emails that bypass technical solutions. While various resources are available to counteract phishing, studies emphasize the need for interactive and practical training approaches. To investigate the effectiveness of such an approach, we developed and delivered two anti-phishing trainings, group discussion and role-playing, at a European university. We conducted a pre-registered experiment (N = 105), incorporating repeated measures at three time points, a control group, and three in-situ phishing tests. Both trainings enhanced employees' anti-phishing self-efficacy and support-seeking intention in within-group analyses. Only the role-playing training significantly improved support-seeking intention when compared to the control group. Participants in both trainings reported more phishing tests and demonstrated heightened vigilance to phishing attacks compared to the control group. We discuss practical implications for evaluating and improving phishing interventions and promoting safe responses to phishing threats within organizations.

著者
Xiaowei Chen
University of Luxembourg, Esch-sur-Alzette, Luxembourg
Margault Sacré
Université du Luxembourg, Esch-sur-Alzette, Luxembourg
Gabriele Lenzini
SnT - Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg, Luxembourg
Samuel Greiff
University of Luxembourg, Esch-sur-Alzette, Luxembourg
Verena Distler
Bundeswehr University Muncih, Munich, Germany
Anastasia Sergeeva
University of Luxembourg, Esch-sur-Alzette, Luxembourg
論文URL

https://doi.org/10.1145/3613904.3641943

動画
Usable News Authentication: How the Presentation and Location of Cryptographic Information Impacts the Usability of Provenance Information and Perceptions of News Articles
要旨

Cryptographic tools for authenticating the provenance of web-based information are a promising approach to increasing trust in online news and information. However, making these tools' technical assurances sufficiently usable for news consumers is essential to realizing their potential. We conduct an online study with 160 participants to investigate how the presentation (visual vs. textual) and location (on a news article page or a third-party site) of the provenance information affects news consumers' perception of the content's credibility and trustworthiness, as well as the usability of the tool itself. We find that although the visual presentation of provenance information is more challenging to adopt than its text-based counterpart, this approach leads its users to put more faith in the credibility and trustworthiness of digital news, especially when situated internally to the news article.

著者
Errol Francis II
Clemson University, Clemson, South Carolina, United States
Catherine Barwulor
Clemson University, Clemson , South Carolina, United States
Ayana R. Monroe
Cornell University, Ithaca, New York, United States
Kediel O. Morales
New York University, New York, New York, United States
Samya Potlapalli
University of North Carolina at Chapel Hill, Chapel Hill, North Carolina, United States
Kimberly Brown
University of North Carolina at Chapel Hill, Chapel Hill, North Carolina, United States
Julia Jose
New York University, New York, New York, United States
Emily Sidnam-Mauch
Clemson University, Clemson, South Carolina, United States
Susan E. McGregor
Columbia University, New York, New York, United States
Kelly Caine
Clemson University, Clemson, South Carolina, United States
論文URL

https://doi.org/10.1145/3613904.3642331

動画
Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical Infrastructure
要旨

As energy infrastructure becomes more interconnected, understanding cybersecurity risks to production systems requires integrating operational and computer security knowledge. We interviewed 18 experts working in the field of energy critical infrastructure to compare what information they find necessary to assess the impact of computer vulnerabilities on energy operational technology. These experts came from two groups: 1) computer security experts and 2) energy sector operations experts. We find that both groups responded similarly for general categories of information and displayed knowledge about both domains, perhaps due to their interdisciplinary work at the same organization. Yet, we found notable differences in the details of their responses and in their stated perceptions of each group’s approaches to impact assessment. Their suggestions for collaboration across domains highlighted how these two groups can work together to help each other secure the energy grid. Our findings inform the development of interdisciplinary security approaches in critical-infrastructure contexts.

受賞
Honorable Mention
著者
Andrea Gallardo
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Robert Erbes
Idaho National Laboratory, Idaho Falls, Idaho, United States
Katya Le Blanc
Idaho National Laboratory, Idaho Falls, Idaho, United States
Lujo Bauer
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Lorrie Faith. Cranor
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
論文URL

https://doi.org/10.1145/3613904.3642493

動画