Search results
-
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys
Mathy Vanhoef and Frank Piessens, Katholieke Universiteit Leuven We analyze the generation and management of 802.11 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decry ...admin - December 9, 2021 - 10:09 pm
-
Flip Feng Shui: Hammering a Needle in the Software Stack
Kaveh Razavi, Ben Gras, and Erik Bosman, Vrije Universiteit Amsterdam; Bart Preneel, Katholieke Universiteit Leuven; Cristiano Giuffrida and Herbert Bos, Vrije Universiteit Amsterdam We introduce Flip Feng Shui (FFS), a new exploitation vector which allow ...admin - December 9, 2021 - 10:09 pm
-
The Cut-and-Choose Game and Its Application to Cryptographic Protocols
fact that checking and evaluating may have dramatically different costs. In this paper, we consider ...admin - December 9, 2021 - 10:09 pm
-
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
Muhammad Ahmad Bashir, Sajjad Arshad, William Robertson, and Christo Wilson, Northeastern University Numerous surveys have shown that Web users are concerned about the loss of privacy associated with online tracking. Alarmingly, these surveys also reveal ...admin - December 9, 2021 - 10:09 pm
-
You've Got Vulnerability: Exploring Effective Vulnerability Notifications
factors affecting a notification’s efficacy have not been deeply explored. In this paper, we report on an ...admin - December 9, 2021 - 10:09 pm
-
How Short Is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices
this paper, we examine the potential of (1) shortening privacy notices, by removing privacy practices ...admin - December 10, 2021 - 4:09 pm
-
Rethinking Connection Security Indicators
Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, and Max Walker, Google; Christopher Thompson, University of California, Berkeley; Mustafa Embre Acer, Elisabeth Morant, and Sunny Consolvo, Google We propose a new set of browser security ...admin - December 10, 2021 - 4:09 pm
-
A Week to Remember: The Impact of Browser Warning Storage Policies
Joel Weinberger and Adrienne Porter Felt, Google When someone decides to ignore an HTTPS error warning, how long should the browser remember that decision? If they return to the website in five minutes, an hour, a day, or a week, should the browser show t ...admin - December 10, 2021 - 4:09 pm
-
"They Keep Coming Back Like Zombies": Improving Software Updating Interfaces
unan swered. In this paper, we begin tackling this question by studying software updating behaviors, ...admin - December 10, 2021 - 4:09 pm
-
Why Do They Do What They Do?: A Study of What Motivates Users to (Not) Follow Computer Security Advice
Michael Fagan and Mohammad Maifi Hasan Khan, University of Connecticut Usable security researchers have long been interested in what users do to keep their devices and data safe and how that compares to recommendations. Additionally, experts have long deb ...admin - December 10, 2021 - 4:09 pm
-
Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online
Ashwini Rao, Florian Schaub, Norman Sadeh, and Alessandro Acquisti, Carnegie Mellon University; Ruogu Kang, Facebook Online privacy policies are the primary mechanism for in- forming users about data practices of online services. In practice, users ignore ...admin - December 10, 2021 - 5:09 pm
-
Addressing Physical Safety, Security, and Privacy for People with Visual Impairments
Tousif Ahmed, Patrick Shaffer, Kay Connelly, David Crandall, and Apu Kapadia, Indiana University Bloomington People with visual impairments face a variety of obstacles in their daily lives. Recent work has identified specific physical privacy concerns of ...admin - December 10, 2021 - 5:09 pm
-
An Inconvenient Trust: User Attitudes toward Security and Usability Tradeoffs for Key-Directory Encryption Systems
Wei Bai, Doowon Kim, Moses Namara, and Yichen Qian, University of Maryland, College Park; Patrick Gage Kelley, University of New Mexico; Michelle L. Mazurek, University of Maryland, College Park Many critical communications now take place digitally, but r ...admin - December 10, 2021 - 5:09 pm
-
Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions
Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun Zhang, Norman Sadeh, Alessandro Acquisti. and Yuvraj Agarwal, Carnegie Mellon University IAPP SOUPS Privacy Award! Modern smartphone platforms have millions of apps, many of which r ...admin - December 10, 2021 - 5:09 pm
-
Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users
Sadegh Torabi and Konstantin Beznosov, University of British Columbia Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population o ...admin - December 10, 2021 - 5:09 pm
-
Intuitions, Analytics, and Killing Ants: Inference Literacy of High School-educated Adults in the US
paper, we investigate inference literacy: the beliefs and misconceptions people have about how companies ...admin - December 10, 2021 - 5:09 pm
-
Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes
computers. Combining SBO data with user interviews, this paper presents a qualitative study comparing ...admin - December 10, 2021 - 5:09 pm
-
Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours
Adam Beautement, Ingolf Becker, Simon Parkin, Kat Krol, and Angela Sasse, University College London Organisational security policies are often written without sufficiently taking in to account the goals and capabilities of the employees that must follow ...admin - December 10, 2021 - 5:09 pm
-
Expert and Non-Expert Attitudes towards (Secure) Instant Messaging
Ben Laurie, Google In this paper, we present results from an online survey with 1,510 participants and ...admin - December 10, 2021 - 5:09 pm
-
Snooping on Mobile Phones: Prevalence and Trends
Universidade de Lisboa Distinguished Paper Award! Personal mobile devices keep private information which people ...admin - December 10, 2021 - 5:09 pm
-
Use the Force: Evaluating Force-Sensitive Authentication for Mobile Devices
paper, we propose to integrate pressure-sensitive touchscreen interactions into knowledge-based ...admin - December 10, 2021 - 6:09 pm
-
User Attitudes Toward the Inspection of Encrypted Traffic
Laboratories"; Daniel Zappala and Kent Seamons, Brigham Young University This paper reports the results of ...admin - December 10, 2021 - 6:09 pm
-
Understanding Password Choices: How Frequently Entered Passwords Are Re-used across Websites
Rick Wash and Emilee Rader, Michigan State University; Ruthie Berman, Macalester College; Zac Wellmer, Michigan State University From email to online banking, passwords are an essential component of modern internet use. Yet, users do not always have good ...admin - December 10, 2021 - 6:09 pm
-
A Study of Authentication in Daily Life
Shrirang Mare, Dartmouth College; Mary Baker, HP Labs; Jeremy Gummeson, Disney Research We report on a wearable digital diary study of 26 participants that explores people's daily authentication behavior across a wide range of targets (phones, PCs, w ...admin - December 10, 2021 - 6:09 pm
-
Turning Contradictions into Innovations or: How We Learned to Stop Whining and Improve Security Operations
Sathya Chandran Sundaramurthy, University of South Florida; John McHugh, RedJack, LLC; Xinming Ou, University of South Florida; Michael Wesch and Alexandru G. Bardas, Kansas State University; S. Raj Rajagopalan, Honeywell Labs Efforts to improve the effic ...admin - December 10, 2021 - 6:09 pm