Self-Protective Behaviors Over Public WiFi Networks

Authors: 

David Maimon, Michael Becker, Sushant Patil, and Jonathan Katz, University of Maryland

Abstract: 

The proliferation of public WiFi networks in small businesses, academic institutions, and municipalities allows users to access the Internet from various public locations. Unfortunately, the nature of these networks pose serious risks to users’ security and privacy. As a result, public WiFi users are encouraged to adopt a range of self-protective behaviors to prevent their potential online victimization. This paper explores the prevalence of one such behavior—avoidance of sensitive websites—among public WiFi network users. Moreover, we investigate whether computer users' adoption of an online avoidance strategy depends on their level of uncertainty regarding the security practices of the WiFi network they login to. To answer these questions, we analyze data collected using two phases of field observations: (1) baseline assessment and (2) introduction of a private (honeypot) WiFi network. Phase one baseline data were collected using packet-sniffing of 24 public WiFi networks in the DC metropolitan area. Phase two data were obtained through introducing a honeypot WiFi network to 109 locations around the DC Metropolitan area and an implementation of a quasi-experimental one-group-post-test-only research design. Findings reveal that although most WiFi users avoid accessing banking websites using established public WiFi networks, they still use these networks to access social networks, email, and other websites that handle sensitive information. Nevertheless, when logged in to a WiFi network that has some uncertainty regarding the legitimacy and security practices of its operator, WiFi network users tend to avoid most websites that handle sensitive information.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {209366,
author = {David Maimon and Michael Becker and Sushant Patil and Jonathan Katz},
title = {Self-Protective Behaviors Over Public WiFi Networks},
booktitle = {The {LASER} Workshop: Learning from Authoritative Security Experiment Results ({LASER} 2017)},
year = {2017},
isbn = {978-1-931971-41-6},
pages = {69--76},
url = {https://www.usenix.org/conference/laser2017/presentation/maimon},
publisher = {{USENIX} Association},
}