TY - GEN
T1 - Model for analysing Anti-Phishing Authentication Ceremonies
AU - Hatunic-Webster, Edina
AU - Mtenzi, Fred
AU - O'Shea, Brendan
N1 - Publisher Copyright:
© 2014 Infonomics Society.
PY - 2014
Y1 - 2014
N2 - Phishing takes advantage of the way humans interact with computers or interpret messages; and also that many online authentication protocols place a disproportional burden on human abilities. A security ceremony is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. It is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. In this paper, we propose a Human Factors in Anti-Phishing Authentication Ceremonies (APAC) Framework for investigating phishing attacks in authentication ceremonies, which builds on The Human-in-the-Loop Security Framework of communication processing. We show how to apply the APAC framework to model human-protocol behaviour. The resulting Model for Analysing APAC correlates the framework components and examines how the authentication tasks required to be performed by humans influence their decision-making and consequently their phishing detection.
AB - Phishing takes advantage of the way humans interact with computers or interpret messages; and also that many online authentication protocols place a disproportional burden on human abilities. A security ceremony is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. It is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. In this paper, we propose a Human Factors in Anti-Phishing Authentication Ceremonies (APAC) Framework for investigating phishing attacks in authentication ceremonies, which builds on The Human-in-the-Loop Security Framework of communication processing. We show how to apply the APAC framework to model human-protocol behaviour. The resulting Model for Analysing APAC correlates the framework components and examines how the authentication tasks required to be performed by humans influence their decision-making and consequently their phishing detection.
KW - Anti-Phishing Authentication
KW - Ceremonies
KW - Modeling Human-Protocol Behaviour
UR - http://www.scopus.com/inward/record.url?scp=84949923224&partnerID=8YFLogxK
U2 - 10.1109/ICITST.2014.7038795
DO - 10.1109/ICITST.2014.7038795
M3 - Conference contribution
AN - SCOPUS:84949923224
T3 - 2014 9th International Conference for Internet Technology and Secured Transactions, ICITST 2014
SP - 144
EP - 150
BT - 2014 9th International Conference for Internet Technology and Secured Transactions, ICITST 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 9th International Conference for Internet Technology and Secured Transactions, ICITST 2014
Y2 - 8 December 2014 through 10 December 2014
ER -