Accession Number : ADA538842


Title :   Human Factors in Web-Authentication


Descriptive Note : Doctoral thesis


Corporate Author : CALIFORNIA UNIV BERKELEY DEPT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE


Personal Author(s) : Karlof, Chris K


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a538842.pdf


Report Date : 06 Feb 2009


Pagination or Media Count : 263


Abstract : This dissertation endeavors to improve the security of user authentication on the World Wide Web. One threat to Web authentication is phishing, a social engineering attack that solicits users' authentication credentials by spoofing the login page of a trusted Web site. We identify human psychological tendencies that make users susceptible to phishing attacks and apply these insights to develop design principles for conditioned-safe ceremonies. Conditioned-safe ceremonies are security protocols that deliberately condition users to reflexively act in ways that protect them from attacks. Our formulation of conditioned-safe ceremonies draws on several ideas and lessons learned from the human factors and human reliability community: forcing functions, defense in depth, and the use of human tendencies such as rule-based decision making. We apply these principles to develop a conditioned-safe ceremony based on email for initializing credentials in machine authentication schemes. We evaluated our email ceremony with a user study of 200 participants. We simulated attacks against the users and found that our email ceremony was significantly more secure than a comparable one based on challenge questions. We found evidence that conditioning helped the email users resist attacks, but contributed towards making challenge question users more vulnerable. We also address stronger social engineering threats against Web authentication, e.g. pharming. We describe a new attack against Web authentication we call dynamic pharming. Dynamic pharming works by hijacking DNS and sending the victim's browser malicious Javascript, which then exploits DNS rebinding vulnerabilities and the name-based same-origin policy to hijack a legitimate session after authentication has taken place. To resist dynamic pharming attacks, we propose two locked same-origin policies for Web browsers.


Descriptors :   *INTERNET , *DATA PROCESSING SECURITY , USER NEEDS , ELECTRONIC MAIL , THESES , HUMAN FACTORS ENGINEERING


Subject Categories : Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE