Advertisement

Assessing the Impact of Affective Feedback on End-User Security Awareness

  • Lynsay A. Shepherd
  • Jacqueline Archibald
  • Robert Ian Ferguson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10292)

Abstract

A lack of awareness regarding online security behaviour can leave users and their devices vulnerable to compromise. This paper highlights potential areas where users may fall victim to online attacks, and reviews existing tools developed to raise users’ awareness of security behaviour. An ongoing research project is described, which provides a combined monitoring solution and affective feedback system, designed to provide affective feedback on automatic detection of risky security behaviour within a web browser. Results gained from the research conclude an affective feedback mechanism in a browser-based environment, can promote general awareness of online security.

Keywords

End-user security behaviours Usable security Affective feedback User Monitoring techniques User feedback Security awareness 

References

  1. 1.
    Li, Y., Siponen, M.: A call for research on home users information security behaviour. In: PACIS 2011, Proceedings, p. 112 (2011)Google Scholar
  2. 2.
    Stanton, J.M., et al.: Analysis of end user security behaviors. Comput. Secur. 24, 124–133 (2005). ElsevierCrossRefGoogle Scholar
  3. 3.
    Payne, B., Edwards, W.: A brief introduction to usable security. IEEE Internet Comput. 12(3), 13–21 (2008)CrossRefGoogle Scholar
  4. 4.
    Fetscherin, M.: Importance of cultural and risk aspects in music piracy: a cross-national comparison among university students. J. Electron. Commer. Res. 10, 45–55 (2009). http://www.csulb.edu/journals/jecr/issues/20091/Paper4.pdf Google Scholar
  5. 5.
    Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley Publishing, Indianapolis (2011). pp. 23–24Google Scholar
  6. 6.
    Padayachee, K.: Taxonomy of compliant information security behavior. Comput. Secur. 31(5), 673–680 (2012). http://dx.doi.org/10.1016/j.cose.2012.04.004 CrossRefGoogle Scholar
  7. 7.
    Shay, R., et al.: Designing password policies for strength and usability. ACM Trans. Inf. Syst. Secur. 18(4) (2016). http://doi.org/10.1145/2891411
  8. 8.
    Balduzzi, M.: Attacking the privacy of social network users. HITBSECCONF2011, Malaysia (2011). http://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20%20Marco%20Balduzzi%20-%20Attacking%20the%20Privacy%20of%20Social%20Network%20Users.pdf. Accessed 21 Sept 2012
  9. 9.
    Milne, G.R., Labrecque, L.I., Cromer, C.: Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Aff. 43(3), 449–473 (2009). http://doi.org/10.1111/j.1745-6606.2009.01148.x CrossRefGoogle Scholar
  10. 10.
    Larose, R., Rifon, N.J.: Promoting i-safety: effects of privacy warnings and privacy seals on risk assessment and online privacy behavior. J. Consum. Aff. 41(1), 127–149 (2007). doi: 10.1111/j.1745-6606.2006.00071.x CrossRefGoogle Scholar
  11. 11.
    Milne, G.R., Rohm, A.J., Bahl, S.: Consumers’ protection of online privacy and identity. J. Consum. Aff. 38, 217–232 (2004). doi: 10.1111/j.1745-6606.2004.tb00865.x CrossRefGoogle Scholar
  12. 12.
    Farahmand, F., et al.: Risk perceptions of information security: a measurement study. In: Proceedings of the 2009 International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 462–469 (2009). http://dx.doi.org/10.1109/CSE.2009.449
  13. 13.
    Fischoff, B., et al.: How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Sci. 9(2), 127–152 (1978)CrossRefGoogle Scholar
  14. 14.
    Takemura, T.: Empirical analysis of behavior on information security. In: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, ITHINGSCPSCOM, pp. 358–363 (2011). http://dx.doi.org/10.1109/iThings/CPSCom.2011.8
  15. 15.
    San-Jose, P., Rodriguez, S.: Study on information security and e-Trust in Spanish households. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011, pp. 1–6 (2011). http://doi.acm.org/10.1145/1978672.1978673
  16. 16.
    Hill, R., Donaldson, D.R.: Bridging the trust gap: integrating models of behavior and perception. In: NSPW 2015 Proceedings of the 2015 New Security Paradigms Workshop, pp. 148–155 (2015). doi: 10.1145/2841113.2841125
  17. 17.
    Furnell, S., et al.: The challenges of understanding and using security: a survey of end-users. Comput. Secur. 25(1), 27–35 (2006). doi: 10.1016/j.cose.2005.12.004 CrossRefGoogle Scholar
  18. 18.
    Dhamija, R., Tygar, J.: The battle against phishing: dynamic security skins. In: Symposium on Usable Privacy and Security (SOUPS 2005), pp. 1–12 (2005). http://cups.cs.cmu.edu/soups/2005/2005proceedings/p77-dhamija.pdf
  19. 19.
    Sheng, S.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Symposium on Usable Privacy and Security (SOUPS 2007), pp. 1–12 (2007). http://cups.cs.cmu.edu/soups/2007/proceedings/p88_sheng.pdf
  20. 20.
    Kumaraguru, P., et. al.: School of phish: a real-world evaluation of anti-phishing training. In: Symposium on Usable Privacy and Security (SOUPS 2009), pp. 1–12 (2009). http://cups.cs.cmu.edu/soups/2009/proceedings/a3-kumaraguru.pdf
  21. 21.
    Canova, G., Volkamer, M., Bergmann, C., Reinheimer, B.: Nophish app evaluation: lab and retention study. In: NDSS Workshop on Usable Security (2015)Google Scholar
  22. 22.
    Besmer, A.: Social applications: exploring a more secure framework. In: Symposium on Usable Privacy and Security (SOUPS 2009), pp. 1–10 (2009). http://cups.cs.cmu.edu/soups/2009/proceedings/a2-besmer.pdf
  23. 23.
    Maurer, M., De Luca, A., Kempe, S.: Using data type based security alert dialogs to raise online security awareness. In: Symposium on Usable Privacy and Security (SOUPS 2011), pp. 1–13 (2011). http://cups.cs.cmu.edu/soups/2011/proceedings/a2_Maurer.pdf
  24. 24.
    Volkamer, M., Renaud, K., Canova, G., Reinheimer, B., Braun, K.: Design and field evaluation of PassSec: raising and sustaining web surfer risk awareness. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 104–122. Springer, Cham (2015). doi: 10.1007/978-3-319-22846-4_7 CrossRefGoogle Scholar
  25. 25.
    Picard, R.W.: Affective Computing. MIT Press, Cambridge (1997). p. 15CrossRefGoogle Scholar
  26. 26.
    McDarby, G., Condron, J., Hughes, D., Augenblick, N.: Affective feedback. Media Lab Europe (2004). http://medialabeurope.org/mindgames/publications/publicationAffectiveFeedbackEnablingTechnologies.pdf. Accessed 22 May 2012
  27. 27.
    Robison, J., McQuiggan, S., Lester, J.: Evaluating the consequences of affective feedback in intelligent tutoring systems. In: Proceedings of International Conference on Affective Computing and Intelligent Interaction (ACII 2009), Amsterdam, Netherlands, 10–12 September 2009, pp. 37–42 (2009)Google Scholar
  28. 28.
    Hall, L., Woods, S., Aylett, R., Newall, L., Paiva, A.: Achieving empathic engagement through affective interaction with synthetic characters. In: Tao, J., Tan, T., Picard, Rosalind W. (eds.) ACII 2005. LNCS, vol. 3784, pp. 731–738. Springer, Heidelberg (2005). doi: 10.1007/11573548_94 CrossRefGoogle Scholar
  29. 29.
    Ur, B., et al.: How does your password measure up? The effect of strength meters on password creation. In: Security 2012 Proceedings of the 21st USENIX Conference on Security Symposium (2012)Google Scholar
  30. 30.
    Adams, F.M., Osgood, C.E.: A cross-cultural study of the affective meanings of color. J. Cross-Cultural Psychol. 4(2), 135–156 (1973)CrossRefGoogle Scholar
  31. 31.
    Dehn, D., Van Mulken, S.: The impact of animated interface agents: a review of empirical research. Int. J. Hum.-Comput. Stud. 52(1), 1–22 (2012). http://dx.doi.org/10.1006/ijhc.1999.0325 CrossRefGoogle Scholar
  32. 32.
    Bubaš, G., Orehova, T., Konecki, M.: Factors and predictors of online security and privacy behavior. J. Inf. Organ. Sci. 32(2), 79–98 (2008)Google Scholar
  33. 33.
  34. 34.
    Fenstermacher, K.D., Ginsburg, M.A.: Lightweight framework for cross-application user monitoring. IEEE Comput. 35, 51–58 (2002)CrossRefGoogle Scholar
  35. 35.
    Nielsen, F.: A new ANEW: evaluation of a word list for sentiment analysis in microblogs. In: Proceedings of the ESWC2011 Workshop on ‘Making Sense of Microposts’: Big Things Come in Small Packages. CEUR Workshop Proceedings, vol. 718, pp. 93–98 (2011)Google Scholar
  36. 36.
    Association For Psychological Science: Stop On Red! The Effects of Color May Lie Deep in Evolution (2011). http://www.psychologicalscience.org/index.php/news/releases/stop-on-red-a-monkey-study-suggests-that-the-effects-of-color-lie-deep-in-evolution.html
  37. 37.
    Sacharin, V., Sander, D., Scherer, K.R.: The perception of changing emotion expressions. Cogn. Emot. 26, 1273–1300 (2012). http://doi.org/10.1080/02699931.2012.656583 CrossRefGoogle Scholar
  38. 38.
    Ekman, P.: Basic emotions. Cognition (1999). http://doi.org/10.1002/0470013494.ch3
  39. 39.
    Mozilla: The Future of Developing Firefox Add-ons (2015). https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox-add-ons/
  40. 40.
    Mozilla: Designed to protect your privacy (2017). https://www.mozilla.org/en-GB/firefox/desktop/trust/
  41. 41.
  42. 42.
    Salvi, S.M., Akhtar, S., Currie, Z.: Ageing changes in the eye. Postgrad. Med. J. 971, 581–587 (2006). http://doi.org/10.1136/pgmj.2005.040857 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Lynsay A. Shepherd
    • 1
  • Jacqueline Archibald
    • 1
  • Robert Ian Ferguson
    • 1
  1. 1.School of Arts, Media and Computer GamesAbertay UniversityDundeeUK

Personalised recommendations