amber mcconahy. multifaceted and multidimensional marsh & dibben (2003) definition and layers...
Post on 14-Dec-2015
217 Views
Preview:
TRANSCRIPT
Trust Amber McConahy
2
Trust
Multifaceted and multidimensional Marsh & Dibben (2003) definition and layers of
trust “Trust concerns a positive expectation regarding the
behavior of somebody or something is a situation that entails risk to the trusting party” ▪ Dispositional Trust – personality trait relating to trust▪ Learned Trust – tendency to trust based on experience▪ Situational Trust – trust adjusted based on situational cues
Key Questions Reliable representation of trust in interactions and
interfaces? Transforming trust to security and vice versa? Identification and mitigation of trust failings?
3
Trust in Digital Realm
Vital to security but poorly understood Perfect information removes need for trust Trust without risk is meaningless Online users must develop knowledge to
make trust decisions Developers must provide trustable designs
Must trust both people and technology Halo Effect
Judgment based on attractiveness Trust is built slowly and destroyed quickly
4
Models of Trust
Meyer et al. Ability to fulfill promises Integrity relates meeting expectations Benevolence is acting in best interest of
client Egger’s MoTEC
Superficial trust based on interface Reasoned trust based on content
analysis Relationship trust based on transactional
history
5
Bhattacherjee’s Model
Trust
Willingness to Transact
Familiarity
+ +
+
6
Additional Trust Models
Lee, Kim, and Moon Trust and transaction cost are opposing
factors Corritore et al.
Credibility, ease of use, and risk affect trust
McKnight et al. Trusting beliefs, intentions, and
behaviors Riegelsberger et al.
Focuses on incentives rather than opinions and beliefs
7
Model Summary
Trust and risk are related Trust relates to beliefs Ease of use can affect trust Trust likely develops in stages External factors and context can be
relevant
8
Trust Guidelines
DO Ensure ease of use Make design attractive Convey real world Include seals of approval
TRUSTe Explain and justify
content Provide security and
privacy statements Provide background Define roles Personalize service
DON’T
Make spelling mistakes Mix ads and content Be inconsistent or
unpredictable Forget peer evaluations
References User feedback
Ignore alternatives Links to other sites
Poor response or communication
9
Reciprocity
Norm of Reciprocity (Goulder 1960) Information likely to be provided in
exchange for information of services Leads to increased trust Could increase vulnerability
Zhu et al. Study of user behavior under reciprocity
attacks Use of InfoSource software with “Alice”
guide
10
Results of Reciprocity Study Experimental group disclosed more Over 85% of users found “Alice” helpful Perception of importance related to
disclosure Relevance of requested information matters
Income not provided due to perceived irrelevance
Beliefs and attitudes correlated with willingness to share information
Trust is related to willingness to share information
11
Users & Trust
Users often don’t comprehend what computer is asking Presents dilemma rather than
decision Users seek alternative information
resources Trust is aggregation of clues and
tradeoffs Large scopes and less context
lead to impede consent User’s are reluctant to provide
personal data
12
Behaviors & Trust
Claims often do not correspond to actions
Consequences are often not fully evaluated
Users don’t like making global decisions
Developers and users have different views
Users confuse terminology Hacking vs. virus Software bug vs. virus
13
ActiveX (SP 1)
14
Redesigned ActiveX (SP2)
15
Key Design Changes
Secure default choses “Don’t Install” Labels changed from “Yes” and “No”
to “Install” and “Don’t Install” Options provided Simplified primary text Evidence via certificates Auxiliary text separated “What’s the Risk?” link provided for
more information
16
File Download Dialog (SP1)
17
File Download Dialog (SP2)
18
Redesign Features
Purposeful similarity to ActiveX to promote consistency
Secure default option “Cancel” Label changed from “Open” to “Run” Primary text simplified to single
question Options provided Evidence of filename and source
provided Assistance text separated with
“What’s the risk?” link
19
Conclusions
Trust decisions should be made in context Narrow scope and avoid global setups
Make the most trusted option the default
Replace dilemmas with choices Always provide trusted response option Convey consequences to actions
Respect the user’s decision Submit even when decision is not
comprehended by computerSimilarities to models of trust?
Semantic AttacksSauvik Das
21
Schneier’s Security Attacks
Physical Attacks
Syntactic Attacks
22
Schneier’s Security AttacksSemantic Attacks: “. . . Attacks that target the way we, as humans, assign meaning to content. . . .Semantic attacks directly
target the human/computer interface, the most insecure interface on the Internet“
23
Schneier’s Security AttacksSemantic Attacks: “. . . Attacks that target the way we, as humans, assign meaning to content. . . .Semantic attacks directly
target the human/computer interface, the most insecure interface on the Internet“
http://lol-gonna-log-ur-keys.com
24
Semantic Attacks
Semantic Attacks… violate trust deceive are a new form of “hacking”—Cognitive
Hacking
25
Types of Semantic Attacks
“Pump-and-Dump” schemes Buy penny stocks cheap Artificially inflate price (spread
misinformation) Sell for profit, leaving others “holding-
the-bag”
Pump
Inflate
Dump
26
Types of Semantic Attacks
WTF Stuxnet? Had elements of semantic attack:
Tricked technicians into believing centrifuges were operating fine
Looks okay to me
27
Types of Semantic Attacks
And, of course: Phishing
28
What is Phishing?
Phishing is…: deceiving users to obtain sensitive information spoofing “trustworthy” communications phreaking + fishing a growing threat
29
Why Phish?
It is very lucrative. $2.4 million to $9.4 million dollars per
yer per million online banking customers ~$2000 on each compromised bank
account.
30
Why Phish?
It’s easy. There are Do-it-Yourself Phishing Kits AND, several easy accessible tutorials
31
Why Phish?
It’s hard to defend against. “You and I can think about things.
Symbols in our brains have meanings. The question is, can a [computer] think about things, or merely process digits that have no Aboutness—no meaning—no semantic content” – Neal Stephenson, AnathemMeaning
32
Why Phish?
Easy to distribute, and low success rate is okay. 4700 per 1,000,000 banking credentials
lost on average (0.47%) BUT, bad guys still make plenty of money
from that
33
Why Phish?
With Social Web, phishing is more effective. Paper by Jagatic et al:▪ Mined relationships of students using publicly
available information▪ Using this information, conducted a spear
phishing attack▪ Found that using social info, people were 4.5x
more likely to fall for phish (16% versus 72%).
34
Why do people fall for Phish?
It all goes back to trust.
1. People judge legitimacy by design2. People do not trust web browser
security3. Awareness is not a strategy4. Severity of the consequences does
not seem to inform behavior
35
Who Falls for Phish?
Study by Sheng et al. Women more likely than men Age 18-25 at highest risk Lower technical knowledge at higher risk Generally risk averse people are at lower
risk
Not orthogonal.
36
Who Falls for Phish?
Study by Sheng et al. Women more likely than men Age 18-25 at highest risk Lower technical knowledge at higher risk Generally risk averse people are at lower
risk
Not orthogonal.
37
Who Falls for Phish?
Study by Sheng et al. Women more likely than men Age 18-25 at highest risk Lower technical knowledge at higher risk Generally risk averse people are at lower
risk
Not orthogonal.
38
Mitigation
How can we mitigate phishing and other semantic attacks?
Raise Awareness? Education? Automatic Detection? Better Visualizations of Danger? ???
39
Mitigation
It’s a tough problem Only a small percentage (0.47%) of
users need to be compromised for phishing to continue to be lucrative
Don’t want to make users afraid to go to legitimate websites (majority) in the process.
How do current mitigation strategies help?
40
Mitigation Strategies
Improve visual cues
41
Mitigation Strategies
Improving visual cues Not as effective as it could be. People don’t trust their web browsers (ahem…IE) Dhamija et al. study (Firefox):▪ Many people do not look at browser-based cues▪ 23% didn’t look at all
▪ Make incorrect choices about phishing 40% of the time
42
Mitigation Strategies
Education
43
Mitigation Strategies
Education Effective…but awareness alone not
sufficient Need to offer course of action Sheng et al. study:▪ 40% improvement among participants▪ Some forms of education inhibit clicking of
legitimate links as well (learn avoidance not phishing awareness)
44
BUT…
Phishing scams are still increasing!
45
Phishing Growth
We have some effective strategies, but the problem is still open.
The Phishing explosion can be attributed to: Users are still falling for it DIY Phishing Kits making it increasingly easier
to make phishing scams
We can mitigate the first problem, but what about the second?
46
Summary
Semantic attacks hack a user’s mind Phishing is one common semantic attack
Deceive users to obtain their sensitive information
Phishing is tough to mitigate because: It is lucrative Easy to do
Education seems to be one great way to reduce the incidence of phishing.
We also need to find ways to make creating phish less appealing or more difficult.
47
Questions?
top related