OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. While the security of the protocol is ...clearly critical, so far its security analysis has only been done in a partial and ad-hoc manner. This paper presents the results of a systematic analysis of the protocol using both formal model checking and an empirical evaluation of 132 popular websites that support OpenID. Our formal analysis reveals that the protocol does not guarantee the authenticity and integrity of the authentication request, and it lacks contextual bindings among the protocol messages and the browser. The results of our empirical evaluation suggest that many OpenID-enabled websites are vulnerable to a series of cross-site request forgery attacks (CSRF) that either allow an attacker to stealthily force a victim user to sign into the OpenID supporting website and launch subsequent CSRF attacks (81%), or force a victim to sign in as the attacker in order to spoof the victim's personal information (77%). With additional capabilities (e.g., controlling a wireless access point), the adversary can impersonate the victim on 80% of the evaluated websites, and manipulate the victim's profile attributes by forging the extension parameters on 45% of those sites. Based on the insights from this analysis, we propose and evaluate a simple and scalable mitigation technique for OpenID-enabled websites, and an alternative man-in-the-middle defense mechanism for deployments of OpenID without SSL.
This study investigates the context of interactions of information technology (IT) security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify ...nine different activities that require interactions between security practitioners and other stakeholders, and describe in detail two of these activities that may serve as useful references for security-tool usability scenarios. We propose a model of the factors contributing to the complexity of interactions between security practitioners and other stakeholders, and discuss how this complexity is a potential source of security issues that increase the risk level within organizations. Our analysis also reveals that the tools used by our participants to perform their security tasks provide insufficient support for the complex, collaborative interactions that their duties involve. We offer several recommendations for addressing this complexity and improving IT security tools.
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. In this article, we explore how domain specific heuristics are ...created by examining prior research in the area of heuristic and guideline creation. We then describe our approach of creating usability heuristics for ITSM tools, which is based on guidelines for ITSM tools that are interpreted and abstracted with activity theory. With a between-subjects study, we compared the employment of the ITSM and Nielsen's heuristics for evaluation of a commercial identity management system. Participants who used the ITSM set found more problems categorized as severe than those who used Nielsen's. We analyzed several aspects of our heuristics including the performance of individual participants using the heuristic, the performance of individual heuristics, the similarity of our heuristics to Nielsen's, and the participants' opinion about the use of heuristics for evaluation of IT security tools. We then discuss the implications of our results on the use of ITSM and Nielsen's heuristics for usability evaluation of ITSM tools.
Many lecture halls today have two or more screens to be used by instructors for lectures with computer-supported visual aids. Typically, this additional screen real estate is not used to display ...additional information; rather a single stream of information is projected on all screens. We describe a controlled laboratory study that empirically assesses the effect on students learning of using the increased classroom screen real estate to project an additional stream of information. We measured how well participants learned from a two-stream presentation compared to a one-stream presentation duplicated on both screens. Data indicate that using extra screen real estate can indeed improve learning. In particular, learning was most improved when pertinent prior information was shown alongside currently explained information. There is also evidence that visual comparisons were improved with parallel viewing using extra screen real estate. Subjective data gathered from participants showed a strong preference for learning with two streams of content over a regular one-stream presentation.
OpenID and OAuth are open and simple Web SSO protocols that have been adopted by major service providers, and millions of supporting Web sites. However, the average user’s perception of Web SSO is ...still poorly understood. Through several user studies, this work investigates users’ perceptions and concerns when using Web SSO for authentication. We found that our participants had several misconceptions and concerns that impeded their adoption. This ranged from their inadequate mental models of Web SSO, to their concerns about personal data exposure, and a reduction in perceived Web SSO value due to the employment of password management practices. Informed by our findings, we offer a Web SSO technology acceptance model, and suggest design improvements.
In hospitals, offices and other settings, professionals face the challenge of accessing and sharing sensitive content in public areas. As tablets become increasingly adopted in work environments, it ...is important to explore ways to support privacy that are appropriate for tablet use in dynamic, mobile workflows. In this research we consider how spatial information can be utilized to support both individual and collaborative work in a natural way while respecting data privacy. We present a proof-of-concept implementation of a proximity-aware tablet, and a range of privacy notification and control mechanisms designed for such a tablet. Results from a user study support the idea that interpersonal distance and orientation can be used to mediate privacy management for tablet interfaces. Selecting a specific design for privacy threat notification and response is highly context-dependent—for example, in health care the first priority is to not impede the fluid exchange of information.
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to ...cooperate with others, and technological complexity. We investigate the organizational processes in ITSM using qualitative analysis of interviews with ITSM practitioners. To account for the distributed nature of ITSM, we utilized and extended a distributed cognition framework that includes as key aspects the themes of cues and norms. We show how ITSM challenges foster under-use of cues and norms, which comprises a type of risk that may result in outcomes that are adverse to the organization’s interests. Throughout, we use scenarios told by our participants to illustrate the various concepts related to cues and norms as well as ITSM breakdowns.
OpenID and OAuth are open and simple Web SSO protocols that have been adopted by major service providers, and millions of supporting Web sites. However, the average useras perception of Web SSO is ...still poorly understood. Through several user studies, this work investigates usersa perceptions and concerns when using Web SSO for authentication. We found that our participants had several misconceptions and concerns that impeded their adoption. This ranged from their inadequate mental models of Web SSO, to their concerns about personal data exposure, and a reduction in perceived Web SSO value due to the employment of password management practices. Informed by our findings, we offer a Web SSO technology acceptance model, and suggest design improvements.
PDF
