| 1. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Constructing secure and memorable passwords
- 2020
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 28:5, s. 701-717
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remain the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to find strategies that allow for the generation of passwords that are both memorable and computationally secure. Design/methodology/approach The study began with a literature review that was used to identify cognitive password creation strategies that facilitate the creation of passwords that are easy to remember. Using an action-based approach, attack models were created for the resulting creation strategies. The attack models were then used to calculate the entropy for passwords created with different strategies and related to a theoretical cracking time. Findings The result of this study suggests that using phrases with four or more words as passwords will generate passwords that are easy to remember and hard to attack. Originality/value This paper considers passwords from a socio-technical approach and provides insight into how passwords that are easy to remember and hard to crack can be generated. The results can be directly used to create password guidelines and training material that enables users to create usable and secure passwords.
|
|
| 2. |
- Al Salek, Aous, et al.
(författare)
-
Exploring Experiences of Using SETA in Nordic Municipalities
- 2021
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783030811112 - 9783030811105 - 9783030811136 ; , s. 22-31
-
Konferensbidrag (refereegranskat)abstract
- User behavior is a key aspect of cybersecurity and it is well documented that insecure user behavior is the root cause of the majority of all cybersecurity incidents. Security Education, Training, and Awareness (SETA) is described by practitioners and researchers as the most important tool for improving cybersecurity behavior and has been for several decades. Further, there are several ways to work with SETA found in academic literature and a lot of research into various aspects of SETA effectiveness. However, the problem of insecure user behavior remains revealing a need for further research in the domain. While previous research have looked at the users’ experience of SETA, this study looks at SETA adoption from the perspective of the adopting organization. For this purpose, a survey was sent out to all Nordic municipalities with the intent of measuring if and how SETA is conducted, and how the respondents would ideally like to conduct SETA. The results show that a majority of the participating organizations use SETA and that e-learning is the most common delivery method. However, the results also show that gamification and embedded training is seldom used in practice nor a part of the participants’ picture of ideal SETA.
|
|
| 3. |
- Cervantes Mori, Milagros D., et al.
(författare)
-
Success factors and challenges in digital forensics for law enforcement in Sweden
- 2021
-
Ingår i: Proceedings of the 7th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2021). - : CEUR-WS. ; , s. 100-116
-
Konferensbidrag (refereegranskat)abstract
- The widespread use of communication and digital technology has affected the number of devices requiring analysis in criminal investigations. Additionally, the increase in storage volume, the diversity of digital devices, and the use of cloud environments introduce more complexities to the digital forensic domain. This work aims to supply a taxonomy of the main challenges and success factors faced in the digital forensic domain in law enforcement. The chosen method for this research is a systematic literature review of studies with topics related to success factors and challenges in digital forensics for law enforcement. The candidate studies were 1,428 peer-reviewed scientific articles published between 2015 and 2021. A total of twenty-eight primary studies were analyzed by applying thematic coding. Furthermore, a survey of digital forensic practitioners from the Swedish Police was held to triangulate the results achieved with the systematic literature review.
|
|
| 4. |
- Hedberg, David, et al.
(författare)
-
Cybersecurity in modern cars : awareness and readiness of auto workshops
- 2024
-
Ingår i: Information and Computer Security. - : Emerald Publishing. - 2056-4961.
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose: This study aims to explore auto mechanics awareness of repairs and maintenance related to the car’s cybersecurity and provide insights into challenges based on current practice. Design/methodology/approach: This study is based on an empirical study consisting of semistructured interviews with representatives from both branded and independent auto workshops. The data was analyzed using thematic analysis. A version of the capability maturity model was introduced to the respondents as a self-evaluation of their cybersecurity awareness. Findings: Cybersecurity was not found to be part of the current auto workshop work culture, and that there is a gap between independent workshops and branded workshops. Specifically, in how they function, approach problems and the tools and support available to them to resolve (particularly regarding previously unknown) issues. Research limitations/implications: Only auto workshop managers in Sweden were interviewed for this study. This role was picked because it is the most likely to have come in contact with cybersecurity-related issues. They may also have discussed the topic with mechanics, manufacturers or other auto workshops – thus providing a broader view of potential issues or challenges. Practical implications: The challenges identified in this study offers actionable advice to car manufacturers, branded workshops and independent workshops. The goal is to further cooperation, improve knowledge sharing and avoid unnecessary safety or security issues. Originality/value: As cars become smarter, they also become potential targets for cyberattacks, which in turn poses potential threats to human safety. However, research on auto workshops, which has previously ensured that cars are road safe, has received little research attention with regards to the role cybersecurity can play in repairs and maintenance. Insights from auto workshops can therefore shed light upon the unique challenges and issues tied to the cybersecurity of cars, and how they are kept up-to-date and road safe in the digital era.
|
|
| 5. |
- Hedberg, David, et al.
(författare)
-
Cyberthreats in Modern Cars : Responsibility and Readiness of Auto Workshops
- 2023
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783031385292 - 9783031385322 - 9783031385308 ; , s. 275-284
-
Konferensbidrag (refereegranskat)abstract
- Modern cars are becoming increasingly smarter and connected. Today, cars often contain features ranging from controlling service functions through a mobile application to remote road assistance. However, as cars become smarter, they also become potential targets for cyberattacks, and a potential threat to human safety. Traditionally, handing in a car to an auto workshop for repairs and maintenance have ensured that the car is road safe. But, to what extent are auto mechanics aware of repairs and maintenance related to the car’s cybersecurity? Based on interviews with eight auto workshop specialists in Sweden, using the capability maturity model as lens to capture the readiness maturity, the following study looks at experiences with cybersecurity related to cars, what current tools are used, and procedures to deal with a cyberattack against cars in their workshop. It was found that auto workshops are potential targets, with limited solutions existing today, and that cyber security is not a part of the current culture. It was also found that there is a gap between independent workshops and branded workshops in how they function and in what manner they approach problems and issues. Specifically, for new issues (i.e., previously unencountered issues), branded workshops relied more on the manufacturer than independent workshops who were left to use whatever solution they could figure out by their own means, which sometimes may be akin to hacking the car’s systems.
|
|
| 6. |
- Holgersson, Jesper, PhD, 1974-, et al.
(författare)
-
Cybersecurity and Digital Exclusion of Seniors : What Do They Fear?
- 2021
-
Ingår i: Human Aspects of Information Security and Assurance. - Cham : Springer. - 9783030811112 - 9783030811105 - 9783030811136 ; , s. 12-21
-
Konferensbidrag (refereegranskat)abstract
- The rapid development of digitalization has led to a more or less endless variety of ways for individuals to communicate and interact with the outside world. However, in order to take advantage of all the benefits of digitalization, individuals need to have the necessary skills. Seniors represent a group that, compared to other groups, lives in a digital exclusion to an excessive extent, mainly due to the fact that they lack the necessary knowledge to use digital technology and digital services. Based on empirical data collected from seniors partaking in digital training, we have analyzed their perceptions of why they and other seniors are digitally excluded. Our findings point out that a major barrier for seniors to be more digitally included is different variants of fear of using digital technology and digital services. The common denominator can be traced down the possibilities to be exposed to frauds, scams, viruses, and faulty handling, which in turn cause undesired consequences. Consequently, we propose a research agenda where digital training and digital inclusion measurements should be studied side by side with cybersecurity behavior. Thus, making cybersecurity a fundamental part of digital inclusion has the potential to minimize the fears identified in this research as inhibitors to technology adoption.
|
|
| 7. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
A taxonomy of factors that contribute to organizational Cybersecurity Awareness (CSA)
- 2024
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961.
-
Tidskriftsartikel (refereegranskat)abstract
- PurposeDeveloping cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA.Design/methodology/approachThe research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts.FindingsThe result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field.Practical implicationsOrganizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities.Originality/valueThe output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.
|
|
| 8. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
A taxonomy of SETA methods and linkage to delivery preferences
- 2023
-
Ingår i: The Data base for Advances in Information Systems. - : Association for Computing Machinery (ACM). - 0095-0033 .- 1532-0936. ; 54:4, s. 107-133
-
Tidskriftsartikel (refereegranskat)abstract
- Cybersecurity threats targeting users are common in today’s information systems. Threat actors exploit human behavior to gain unauthorized access to systems and data. The common suggestion for addressing this problem is to train users to behave better using SETA programs. The notion of training users is old, and several SETA methods are described in scientific literature. Yet, incidents stemming from insecure user behavior continue to happen and are reported as one of the most common types of incidents. Researchers argue that empirically proven SETA programs are needed and point out focus on knowledge rather than behavior, and poor user adoption, as problems with existing programs. The present study aims to research user preferences regarding SETA methods, with the motivation that a user is more likely to adopt a program perceived positively. A qualitative approach is used to identify existing SETA methods, and a quantitative approach is used to measure user preferences regarding SETA delivery. We show that users prefer SETA methods to be effortless and flexible and outline how existing methods meet that preference. The results outline how SETA methods respond to user preferences and how different SETA methods can be implemented to maximize user perception, thereby supporting user adoption.
|
|
| 9. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage
- 2019
-
Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019). - : University of Plymouth Press. - 9780244190965 ; , s. 155-165
-
Konferensbidrag (refereegranskat)abstract
- Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.
|
|
| 10. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Analyzing the usage of character groups and keyboard patterns in password creation
- 2020
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 28:3, s. 347-358
-
Tidskriftsartikel (refereegranskat)abstract
- PurposeUsing passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community.Design/methodology/approachThe study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users.FindingsThe result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users.Originality/valueThis paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.
|
|
