| 1. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage
- 2019
-
Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019). - : University of Plymouth Press. - 9780244190965 ; , s. 155-165
-
Konferensbidrag (refereegranskat)abstract
- Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.
|
|
| 2. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Defining and modelling the online fraud process
- 2018
-
Ingår i: Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance. - Plymouth : University of Plymouth Press. - 9780244402549 ; , s. 203-213
-
Konferensbidrag (refereegranskat)abstract
- As we have become more and more active online so has online criminals. Looking at one type of Internet crimes, online frauds, it is apparent that any-one can be targeted by a fraudster online. It has also been shown that online frauds keep increasing from year to year. It has even been estimated that one third of the adult population in America encounters online fraudsters, annually. In this paper we aimed to increase the knowledge about online frauds. We did this by producing a model that describes the process and aspects of an online fraud as well as a proposed definition of the term "online fraud". In this paper, we present the model and definition that we created and demonstrate their usefulness. The usefulness is demonstrated in our validation step, where we applied the definition to known online fraud schemes. We also conducted an interview in which the model was said to be useful in order to explain how an online fraud scheme was carried out, during a criminal prosecution. As such, that demonstrates that our model can be used to increase the understanding of online frauds.
|
|
| 3. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Online Fraud Defence by Context Based Micro Training
- 2015
-
Ingår i: Online Fraud Defence by Context Based Micro Training. - : University of Plymouth Press. - 9781841023885 ; , s. 256-264
-
Konferensbidrag (refereegranskat)abstract
- Online frauds are a category of Internet crime that has been increasing globally over the past years. Online fraudsters use a lot of different arenas and methods to commit their crimes and that is making defence against online fraudsters a difficult task. Today we see continuous warnings in the daily press and both researchers and governmental web-pages propose that Internet users gather knowledge about online frauds in order to avoid victimisation. In this paper we suggest a framework for presenting this knowledge to the Internet users when they are about to enter a situation where they need it. We provide an evaluation of the framework that indicates that it can both make users less prone to fraudulent ads and more trusting towards legitimate ads. This is done with a survey containing 117 participants over two groups where the participants were asked to rate the trustworthiness of fraudulent and legitimate ads.. One groups used the framework before the rating and the other group did not. The results showed that, in our study, the participants using the framework put less trust in fraudulent ads and more trust in legitimate ads.
|
|
| 4. |
|
|
| 5. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
The Development of a Password Classification Model
- 2018
-
Ingår i: Journal of Information System Security. - : The Information Institute. - 1551-0123 .- 1551-0808. ; 14:1, s. 31-46
-
Tidskriftsartikel (refereegranskat)abstract
- In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.
|
|
| 6. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Understanding passwords – a taxonomy of password creation strategies
- 2019
-
Ingår i: Information and Computer Security. - : Emerald Group Publishing Limited. - 2056-4961. ; 27:3, s. 453-467
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.
|
|
| 7. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Users perception of using CBMT for information security training
- 2019
-
Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019). - : University of Plymouth Press. - 9780244190965 ; , s. 122-131
-
Konferensbidrag (refereegranskat)abstract
- It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.
|
|
| 8. |
- Kävrestad, Joakim, 1989-, et al.
(författare)
-
Using Context Based MicroTraining to Develop OER for the Benefit of All
- 2019
-
Ingår i: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden. - New York : ACM Digital Library. - 9781450363198
-
Konferensbidrag (refereegranskat)abstract
- This paper demonstrates how Context Based MicroTraining (CBMT) can be used to develop open educational resources in a way that benefits students enrolled in university courses as well as anyone who wants to participate in open-learning activities. CBMT is a framework that provides guidelines for how educational resources should be structured. CBMT stipulates that information should be presented in short sequences and that is relevant for the learner’s current situation. In this paper, CBMT is implemented in a practical ICT course using video lectures that are delivered as open educational resources using YouTube. The experiences of enrolled students as well as YouTube users are evaluated as well as the actual results of the enrolled students. The results of the study suggest that users of the video lectures appreciate the learning approach. The actual results, i.e. learning outcomes, of the enrolled students are maintained. The study also demonstrates how using CBMT as open educational resources can free up time for teachers and increase the quality of teaching by benefitting from community feedback.
|
|
| 9. |
- Rocha Flores, Waldo, et al.
(författare)
-
Investigating personal determinants of phishing and the effect of national culture
- 2015
-
Ingår i: Information Management & Computer Security. - : Emerald Group Publishing Limited. - 0968-5227 .- 1758-5805. ; 23:2
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose – The purpose of the study was twofold: to investigating the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations.Design/methodology/approach – To measure potential determinants, a survey was distributed to 2099 employees of nine organizations in Sweden, USA, and India. Then, we conducted unannounced phishing exercises in where a phishing attack targeted the same sample.Findings – Intention to resist social engineering, general information security awareness, formal IS training, and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees’ observed phishing behavior differs between Swedish, US and Indian employees in six out of fifteen cases.Research limitations/implications – The identified determinants all had, even though not a strong, a significant positive correlation. This suggests that more work needs to be done in order to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, difference based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggests that conclusions based on the results from the cultural analysis should be drawn cautiously. A natural continuation of our research is therefore to further explore the generalizability of our findings by collecting data from other nations with similar cultures as Sweden, USA and India.Originality/value – Using direct observations of employees’ security behaviors has rarely been used in previous research. Furthermore, analyzing potential differences in theoretical models based on national culture is an understudied topic in the behavioral information security field. This paper addresses these both two issues.
|
|
| 10. |
|
|
