Team for Research in
Ubiquitous Secure Technology

Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication
Chris Karlof, Doug Tygar, David Wagner

Citation
Chris Karlof, Doug Tygar, David Wagner. "Conditioned-safe Ceremonies and a User Study of an Application to Web Authentication". Sixteenth Annual Network and Distributed Systems Security Symposium, 2009.

Abstract
We introduce the notion of a conditioned-safe ceremony. A “ceremony” is similar to the conventional notion of a protocol, except that a ceremony explicitly includes human participants. Our formulation of a conditioned-safe ceremony draws on several ideas and lessons learned from the human factors and human reliability community: forcing functions, defense in depth, and the use of human tendencies, such as rule-based decision making. We propose design principles for building conditioned-safe ceremonies and apply these principles to develop a registration ceremony for machine authentication based on email. We evaluated our email registration ceremony with a user study of 200 participants. We designed our study to be as ecologically valid as possible: we employed deception, did not use a laboratory environment, and attempted to create an experience of risk. We simulated attacks against the users and found that email registration was significantly more secure than challenge question based registration. We also found evidence that conditioning helped email registration users resist attacks, but contributed towards making challenge question users more vulnerable.

Electronic downloads

Citation formats  
  • HTML
    Chris Karlof, Doug Tygar, David Wagner. <a
    href="http://www.truststc.org/pubs/498.html"
    >Conditioned-safe Ceremonies and a User Study of an
    Application to Web Authentication</a>,  Sixteenth
    Annual Network and Distributed Systems Security Symposium,
    2009.
  • Plain text
    Chris Karlof, Doug Tygar, David Wagner.
    "Conditioned-safe Ceremonies and a User Study of an
    Application to Web Authentication".  Sixteenth Annual
    Network and Distributed Systems Security Symposium, 2009.
  • BibTeX
    @inproceedings{KarlofTygarWagner09_ConditionedsafeCeremoniesUserStudyOfApplicationToWeb,
        author = {Chris Karlof and Doug Tygar and David Wagner},
        title = {Conditioned-safe Ceremonies and a User Study of an
                  Application to Web Authentication},
        booktitle = { Sixteenth Annual Network and Distributed Systems
                  Security Symposium},
        year = {2009},
        abstract = {We introduce the notion of a conditioned-safe
                  ceremony. A âceremonyâ is similar to the
                  conventional notion of a protocol, except that a
                  ceremony explicitly includes human participants.
                  Our formulation of a conditioned-safe ceremony
                  draws on several ideas and lessons learned from
                  the human factors and human reliability community:
                  forcing functions, defense in depth, and the use
                  of human tendencies, such as rule-based decision
                  making. We propose design principles for building
                  conditioned-safe ceremonies and apply these
                  principles to develop a registration ceremony for
                  machine authentication based on email. We
                  evaluated our email registration ceremony with a
                  user study of 200 participants. We designed our
                  study to be as ecologically valid as possible: we
                  employed deception, did not use a laboratory
                  environment, and attempted to create an experience
                  of risk. We simulated attacks against the users
                  and found that email registration was
                  significantly more secure than challenge question
                  based registration. We also found evidence that
                  conditioning helped email registration users
                  resist attacks, but contributed towards making
                  challenge question users more vulnerable.},
        URL = {http://www.truststc.org/pubs/498.html}
    }
    

Posted by Chris Karlof on 28 Jan 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.