The economics of user effort in information security

A significant number of security breaches result from employees' failures to comply with security policies. The cause is often an honest mistake, such as when an employee enters their password in a phishing website, believing it to be a legitimate one.1 It can also be a workaround when faced with an impossible task, such as when an employee has so many different passwords that they must be written down

Gathering realistic authentication performance data through field trials

Most evaluations of novel authentication mechanisms have been conducted under laboratory conditions. We argue that the results of short-term usage under laboratory conditions do not predict user performance “in the wild”, because there is insufficient time between enrolment and testing, the number of authentications is low, and authentication is presented as a primary task, rather then the secondary task as it is “in the wild”. User generated reports of performance on the other hand provide subjective data, so reports on frequency of use, time intervals, and success or failure of authentication are subject to the vagaries of users ’ memories. Studies on authentication that provide objective performance data under real-world conditions are rare. In this paper, we present our experiences with a study method that tries to control frequency and timing of authentication, and collects reliable performance data, while maintaining ecological validity of the authentication context at the same time. We describe the development of an authentication server called APET, which allows us to prompt users enrolled in trial cohorts to authenticate at controlled intervals, and report our initial experiences with trials. We conclude by discussing remaining challenges in obtaining reliable performance data through a field trial method such as this one

Human-centred identity - from rhetoric to reality

This paper presents a proposal for human-centred identity management. Even though the term ‘human-centred identity’ has been widely used in the past few years, the solutions either descritbe a technical system for managing identity, or describe an identity management solution that meets a particular administrative need. Our proposal, however, presents a set of propertis that have to be considered, and the choices have to be made for each property must satisfy the needs of both the individual and the organization that owns the identity management system. The properties were identified as a result of reviewing a range of national identity systems, and the problems that arise from them

Users are not the enemy

Many system security departments treat users as a security risk to be controlled. The general consensus is that most users are careless and unmotivated when it comes to system security. In a recent study, we found that users may indeed compromise computer security mechanisms, such as password authentication, both knowing and unknowingly. A closer analysis, however, revealed that such behavior is often caused by the way in which security mechanisms are implemented, and users ’ lack of knowledge. We argue that to change this state of affairs, security departments need to communicate more with users, and adopt a user-centered design approach

Missing dimer defects investigated by adsorption of nitric oxide (NO) on silicon (100) 2 × 1

This paper describes a study concerning the interaction of nitric oxide (NO) with the clean Si(100)2×1 surface in ultra-high vacuum at room temperature. Differential reflectometry (DR) in the photon energy range of 2.4–4.4 eV. Auger electron spectroscopy (AES) and low energy electron diffraction (LEED) have been used to investigate the chemisorption of NO on Si(100)2×1. With this combination of techniques it is possible to make an analysis of the geometric and electronic structure and chemical composition of the surface layer. The aim of the present study was to explain the experimental results of the adsorption of NO on the clean Si(100)2×1 at 300 K. Analysing the electronic and geometric structure of a simplified stepped 2×1 reconstructed Si(100) surface and of the NO molecule in combination with the use of Woodward-Hoffmann rules (WHR) we were able to model a surface defect specific adsorption mechanism. Surface defects such as missing dimer defects seem to play an important role in the adsorption mechanism of NO on the silicon surface. The experimental results are consistent with this developed model. We also suggest a relation between the missing dimer defects and the number of steps on the silicon surface

The adsorption of nitric oxide on a silicon (100) 2 × 1 surface studied with Auger electron spectroscopy

We present an Auger electron spectroscopy (AES) study of the adsorption of nitric oxide (NO) on a clean Si(100)2 × 1 surface at 300 and 550 K. Accurate measurement reeveal well resolved fine structure at Auger SiL2.3VV transitions at 62 and 83 eV. These peaks can be attributed to Si---O and Si---N bonds. Furthermore, it is argued that the broadening in the SiLi2.3VV Auger transition at 83 eV at 300 K may be composed of two nearby peaks, which could be attributed to two different kinds of chemical bonding, Si---N and Si---O. The absence of a peak at 69 eV at room temperature strongly suggests the NO adsorption on a Si(100)2 × 1 surface to be molecular. Dissociation of NO on the Si(100)2 × 1 surface is observed at 550 K

3D Simulation of Partial Discharge in High Voltage Power Networks

Open accessPartial discharge (PD) events arise inside power cables due to defects of cable’s insulation material, characterized by a lower electrical breakdown strength than the surrounding dielectric material. These electrical discharges cause signals to propagate along the cable, manifesting as noise phenomena. More significantly, they contribute to insulation degradation and can produce a disruptive effect with a consequent interruption of power network operation. PD events are, therefore, one of the best ‘early warning’ indicators of insulation degradation and, for this reason, the modeling and studying of such phenomena, together with the development of on-line PDs location methods, are important topics for network integrity assessment, and to define methods to improve the power networks’ Electricity Security. This paper presents a 3D model of PD events inside a void in epoxy-resin insulation cables for High Voltage (HV) power networks. The 3D model has been developed using the High Frequency (HF) Solver of CST Studio Suite® software. PD events of a few µs duration have been modelled and analyzed. The PD behavior has been investigated using varying electrical stress. A first study of the PD signal propagation in a power network is described

The kindest cut: Enhancing the user experience of mobile tv through adequate zooming

The growing market of Mobile TV requires automated adaptation of standard TV footage to small size displays. Especially extreme long shots (XLS) depicting distant objects can spoil the user experience, e.g. in soccer content. Automated zooming schemes can improve the visual experience if the resulting footage meets user expectations in terms of the visual detail and quality but does not omit valuable context information. Current zooming schemes are ignorant of beneficial zoom ranges for a given target size when applied to standard definition TV footage. In two experiments 84 participants were able to switch between original and zoom enhanced soccer footage at three sizes - from 320x240 (QVGA) down to 176x144 (QCIF). Eye tracking and subjective ratings showed that zoom factors between 1.14 and 1.33 were preferred for all sizes. Interviews revealed that a zoom factor of 1.6 was too high for QVGA content due to low perceived video quality, but beneficial for QCIF size. The optimal zoom depended on the target display size. We include a function to compute the optimal zoom for XLS depending on the target device size. It can be applied in automatic content adaptation schemes and should stimulate further research on the requirements of different shot types in video coding