Presentation is loading. Please wait.

Presentation is loading. Please wait.

Amber McConahy.  Multifaceted and multidimensional  Marsh & Dibben (2003) definition and layers of trust  “Trust concerns a positive expectation regarding.

Published byWendy Sloman Modified over 9 years ago

Similar presentations

Presentation on theme: "Amber McConahy.  Multifaceted and multidimensional  Marsh & Dibben (2003) definition and layers of trust  “Trust concerns a positive expectation regarding."— Presentation transcript:

1 Amber McConahy

2  Multifaceted and multidimensional  Marsh & Dibben (2003) definition and layers of trust  “Trust concerns a positive expectation regarding the behavior of somebody or something is a situation that entails risk to the trusting party” ▪ Dispositional Trust – personality trait relating to trust ▪ Learned Trust – tendency to trust based on experience ▪ Situational Trust – trust adjusted based on situational cues  Key Questions  Reliable representation of trust in interactions and interfaces?  Transforming trust to security and vice versa?  Identification and mitigation of trust failings? 2

3  Vital to security but poorly understood  Perfect information removes need for trust  Trust without risk is meaningless  Online users must develop knowledge to make trust decisions  Developers must provide trustable designs  Must trust both people and technology  Halo Effect  Judgment based on attractiveness  Trust is built slowly and destroyed quickly 3

4  Meyer et al.  Ability to fulfill promises  Integrity relates meeting expectations  Benevolence is acting in best interest of client  Egger’s MoTEC  Superficial trust based on interface  Reasoned trust based on content analysis  Relationship trust based on transactional history 4

5 Trust Willingness to Transact Familiarity 5

6  Lee, Kim, and Moon  Trust and transaction cost are opposing factors  Corritore et al.  Credibility, ease of use, and risk affect trust  McKnight et al.  Trusting beliefs, intentions, and behaviors  Riegelsberger et al.  Focuses on incentives rather than opinions and beliefs 6

7  Trust and risk are related  Trust relates to beliefs  Ease of use can affect trust  Trust likely develops in stages  External factors and context can be relevant 7

8 DO  Ensure ease of use  Make design attractive  Convey real world  Include seals of approval  TRUSTe  Explain and justify content  Provide security and privacy statements  Provide background  Define roles  Personalize service DON’T  Make spelling mistakes  Mix ads and content  Be inconsistent or unpredictable  Forget peer evaluations  References  User feedback  Ignore alternatives  Links to other sites  Poor response or communication 8

9  Norm of Reciprocity (Goulder 1960)  Information likely to be provided in exchange for information of services  Leads to increased trust  Could increase vulnerability  Zhu et al.  Study of user behavior under reciprocity attacks  Use of InfoSource software with “Alice” guide 9

10  Experimental group disclosed more  Over 85% of users found “Alice” helpful  Perception of importance related to disclosure  Relevance of requested information matters  Income not provided due to perceived irrelevance  Beliefs and attitudes correlated with willingness to share information  Trust is related to willingness to share information 10

11  Users often don’t comprehend what computer is asking  Presents dilemma rather than decision  Users seek alternative information resources  Trust is aggregation of clues and tradeoffs  Large scopes and less context lead to impede consent  User’s are reluctant to provide personal data 11

12  Claims often do not correspond to actions  Consequences are often not fully evaluated  Users don’t like making global decisions  Developers and users have different views  Users confuse terminology  Hacking vs. virus  Software bug vs. virus 12

13 13

14 14

15  Secure default choses “Don’t Install”  Labels changed from “Yes” and “No” to “Install” and “Don’t Install”  Options provided  Simplified primary text  Evidence via certificates  Auxiliary text separated  “What’s the Risk?” link provided for more information 15

16 16

17 17

18  Purposeful similarity to ActiveX to promote consistency  Secure default option “Cancel”  Label changed from “Open” to “Run”  Primary text simplified to single question  Options provided  Evidence of filename and source provided  Assistance text separated with “What’s the risk?” link 18

19  Trust decisions should be made in context  Narrow scope and avoid global setups  Make the most trusted option the default  Replace dilemmas with choices  Always provide trusted response option  Convey consequences to actions  Respect the user’s decision  Submit even when decision is not comprehended by computer 19

20 Sauvik Das

21 Physical Attacks Syntactic Attacks 21

22 Semantic Attacks: “... Attacks that target the way we, as humans, assign meaning to content....Semantic attacks directly target the human/computer interface, the most insecure interface on the Internet “ 22

23 Semantic Attacks: “... Attacks that target the way we, as humans, assign meaning to content....Semantic attacks directly target the human/computer interface, the most insecure interface on the Internet “ 23 http://lol-gonna-log-ur-keys.com

24  Semantic Attacks…  violate trust  deceive  are a new form of “hacking”—Cognitive Hacking 24

25  “Pump-and-Dump” schemes  Buy penny stocks cheap  Artificially inflate price (spread misinformation)  Sell for profit, leaving others “holding-the-bag” Pump Inflate Dump 25

26  WTF Stuxnet?  Had elements of semantic attack:  Tricked technicians into believing centrifuges were operating fine Looks okay to me 26

27  And, of course: Phishing 27

28  Phishing is…:  deceiving users to obtain sensitive information  spoofing “trustworthy” communications  phreaking + fishing  a growing threat 28

29  It is very lucrative.  $2.4 million to $9.4 million dollars per yer per million online banking customers  ~$2000 on each compromised bank account. 29

30  It’s easy.  There are Do-it-Yourself Phishing Kits  AND, several easy accessible tutorials 30

31  It’s hard to defend against.  “You and I can think about things. Symbols in our brains have meanings. The question is, can a [computer] think about things, or merely process digits that have no Aboutness—no meaning—no semantic content” – Neal Stephenson, Anathem Meaning 31

32  Easy to distribute, and low success rate is okay.  4700 per 1,000,000 banking credentials lost on average (0.47%)  BUT, bad guys still make plenty of money from that 32

33  With Social Web, phishing is more effective.  Paper by Jagatic et al: ▪ Mined relationships of students using publicly available information ▪ Using this information, conducted a spear phishing attack ▪ Found that using social info, people were 4.5x more likely to fall for phish (16% versus 72%). 33

34 It all goes back to trust. 1. People judge legitimacy by design 2. People do not trust web browser security 3. Awareness is not a strategy 4. Severity of the consequences does not seem to inform behavior 34

35  Study by Sheng et al.  Women more likely than men  Age 18-25 at highest risk  Lower technical knowledge at higher risk  Generally risk averse people are at lower risk  Not orthogonal. 35

36  Study by Sheng et al.  Women more likely than men  Age 18-25 at highest risk  Lower technical knowledge at higher risk  Generally risk averse people are at lower risk  Not orthogonal. 36

37  Study by Sheng et al.  Women more likely than men  Age 18-25 at highest risk  Lower technical knowledge at higher risk  Generally risk averse people are at lower risk  Not orthogonal. 37

38  How can we mitigate phishing and other semantic attacks?  Raise Awareness?  Education?  Automatic Detection?  Better Visualizations of Danger?  ??? 38

39  It’s a tough problem  Only a small percentage (0.47%) of users need to be compromised for phishing to continue to be lucrative  Don’t want to make users afraid to go to legitimate websites (majority) in the process.  How do current mitigation strategies help? 39

40  Improve visual cues 40

41  Improving visual cues  Not as effective as it could be.  People don’t trust their web browsers (ahem…IE)  Dhamija et al. study (Firefox): ▪ Many people do not look at browser-based cues ▪ 23% didn’t look at all ▪ Make incorrect choices about phishing 40% of the time 41

42  Education 42

43  Education  Effective…but awareness alone not sufficient  Need to offer course of action  Sheng et al. study: ▪ 40% improvement among participants ▪ Some forms of education inhibit clicking of legitimate links as well (learn avoidance not phishing awareness) 43

44  Phishing scams are still increasing! 44

45  We have some effective strategies, but the problem is still open.  The Phishing explosion can be attributed to:  Users are still falling for it  DIY Phishing Kits making it increasingly easier to make phishing scams  We can mitigate the first problem, but what about the second? 45

46  Semantic attacks hack a user’s mind  Phishing is one common semantic attack  Deceive users to obtain their sensitive information  Phishing is tough to mitigate because:  It is lucrative  Easy to do  Education seems to be one great way to reduce the incidence of phishing.  We also need to find ways to make creating phish less appealing or more difficult. 46

47 47

Download ppt "Amber McConahy.  Multifaceted and multidimensional  Marsh & Dibben (2003) definition and layers of trust  “Trust concerns a positive expectation regarding."

Similar presentations

BC501 eBusiness Topic 3.....Digital Design

BC501 eBusiness Topic Digital Design
AC 4304 Financial Reporting Theory Week 2 Presentation Dennis Ivan Rita.

AC 4304 Financial Reporting Theory Week 2 Presentation Dennis Ivan Rita.
Back to Table of Contents

Back to Table of Contents
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
How does a web-service’s apparent trustworthiness affect people’s intention to adopt? a.k.a. “Seal of Approval and Multidimensionality of Perceived Trustworthiness.

How does a web-service’s apparent trustworthiness affect people’s intention to adopt? a.k.a. “Seal of Approval and Multidimensionality of Perceived Trustworthiness.
Trust and Privacy. Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy.

Trust and Privacy. Agenda Questions? Questions? Trust Trust More project time More project time Privacy Privacy.
WEB BROWSER PRIVACY & SECURITY Nan Li Informed Consent in the Mozilla Browser: Implementing Value-Sensitive Design 10/13/2009 08-534 Usability Privacy.

WEB BROWSER PRIVACY & SECURITY Nan Li Informed Consent in the Mozilla Browser: Implementing Value-Sensitive Design 10/13/ Usability Privacy.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.

Phishing and Trust. Agenda Questions? Questions? Phishing Phishing Project feedback Project feedback Trust Trust.
Designing for security and privacy. Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments.

Designing for security and privacy. Agenda Tests Tests Project questions? Project questions? Design lecture Design lecture Assignments Assignments.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.

1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
Inspection Methods. Inspection methods Heuristic evaluation Guidelines review Consistency inspections Standards inspections Features inspection Cognitive.

Inspection Methods. Inspection methods Heuristic evaluation Guidelines review Consistency inspections Standards inspections Features inspection Cognitive.
Chapter 9 e-Commerce Systems.

Chapter 9 e-Commerce Systems.
Chapter 6 Consumer Attitudes Consumer Attitudes.

Chapter 6 Consumer Attitudes Consumer Attitudes.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
 Introduction (Scary details)  Part I: Introduction to Stock Market Challenge (Brett) 4:30 to 5:15  Part II: What is Financial Literacy (Bill) 5:15.

 Introduction (Scary details)  Part I: Introduction to Stock Market Challenge (Brett) 4:30 to 5:15  Part II: What is Financial Literacy (Bill) 5:15.
E-Safety Quiz Keeping safe online! A guide for parents & children.

E-Safety Quiz Keeping safe online! A guide for parents & children.
Consumer Behavior, Ninth Edition Schiffman & Kanuk MKT 344 Chapter 1 Consumer Behavior: Meeting Changes and Challenges.

Consumer Behavior, Ninth Edition Schiffman & Kanuk MKT 344 Chapter 1 Consumer Behavior: Meeting Changes and Challenges.
E-commerce E-commerce is defined as the process of buying, selling, or exchanging products, services, or information via computer networks, including.

E-commerce E-commerce is defined "as the process of buying, selling, or exchanging products, services, or information via computer networks, including.

Similar presentations

Ads by Google