Model for analysing Anti-Phishing Authentication Ceremonies

Authors

Edina Hatunic-Webster, School of Computing Dublin Institute of Technology, Dublin, Ireland
Fredrick Mtenzi, Aga Khan UniversityFollow
Brendan O'Shea, School of Computing Dublin Institute of Technology, Dublin, Ireland

Document Type

Conference Paper

Department

Institute for Educational Development, East Africa

Abstract

Phishing takes advantage of the way humans interact with computers or interpret messages; and also that many online authentication protocols place a disproportional burden on human abilities. A security ceremony is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. It is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. In this paper, we propose a Human Factors in Anti-Phishing Authentication Ceremonies (APAC) Framework for investigating phishing attacks in authentication ceremonies, which builds on The Human-in-the-Loop Security Framework of communication processing. We show how to apply the APAC framework to model human-protocol behaviour. The resulting Model for Analysing APAC correlates the framework components and examines how the authentication tasks required to be performed by humans influence their decision-making and consequently their phishing detection.

Comments

This work was published before the author joined Aga Khan University.

Publication (Name of Journal)

IEEE

Recommended Citation

Hatunic-Webster, E., Mtenzi, F., & O'Shea, B. (2014, December). Model for analysing anti-phishing authentication ceremonies. In The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014) (pp. 144-150). IEEE.