Model for analysing Anti-Phishing Authentication Ceremonies
Institute for Educational Development, East Africa
Phishing takes advantage of the way humans interact with computers or interpret messages; and also that many online authentication protocols place a disproportional burden on human abilities. A security ceremony is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. It is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. In this paper, we propose a Human Factors in Anti-Phishing Authentication Ceremonies (APAC) Framework for investigating phishing attacks in authentication ceremonies, which builds on The Human-in-the-Loop Security Framework of communication processing. We show how to apply the APAC framework to model human-protocol behaviour. The resulting Model for Analysing APAC correlates the framework components and examines how the authentication tasks required to be performed by humans influence their decision-making and consequently their phishing detection.
Publication ( Name of Journal)
Hatunic-Webster, E., Mtenzi, F., & O'Shea, B. (2014, December). Model for analysing anti-phishing authentication ceremonies. In The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014) (pp. 144-150). IEEE.