Evaluation of the model for analysing anti-phishing authentication ceremonies

Authors

Edina Hatunic-Webster, School of Computing Dublin Institute of Technology, Dublin, Ireland
Fredrick Mtenzi, Aga Khan UniversityFollow
Brendan O'Shea, School of Computing Dublin Institute of Technology, Dublin, Ireland

Document Type

Article

Department

Institute for Educational Development, East Africa

Abstract

Phishing takes advantage of the way humans interact with computers or interpret messages. A security ceremony is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. It is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. We propose a model with which anti-phishing authentication ceremonies can be examined not only with a technical focus but by including the human into the analysis. The model examines anti-phishing authentication tasks that a human needs to apply, how users process these additional authentication tasks and how these tasks impact the human’s decision outcome. We outline the evaluation of the model and propose a ceremony called MultiStep Mutual Authentication (MSMA) that combines PIN, text password and dynamic image feedback as a help to foil phishing attacks. The MSMA ceremony is used as part of the evaluation of the model.

Comments

This work was published before the author joined Aga Khan University.

Publication (Name of Journal)

International Journal for Information Security Research

DOI

https://doi.org/10.1109/ICITST.2014.7038795

Recommended Citation

Hatunic-Webster, E., Mtenzi, F., O'Shea, B. (2015). Evaluation of the model for analysing anti-phishing authentication ceremonies. International Journal for Information Security Research, 5(1), 529-537.
Available at: https://ecommons.aku.edu/eastafrica_ied/179