Visible to the public Biblio

Filters: Keyword is self-control  [Clear All Filters]
2018-07-18
Takada, Tetsuji.  2017.  Authentication Shutter: Alternative Countermeasure Against Password Reuse Attack by Availability Control. Proceedings of the 12th International Conference on Availability, Reliability and Security. :41:1–41:9.

A mass attack to web services using leaked account information has been done in recent years. The causes of the attack are information leakage and use of a same password among multiple services. Available measures to the attack are mainly using an alternative authentication method such as two-factor authentication or one-time password. Such measures put an additional operation load or credential management on users, and may also impose additional management costs to users or service providers for dedicated devices. These issues limit the applicability of such measures to only parts of various services. Therefore, I propose an alternative measure against the attack by using the concept of shutters in car garages. The proposed scheme is referred as the "authentication shutter". In this scheme, a legitimate user can control the availability of user authentication directly. This means that, even if an attacker has a valid user ID and password, if a legitimate user sets the user authentication as unavailable, an attacker cannot pass user authentication. I explain the basic idea and how to implement the scheme as a web system, and also discuss about the usability and security of the scheme.

2018-05-30
Ifinedo, Princely.  2017.  Effects of Organization Insiders' Self-Control and Relevant Knowledge on Participation in Information Systems Security Deviant Behavior: [Best Paper Nominee]. Proceedings of the 2017 ACM SIGMIS Conference on Computers and People Research. :79–86.

Disastrous consequences tend to befall organizations whose employees participate in information systems security deviant behavior (ISSDB) (e.g., connecting computers to the Internet through an insecure wireless network and opening emails from unverified senders). Although organizations recognize that ISSDB poses a serious problem, understanding what motivates its occurrence continues to be a key concern. While studies on information technology (IT) misuse abounds, research specifically focusing on the drivers of ISSDB remains scant in the literature. Using self-control theory, augmented with knowledge of relevant factors, this study examined the effects of employees' self-control, knowledge of computers/IT, and information systems (IS) security threats and risks on participation in ISSDB. A research model, including the aforementioned factors, was proposed and tested using the partial least squares technique. Data was collected from a survey of Canadian professionals. The results show that low self-control and lower levels of knowledge of computers/IT are related to employees' involvement in ISSDB. The data did not provide a meaningful relationship between employees' knowledge of IS security threats/risks and desire to participate in ISSDB.