A process for supporting risk-aware web authentication mechanism choice

Reliability Engineering and System Safety

Volumn 92, Issue 9, 2007, Pages 1204-1217

  Renaud, Karen ^a  

^a UNIVERSITY OF GLASGOW   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; DATA REDUCTION; USER INTERFACES; WEBSITES;

STRUCTURED PROCESSES; WEB AUTHENTICATION MECHANISMS;

SECURITY OF DATA;

EID: 33847401100     PISSN: 09518320     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ress.2006.08.008     Document Type: Article

References (50)

1. Fox S, Anderson JQ, Rainie L. The future of the internet. Technical report, Pew Internet and American life project, 〈http://www.pewinternet.org/pdfs/PIP_Future_of_Internet.pdf〉; 2005 [Accessed May 2006].
2. Joyce E. Amazon's profit jumps, but it eases outlook, 〈internetnews.com〉; [21 October 2004].
3. DTI. Information security factsheet, 〈http://www.dti.gov.uk/bestpractice/assets/security/intro-to-info.pdf〉; 2005.
4. Deliotte. Global security survey 〈http://www.ladlass.com/ice/archives/files/deliotte〉.
5. Hills S. Millions 'are wide open to online crime', Metro; 28 October 2005.
6. Rash W. Password chaos threatens e-commerce; 15 February 2002.
7. Schneier B. Cryptogram newsletter, 〈http://www.schneier.com〉; September 2005.
8. van Wyk K.R., and McGraw G. Bridging the gap between software development and information security. IEEE Secur Privacy 3 5 (2005) 75-79
9. Thompson P.B., and Dean W.R. Competing conceptions of risk. Risk Health Saf Environ 7 (1996) 361-384
10. Starr C., and Whipple C. Risks of risk decisions. Science 208 (1980) 1114-1119
11. Risk assessment: report of a royal society study group. London; The Royal Society. 1983.
12. Adams J. Risk. University College London; 1995.
13. Plough A., and Krimsky S. The emergence of risk communication studies: social and political context. Sci Technol Hum Values 12 3-4 (1987) 4-10
14. Finkel A.M. Comparing risks thoughtfully. Risk 7 4 (1996) 325-359
15. Pfleeger C.P. Quality time: the fundamentals of information-security. IEEE Software 14 1 (1997) 15-16,60
16. Beck U. Risk society: towards a new modernity (1986), Sage, Beverly Hills, CA
17. Alberts CJ, Behrens AG, Pethia RD, Wilson WR. Operationally critical threat, asset and vulnerability evaluation (octave) framework. Technical report CMU/SEI-99-TR-017, version 1.0, Carnegie Mellon University Software Engineering Institute, 〈http://www.sei.cmu.edu/pub/documents/99.reports/pdf/99tr017.pdf〉; June 1999.
18. Vidalis S., and Jones A. Threat agents: what infosec officers need to know. Mediterr J Comput Networks 1 2 (2005) 97-110
19. Peltier T.R. Information security risk analysis (2005), Auerbach, Philadelphia, PA. http://www.peltierassociates.com/frap.htm 〈http://www.peltierassociates.com/frap.htm〉
20. Briand LC, Emam KE, Bomarius F. Cobra: a hybrid method for software COst estimation, benchmarking, and risk assessment. In: Twentieth international conference on software engineering (ICSE'98); 1998. p. 390 〈http://www.riskworld.net/index.htm〉.
21. American Chemical Society. Understanding risk analysis. A short guide for health, safety, and environmental policy making, 〈http://www.rff.org/rff/Publications/loader.cfm?url=/commonspot/security%/getfile.cfm{minus 45 degree rule}&PageID=14418〉; 1998.
22. Endorf C.F. Measuring ROI on security. In: Tipton H.F., and Krause M. (Eds). Information security management handbook. 5th ed. (2004), Auerbach Publications, Philadelphia, PA 685-688
23. Smith N.J. Managing risk in construction projects (1999), Blackwell Scientific Publication, Oxford
24. Kraemer H.C., Kazdin A., Offord D., Kessler R.C., Jensen P.S., and Kupfer D.J. Coming to terms with the terms of risk. Arch Gen Psychiatry 54 (1997) 337-343
25. Hertz D.B., and Thomas H. Practical risk analysis and approach through case histories (1984), Wiley, Chichester, UK
26. Pfleeger C.P., and Pfleeger S.L. Security in computing. 3rd ed. (2003), Prentice-Hall, Upple Saddle River, NJ
27. Andrews M., and Whittaker J.A. Computer security. IEEE Secur Privacy 2 5 (2004) 68-71
28. Tiller J.S. Outsourcing security. In: Tipton H.F., and Krause M. (Eds). Information security management handbook. 5th Ed. (2004), Auerbach, Philadelphia, PA 1061-1072
29. Carroll J.M. Computer security (2004), Butterworth-Heinemann, London
30. Greene A. A process approach to project risk management. In: Doctoral research workshop: construction process research, Loughborough University; 2000. p. 14-25.
31. Slovic P. Trust, emotion, sex, politics and science: surveying the risk-assessment battlefield. Risk Anal 19 4 (1999) 689-701
32. De Angeli A., Coventry L., Johnson G., and Renaud K. Is a picture really worth a thousand words? Reflecting on the usability of graphical authentication systems. Int J Human-Comput Stud HCI research on Privacy and Security 63 1-2 (2005) 128-152 [special issue]
33. Ellison C., Hall C., Milbert R., and Schneier B. Protecting secret keys with personal entropy. Future Gener Comput Syst 16 (2000) 311-318
34. Ives B., Walsh K.R., and Schneider H. The domino effect of password reuse. Commun ACM 47 4 (2004) 75-78
35. Braghin C. Biometric authentication, 〈http://citeseer.ist.psu.edu/436492.html〉; November 2000 [Accessed 13 April 2005].
36. Berghel H. Identity theft, social security numbers, and the web. CACM 43 2 (2000) 17-21
37. Madigan S. Picture memory. In: Yuille J. (Ed). Imagery, memory, and cognition: essays in honour of Allan Paivio (1983), Lawrence Erlbaum Associates, Hillsdale, NJ 65-86
38. Brostoff S., and Sasse A. Are passfaces more usable than passwords? A field trial investigation. In: McDonald S. (Ed). People and computers XIV-usability or else! Proceedings of HCI 2000 (2000), Springer, Berlin 405-424
39. Dhamija R., and Perrig A. Déjà vu: a user study using images for authentication. Proceedings of USENIX security symposium (2000), Denver, Colorado 45-58
40. De Angeli A., Coutts M., Coventry L., and Johnson G.I. VIP: a visual approach to user authentication. Proceedings of the working conference on advanced visual interfaces AVI 2000 (2002), ACM Press, New York 316-323
41. Blonder GE. Graphical password. United States Patent 5559961; 1996.
42. Renaud K.V., and De Angeli A. My password is here! Investigating authentication schemes based on visuo-spatial memory. Interacting Comput 16 6 (2004) 1017-1041
43. Jermyn I, Mayer A, Monrose F, Reoter MK, Rubin AD. The design and analysis of graphical passwords. In: Proceedings of the ninth USENIX security symposium; 2000. Electronic proceedings 〈http://www.usenix.org/publications/library/proceedings/sec2000/technica%l.html〉.
44. Thorpe J, van Oorschot P. Graphical dictionaries and the memorable space of graphical passwords. In: Thirteenth USENIX security symposium; 2004. p. 135-50.
45. Renaud K. A visuo-biometric authenticaton mechanism for older users. In: Proceedings of the British HCI 2005. Edinburgh; September 5-9, 2005. p. 167-82.
46. O'Gorman L. Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91 12 (2003) 2019-2040
47. IASEP, Data security protocol for education. Center for Information Assurance and Security and the Indiana Assessment System of Education Proficiencies. Purdue Research Foundation 〈http://iasep.soe.purdue.edu/Protocol/home_page.htm〉; September 2000.
48. Miller JC. Risk assessment for your web site. IRMI.com, International Risk Management Institute 〈http://www.irmi.com/Expert/Articles/2000/Schoenfeld.aspx〉; September 2000.
49. Blaze M. Safecracking for the computer scientist. Technical report, CIS Department, University of Pennsylvania; 2004.
50. Mitnick K.D., and Simon W.L. The art of intrusion (2005), Hungry Minds Inc, Indianapolis