Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. OpenID is a mainstream Web single sign-on (SSO) solution intended for Internet-scale adoption. There are currently over one billion OpenID-enabled user accounts provided by major content-hosting and […]
CHI Work in Progress to Feature LERSSE Research
This year, in Vancouver, Work In Progress Posters session of SIG CHI Conference will feature three research projects of my graduate students. San-Tsai Sun and his team-mates will present results of investigating the challenges web users face when using OpenID for authentication. They also designed a phishing-resistant, privacy-preserving browser add-on to provide a consistent and […]
Undergrad Security Course Features Cool Projects
Students in my undergraduate computer security course had done several excellent projects. You can watch video clips of the projects or read reports. httpvp://www.youtube.com/view_play_list?p=ABEF30FCC4453A52 I would like particularly mention the following projects: Security Analysis of the i>clicker Audience Response System best analysis project! best presentation! Derek Gourlay, Yuan Sunarto, Yik Lam Sit, Tian-Cheng Wang Security Analysis of Verrus Pay-by-Phone […]
Lessons learned from studying users’ mental models of security
In the course of past three years at LERSSE, we have done several studies that helped us to further the understanding of users’ mental models, when it comes to security. A mental model is “an abstraction of system’s architecture and software structures that is simple enough for non-technical users to grasp. . . It provides an integrated […]