Conditioned-safe ceremonies and a user study of an application to web authentication

Chris Karlof, J. D. Tygar, David Wagner
2009 Proceedings of the 5th Symposium on Usable Privacy and Security - SOUPS '09  
We introduce the notion of a conditioned-safe ceremony. A "ceremony" is similar to the conventional notion of a protocol, except that a ceremony explicitly includes human participants. Our formulation of a conditioned-safe ceremony draws on several ideas and lessons learned from the human factors and human reliability community: forcing functions, defense in depth, and the use of human tendencies, such as rule-based decision making. We propose design principles for building conditioned-safe
more » ... monies and apply these principles to develop a registration ceremony for machine authentication based on email. We evaluated our email registration ceremony with a user study of 200 participants. We designed our study to be as ecologically valid as possible: we employed deception, did not use a laboratory environment, and attempted to create an experience of risk. We simulated attacks against the users and found that email registration was significantly more secure than challenge question based registration. We also found evidence that conditioning helped email registration users resist attacks, but contributed towards making challenge question users more vulnerable.
doi:10.1145/1572532.1572578 dblp:conf/soups/KarlofTW09 fatcat:gyxsixxlsvcdfbfa35nfyum5ie