Title :
Conducting ethical yet realistic usable security studies
Author :
Herzberg, Amir ; Margulies, Ronen
Author_Institution :
Dept. of Comput. Sci., Bar Ilan Univ., Ramat Gan, Israel
Abstract :
Ethical yet realistic evaluation of usable security mechanisms is both critical and challenging. We study a particular and important case: the security achieved by different defenses against phishing, where users play a key role in detecting the attacks. We argue that proper evaluation of such anti-phishing defenses, requires users to act `naturally¿, similarly to their real-life behavior, without excessive awareness of being tested for detecting attacks.We focus on our experience from conducting one of the most extensive, long-term usable security experiments, evaluating anti-phishing defenses [5]. We discuss the different ethical and operational challenges and present our recommendations.
Keywords :
computer crime; ethical aspects; anti phishing defenses; attack detection; ethical challenge; ethical studies; operational challenge; usable security studies; Browsers; Computer science; Educational institutions; Electronic mail; Ethics; Security; Tutorials; Attacking Users; Long-Term User Study; Phishing; Ethics; StudyDesign; Usable Security;
Conference_Titel :
Security and Privacy Workshops (SPW), 2013 IEEE
Conference_Location :
San Francisco, CA
Print_ISBN :
978-1-4799-0458-7
DOI :
10.1109/spw.2013.6915056
