Disaster is just a click away

September 11, 2012

MANHATTAN, Kan. -- A Kansas State University computer scientist and psychologist are developing improved security warning messages that prompt users to go with their gut when it comes to making a decision online.

Eugene Vasserman, assistant professor of computing and information sciences, and Gary Brase, associate professor of psychology, are researching how to help computer users who have little to no computer experience improve their Web browsing safety without security-specific education. The goal is to keep users from making mistakes that could compromise their online security and to inform them when a security failure has happened.

"Security systems are very difficult to use, and staying safe online is a growing challenge for everyone," Vasserman said. "It is especially devastating to inexperienced computer users, who may not spot risk indicators and may misinterpret currently implemented textual explanations and visual feedback of risk."

Vasserman, whose expertise is in building secure networked systems, and Brase, who studies decision-making and the rationality behind people's choices, are developing a simple visual messaging system that would show novice computer users an easily understandable, relatable warning regarding their security decisions. These could be a choice to visit a website with an expired security certificate, or a website that is know to contain malware, among other online dangers. The idea is to have users make a gut reaction decision based on the message.

"The challenge is to get people to make the right decision," Vasserman said. "For example, sometimes a browser will show a dialog box saying this website has an expired SSL certificate, and sometimes the safer behavior is for people to still proceed and accept the expired certificate. But sometimes a website can pose a serious threat. We want people to make good choices without having to understand the technical detail, but we don't want to make the choice for them; we want to show them the importance and danger level of that choice."

Their project, "Education-optional Security Usability on the Internet," was recently awarded nearly $150,000 by the National Science Foundation. Researchers are using the funding to develop, test and evaluate the effectiveness of new and existing educational tools to find which ones case users to make better online security choices.

This system should minimize the use of traditional text warnings and icons, according to Vasserman.

The messaging system created will also likely be used in a medical project that Vasserman and colleagues are developing. The researchers are designing a secure network for hospitals and doctors' offices so medical devices can communicate with each other to monitor and relay information about a patient's health. Having a system that shows instantaneously recognizable consequences could be helpful to physicians and hospital engineers, who are not familiar with cybersecurity, make a correct decision quickly about what to do with a medical device that has a security problem.

"Presenting bad things with some sort of visual image is tricky because you want to convey to the user that this is not good, but you also don't want to traumatize them," Vasserman said. "For example, some people are terrified of snakes so that may be too intense of an image to use. When this is applied to a medical environment you have to especially conscious, so there are more considerations."

Prior to collaborating with Brase, Vasserman and Sumeet Gujrati, a doctoral candidate in computing and information sciences, tested the effectiveness of textual and visual communication for security messages and workflows.

Researchers spent more than 90 hours collecting data by observing volunteers use a piece of popular software that encrypts files on a computer.

The on-screen instructions asked users to select a location to store the encrypted files, but users often selected an existing file due to the phrasing of the instructions. This prompted an on-screen warning message stating that the selected file would be erased and all of the information inside of it would be lost. Users then had to decide to continue and erase the file or cancel the process and start over.

"I sat in the room many times and watched as people read the warning message carefully, sometimes even re-reading it, and then watched as they clicked on 'yes' and destroyed the file," Vasserman said. "Because the information being conveyed to them in the message was not immediately clear, many users specifically deleted the file they wanted to protect. I see that as an indicator that a text warning is not effective at getting users to make the correct choice."
-end-


Kansas State University

Related Computer Articles from Brightsurf:

UCLA computer scientists set benchmarks to optimize quantum computer performance
Two UCLA computer scientists have shown that existing compilers, which tell quantum computers how to use their circuits to execute quantum programs, inhibit the computers' ability to achieve optimal performance.

Digitize your dog into a computer game
Researchers from CAMERA at the University of Bath have developed motion capture technology that enables you to digitise your dog without a motion capture suit and using only one camera.

Stabilizing brain-computer interfaces
Researchers from Carnegie Mellon University (CMU) and the University of Pittsburgh (Pitt) have published research in Nature Biomedical Engineering that will drastically improve brain-computer interfaces and their ability to remain stabilized during use, greatly reducing or potentially eliminating the need to recalibrate these devices during or between experiments.

Computer-generated genomes
Professor Beat Christen, ETH Zurich to speak in the AAAS 2020 session, 'Synthetic Biology: Digital Design of Living Systems.' Christen will describe how computational algorithms paired with chemical DNA synthesis enable digital manufacturing of biological systems up to the size of entire microbial genomes.

Computer-based weather forecast: New algorithm outperforms mainframe computer systems
The exponential growth in computer processing power seen over the past 60 years may soon come to a halt.

A computer that understands how you feel
Neuroscientists have developed a brain-inspired computer system that can look at an image and determine what emotion it evokes in people.

Computer program looks five minutes into the future
Scientists from the University of Bonn have developed software that can look minutes into the future: The program learns the typical sequence of actions, such as cooking, from video sequences.

Computer redesigns enzyme
University of Groningen biotechnologists used a computational method to redesign aspartase and convert it to a catalyst for asymmetric hydroamination reactions.

Mining for gold with a computer
Engineers from Texas A&M University and Virginia Tech report important new insights into nanoporous gold -- a material with growing applications in several areas, including energy storage and biomedical devices -- all without stepping into a lab.

Teaching quantum physics to a computer
An international collaboration led by ETH physicists has used machine learning to teach a computer how to predict the outcomes of quantum experiments.

Read More: Computer News and Computer Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.