Full Description
This book makes the case that traditional security design does not take the end-user into consideration, and therefore, fails. This book goes on to explain, using a series of examples, how to rethink security solutions to take users into consideration. By understanding the limitations and habits of users - including malicious users, aiming to corrupt the system - this book Illustrates how better security technologies are made possible.
Traditional security books focus on one of the following areas: cryptography, security protocols, or existing standards. They rarely consider the end user as part of the security equation, and when they do, it is in passing. This book considers the end user as the most important design consideration, and then shows how to build security and privacy technologies that are both secure and which offer privacy. This reduces the risk for social engineering and, in general, abuse.
Advanced-levelstudents interested in software engineering, security and HCI (Human Computer Interaction) will find this book useful as a study guide. Engineers and security practitioners concerned with abuse and fraud will also benefit from the methodologies and techniques in this book.
Contents
PART I: Considering the Typical User.- 1. Mind your SMSes: Mitigating Social Engineering in Second Factor Authentication.- 2. Permissions and Privacy.- 3. Privacy and Tracking.- PART II: Considering the Malicious User.- 4. A Framework for Analysis Attackers' Accounts.- 5. Environmentally and Politically Conscious Crypto.- Part III: Designing Solutions Based on Typical and Malicious Users.- 6. Social Engineering Resistant 2FA.- 7. The Rising Threat of Launchpad Attacks.- 8. Discouraging Counterfeiting.- 9. Seeing the Future.
