skip to main content
10.1145/1837110.1837126acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoupsConference Proceedingsconference-collections
research-article

Improving users' security choices on home wireless networks

Published: 14 July 2010 Publication History

Abstract

Home networks are common but notoriously difficult to setup and maintain. The difficulty users experience in setting up and maintaining their home network is problematic because of the numerous security threats that can exploit poorly configured and maintained network security. Because there is little empirical data to characterize the usability problems associated with the adoption of wireless network security, we surveyed primary caretakers and users of 20 home networks, examining their perceptions and usage of the security features available to them. We found that users did not understand the difference between access control lists and encryption, and that devices fail to properly notify users of weak security configuration choices. To address these issues, we designed and evaluated a novel wireless router configuration wizard that encouraged strong security choices by improving the network configuration steps. We found that security choices made by users of our wizard resulted in stronger security practices when compared to the wizard from a leading equipment manufacturer.

References

[1]
Balfanz, D., Durfee, G., Grinter, R. E., Smetters, D. K., and Stewart, P. 2004. Network-in-a-box: how to set up a secure wireless network in under a minute. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (San Diego, CA, August 09--13, 2004). USENIX Security Symposium. USENIX Association, Berkeley, CA, 207--221.
[2]
Berghel, H. 2004. Wireless infidelity I: war driving. Commun. ACM 47, 9 (Sep. 2004), 21--26.
[3]
Bly, S., Schilit, B., McDonald, D. W., Rosario, B., and Saint-Hilaire, Y. 2006. Broken expectations in the digital home. In CHI '06 Extended Abstracts on Human Factors in Computing Systems (Montréal, Québec, Canada, April 22--27, 2006). CHI '06. ACM, New York, NY, 568--573.
[4]
Calvert, K., Edwards, W. and Grinter, R. 2007. Moving toward the middle: the case against the end-to-end argument in home networking. In Proceedings of the 6th ACM Conference on Hot Topics in Networks (Atlanta, GA, November 14--15, 2007). HotNets-VI. ACM, New York, NY.
[5]
Cam-Winget, N., Housley, R., Wagner, D., and Walker, J. 2003. Security flaws in 802.11 data link protocols. Commun. ACM 46, 5 (May. 2003), 35--39.
[6]
Chetty, M., Sung, J., and Grinter, R. E. 2007. How smart homes learn: the evolution of the networked home and household. In Proceedings of the 9th international Conference on Ubiquitous Computing (Innsbruck, Austria, September 16--19, 2007). Ubicomp '07. Springer-Verlag, Berlin, Heidelberg, 127--144.
[7]
Fleishman, G. 2008. GPU-based WPA/WPA2 crack struggles with good passwords. Retrieved June 9, 2010 from Ars Technica: http://arstechnica.com/news.ars/post/20081201-gpu-based-wpawpa2-crack-struggles-with-good-passwords.html
[8]
Fluhrer, S. R., Mantin, I., and Shamir, A. 2001. Weaknesses in the Key Scheduling Algorithm of RC4. In Revised Papers From the 8th Annual international Workshop on Selected Areas in Cryptography. Springer-Verlag, London, 1--24.
[9]
Geer, D. 2005. Malicious Bots Threaten Network Security. Computer 38, 1 (Jan. 2005), 18--20.
[10]
Grinter, R. E., Edwards, W. K., Newman, M. W., and Ducheneaut, N. 2005. The work to make a home network work. In Proceedings of the Ninth Conference on European Conference on Computer Supported Cooperative Work (Paris, France, September 18--22, 2005). H. Gellersen, K. Schmidt, M. Beaudouin-Lafon, and W. Mackay, Eds. ECSCW. Springer-Verlag New York, New York, NY, 469--488.
[11]
Hartley, M. 2008. Heavy web downloaders face broadband fees. Retrieved June 9, 2010 from The Globe and Mail: http://www.theglobeandmail.com/news/technology/article675666.ece
[12]
Kindberg, T. and Jones, T. 2007. "Merolyn the phone": a study of Bluetooth naming practices. In Proceedings of the 9th international Conference on Ubiquitous Computing (Innsbruck, Austria, September 16--19, 2007). Ubicomp '07. Springer-Verlag, Berlin, Heidelberg, 318--335.
[13]
IEEE OUI and Company_id Assignments. 2008. Retrieved June 9, 2010 from the IEEE Standards Association: http://standards.ieee.org/regauth/oui/index.shtml
[14]
Kravets, D. 2008. MPAA Says No Proof Needed in P2P Copyright Infringement Lawsuits. Retrieved June 9, 2010 from Wired: http://www.wired.com/threatlevel/2008/06/mpaa-says-no-pr/
[15]
R. MacMillan. 2006. Plugged in: Wireless Networking Baffles Some Customers. Reuters News (2006, March).
[16]
Poole, E. S., Chetty, M., Grinter, R. E., and Edwards, W. K. 2008. More than meets the eye: transforming the user experience of home network management. In Proceedings of the 7th ACM Conference on Designing interactive Systems. DIS '08. ACM, New York, NY, 455--464.
[17]
Raja, F., Hawkey, K., and Beznosov, K. 2009. Revealing hidden context: improving mental models of personal firewall users. In Proceedings of the 5th Symposium on Usable Privacy and Security. SOUPS '09. ACM, New York, NY, 1--12.
[18]
Rodden, T. and Benford, S. 2003. The evolution of buildings and implications for the design of ubiquitous domestic environments. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Ft. Lauderdale, Florida, USA, April 05--10, 2003). CHI '03. ACM, New York, NY, 9--16.
[19]
Shehan, E. and Edwards, W. K. 2007. Home networking and HCI: what hath god wrought? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (San Jose, California, USA, April 28 -- May 03, 2007). CHI '07. ACM, New York, NY, 547--556.
[20]
Stoll, J., Tashman, C. S., Edwards, W., and Spafford, K. 2008. Sesame: informing user security decisions with system visualization. In Proceeding of the SIGCHI Conference on Human Factors in Computing Systems (Florence, Italy, April 05--10, 2008). CHI '08. ACM, New York, NY, 1045--1054.
[21]
Stubblefield, A., Ioannidis, J., and Rubin, A. D. 2004. A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP). ACM Trans. Inf. Syst. Secur. 7, 2 (May. 2004), 319--332.
[22]
City of Toronto Demographics Information. 2008. Retrieved June 9, 2010 from The City of Toronto: http://www.toronto.ca/demographics/
[23]
Wang, H. 2006. Networks in the Home: Connected Consumer Electronics. Parks Associates (June 2006).
[24]
Wireless Infonetics Research, Inc. 2008. Driven by 802.11n Technology, Worldwide Wireless LAN Semiconductor Market Will Experience Double-Digit Growth Through 2012, IDC Predicts.
[25]
Yang, J. and Edwards, W. K. 2007. ICEbox: toward easy-to-use home networking. In Proceedings of the 11th International Conference on Human-Computer Interaction (Rio de Janerio, Brasil, September 10--14, 2007). INTERACT '07. Springer-Verlag, Berlin, Heidelberg. 197--210.

Cited By

View all
  • (2024)Set Up My Smart Home as I WantComputer10.1109/MC.2024.339467357:8(65-73)Online publication date: 1-Aug-2024
  • (2024)Addressing Privacy Concerns in Joint Communication and Sensing for 6G Networks: Challenges and ProspectsPrivacy Technologies and Policy10.1007/978-3-031-68024-3_5(87-111)Online publication date: 1-Aug-2024
  • (2023)A Survey of User Perspectives on Security and Privacy in a Home Networking EnvironmentACM Computing Surveys10.1145/355809555:9(1-38)Online publication date: 16-Jan-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and Security
July 2010
236 pages
ISBN:9781450302647
DOI:10.1145/1837110

Sponsors

  • Carnegie Mellon University: Carnegie Mellon University

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 July 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. configuration
  3. mental model
  4. usable security
  5. wireless network

Qualifiers

  • Research-article

Conference

SOUPS '10
Sponsor:
  • Carnegie Mellon University
SOUPS '10: Symposium on Usable Privacy and Security
July 14 - 16, 2010
Washington, Redmond, USA

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)32
  • Downloads (Last 6 weeks)2
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Set Up My Smart Home as I WantComputer10.1109/MC.2024.339467357:8(65-73)Online publication date: 1-Aug-2024
  • (2024)Addressing Privacy Concerns in Joint Communication and Sensing for 6G Networks: Challenges and ProspectsPrivacy Technologies and Policy10.1007/978-3-031-68024-3_5(87-111)Online publication date: 1-Aug-2024
  • (2023)A Survey of User Perspectives on Security and Privacy in a Home Networking EnvironmentACM Computing Surveys10.1145/355809555:9(1-38)Online publication date: 16-Jan-2023
  • (2018)The Triad of Risk-Related Behaviors (TriRB): A Three-Dimensional Model of Cyber Risk TakingHuman Factors: The Journal of the Human Factors and Ergonomics Society10.1177/001872081878395360:8(1163-1178)Online publication date: 10-Jul-2018
  • (2018)Protecting Home User Devices with an SDN-Based FirewallIEEE Transactions on Consumer Electronics10.1109/TCE.2018.281126164:1(92-100)Online publication date: Feb-2018
  • (2017)Security Challenges of the Internet of ThingsBeyond the Internet of Things10.1007/978-3-319-50758-3_3(53-82)Online publication date: 1-Jan-2017
  • (2016)Pragmatic SecurityProceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats10.1145/2995959.2995967(69-80)Online publication date: 28-Oct-2016
  • (2014)Usable Security: History, Themes, and ChallengesSynthesis Lectures on Information Security, Privacy, and Trust10.2200/S00594ED1V01Y201408SPT0115:2(1-124)Online publication date: 20-Sep-2014
  • (2014)SCENE: A Structured Means for Creating and Evaluating Behavioral Nudges in a Cyber Security EnvironmentDesign, User Experience, and Usability. Theories, Methods, and Tools for Designing the User Experience10.1007/978-3-319-07668-3_23(229-239)Online publication date: 2014
  • (2013)MultiNetProceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2470654.2466208(1569-1578)Online publication date: 27-Apr-2013
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media