"This book provides fruitful content for engineers and researchers to consider when designing (or adopting) a security protocol. The editor uses many paradigms and charts to lively depict what he wants readers to comprehend. I recommend this book to readers who have a background in information security, especially cryptographic engineers and researchers." (Zheng Gong, Computing Reviews, August 11, 2021)
PART I: Considering the Typical User.- 1. Mind your SMSes: Mitigating Social Engineering in Second Factor Authentication.- 2. Permissions and Privacy.- 3. Privacy and Tracking.- PART II: Considering the Malicious User.- 4. A Framework for Analysis Attackers’ Accounts.- 5. Environmentally and Politically Conscious Crypto.- Part III: Designing Solutions Based on Typical and Malicious Users.- 6. Social Engineering Resistant 2FA.- 7. The Rising Threat of Launchpad Attacks.- 8. Discouraging Counterfeiting.- 9. Seeing the Future.
Dr. Markus Jakobsson has spent more than 20 years as a security researcher, scientist and entrepreneur, studying phishing, crimeware, mobile security, privacy and user interaction. He spearheaded research in malware and mobile security technologies at Qualcomm, after his startup, FatSkunk, was acquired by Qualcomm. He performed email security research and helped track Nigerian scammers as the Chief Scientist at Agari. In addition, Dr. Jakobsson has held key roles as Principal Scientist at PayPal, Xerox PARC, and RSA Security, and as Chief of Security and Data Analytics at Amber Solutions. He has also worked as a testifying expert witness in a range of high-profile patent litigation cases, covering digital rights management, Internet and mobile security, authentication, and spam detection. He has a PhD in Computer Science from University of California at San Diego.
This book makes the case that traditional security design does not take the end-user into consideration, and therefore, fails. This book goes on to explain, using a series of examples, how to rethink security solutions to take users into consideration. By understanding the limitations and habits of users – including malicious users, aiming to corrupt the system – this book Illustrates how better security technologies are made possible.
Traditional security books focus on one of the following areas: cryptography, security protocols, or existing standards. They rarely consider the end user as part of the security equation, and when they do, it is in passing. This book considers the end user as the most important design consideration, and then shows how to build security and privacy technologies that are both secure and which offer privacy. This reduces the risk for social engineering and, in general, abuse.
Advanced-level students interested in software engineering, security and HCI (Human Computer Interaction) will find this book useful as a study guide. Engineers and security practitioners concerned with abuse and fraud will also benefit from the methodologies and techniques in this book.