his.sePublikationer
Ändra sökning
Länk till posten
Permanent länk

Direktlänk
BETA
Nohlberg, Marcus
Alternativa namn
Publikationer (10 of 34) Visa alla publikationer
Kävrestad, J., Zaxmy, J. & Nohlberg, M. (2020). Analyzing the usage of character groups and keyboard patterns in password creation. Information and Computer Security
Öppna denna publikation i ny flik eller fönster >>Analyzing the usage of character groups and keyboard patterns in password creation
2020 (Engelska)Ingår i: Information and Computer Security, E-ISSN 2056-4961Artikel i tidskrift (Refereegranskat) Epub ahead of print
Abstract [en]

Purpose

Using passwords to keep account and data safe is very common in modern computing. The purpose of this paper is to look into methods for cracking passwords as a means of increasing security, a practice commonly used in penetration testing. Further, in the discipline of digital forensics, password cracking is often an essential part of a computer examination as data has to be decrypted to be analyzed. This paper seeks to look into how users that actively encrypt data construct their passwords to benefit the forensics community.

Design/methodology/approach

The study began with an automated analysis of over one billion passwords in 22 different password databases that leaked to the internet. The study validated the result with an experiment were passwords created on a local website was analyzed during account creation. Further a survey was used to gather data that was used to identify differences in password behavior between user that actively encrypt their data and other users.

Findings

The result of this study suggests that American lowercase letters and numbers are present in almost every password and that users seem to avoid using special characters if they can. Further, the study suggests that users that actively encrypt their data are more prone to use keyboard patterns as passwords than other users.

Originality/value

This paper contributes to the existing body of knowledge around password behavior and suggests that password-guessing attacks should focus on American letters and numbers. Further, the paper suggests that forensics experts should consider testing patterns-based passwords when performing password-guessing attacks against encrypted data.

Ort, förlag, år, upplaga, sidor
Emerald Group Publishing Limited, 2020
Nyckelord
computer security, security, encryption, usage, password
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
INF303 Informationssäkerhet; Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-18153 (URN)10.1108/ICS-11-2019-0132 (DOI)2-s2.0-85078293628 (Scopus ID)
Tillgänglig från: 2020-01-21 Skapad: 2020-01-21 Senast uppdaterad: 2020-02-05Bibliografiskt granskad
Kävrestad, J., Zaxmy, J. & Nohlberg, M. (2019). Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage. In: Steven M. Furnell, Nathan L. Clarke (Ed.), Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019 (pp. 155-165). University of Plymouth Press
Öppna denna publikation i ny flik eller fönster >>Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage
2019 (Engelska)Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press, 2019, s. 155-165Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.

Ort, förlag, år, upplaga, sidor
University of Plymouth Press, 2019
Nyckelord
passwords, password guessing, keyboard patterns, encryption, brute force
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
INF301 Data Science; Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17455 (URN)978-0-244-19096-5 (ISBN)
Konferens
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019
Tillgänglig från: 2019-07-18 Skapad: 2019-07-18 Senast uppdaterad: 2019-11-08Bibliografiskt granskad
Kävrestad, J., Åhlfeldt, R.-M., Nohlberg, M., Johani, K. & Kowalski, S. (2019). Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS). In: Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider (Ed.), Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019). Paper presented at 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019 (pp. 153-155). CEUR-WS, 2398
Öppna denna publikation i ny flik eller fönster >>Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)
Visa övriga...
2019 (Engelska)Ingår i: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider, CEUR-WS , 2019, Vol. 2398, s. 153-155Konferensbidrag, Poster (med eller utan abstract) (Refereegranskat)
Ort, förlag, år, upplaga, sidor
CEUR-WS, 2019
Serie
CEUR Workshop Proceedings, E-ISSN 1613-0073 ; 2398
Nyckelord
education, spiral learning, curriculum, information security
Nationell ämneskategori
Annan data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17453 (URN)2-s2.0-85069459247 (Scopus ID)
Konferens
5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019
Tillgänglig från: 2019-07-18 Skapad: 2019-07-18 Senast uppdaterad: 2019-09-09Bibliografiskt granskad
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2019). Understanding passwords – a taxonomy of password creation strategies. Information and Computer Security, 27(3), 453-467
Öppna denna publikation i ny flik eller fönster >>Understanding passwords – a taxonomy of password creation strategies
2019 (Engelska)Ingår i: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, nr 3, s. 453-467Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

Ort, förlag, år, upplaga, sidor
Emerald Group Publishing Limited, 2019
Nyckelord
Computer security, Strategies, Passwords, Classification, Categorization
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17203 (URN)10.1108/ICS-06-2018-0077 (DOI)000479219900008 ()2-s2.0-85066986036 (Scopus ID)
Tillgänglig från: 2019-06-19 Skapad: 2019-06-19 Senast uppdaterad: 2019-09-30Bibliografiskt granskad
Kävrestad, J., Skärgård, M. & Nohlberg, M. (2019). Users perception of using CBMT for informationsecurity training. In: Steven M. Furnell, Nathan L. Clarke (Ed.), Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201 (pp. 122-131). University of Plymouth Press
Öppna denna publikation i ny flik eller fönster >>Users perception of using CBMT for informationsecurity training
2019 (Engelska)Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press, 2019, s. 122-131Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.

Ort, förlag, år, upplaga, sidor
University of Plymouth Press, 2019
Nyckelord
information security, training, learning, user behavior, micro training, ContextBased MicroTraining, CBMT
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
INF301 Data Science; Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17454 (URN)978-0-244-19096-5 (ISBN)
Konferens
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201
Tillgänglig från: 2019-07-18 Skapad: 2019-07-18 Senast uppdaterad: 2019-11-08Bibliografiskt granskad
Kävrestad, J. & Nohlberg, M. (2019). Using Context Based MicroTraining to Develop OER for the Benefit of All. In: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden: . Paper presented at 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden. New York: ACM Digital Library, Article ID A7.
Öppna denna publikation i ny flik eller fönster >>Using Context Based MicroTraining to Develop OER for the Benefit of All
2019 (Engelska)Ingår i: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden, New York: ACM Digital Library, 2019, artikel-id A7Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

This paper demonstrates how Context Based MicroTraining (CBMT) can be used to develop open educational resources in a way that benefits students enrolled in university courses as well as anyone who wants to participate in open-learning activities. CBMT is a framework that provides guidelines for how educational resources should be structured. CBMT stipulates that information should be presented in short sequences and that is relevant for the learner’s current situation. In this paper, CBMT is implemented in a practical ICT course using video lectures that are delivered as open educational resources using YouTube. The experiences of enrolled students as well as YouTube users are evaluated as well as the actual results of the enrolled students. The results of the study suggest that users of the video lectures appreciate the learning approach. The actual results, i.e. learning outcomes, of the enrolled students are maintained. The study also demonstrates how using CBMT as open educational resources can free up time for teachers and increase the quality of teaching by benefitting from community feedback.

Ort, förlag, år, upplaga, sidor
New York: ACM Digital Library, 2019
Nyckelord
Open-learning, OER, Context Based MicroTraining, ondemand learning, higher education, nanolearning
Nationell ämneskategori
Annan teknik
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17636 (URN)10.1145/3306446.3340814 (DOI)2-s2.0-85073156418 (Scopus ID)978-1-4503-6319-8 (ISBN)
Konferens
15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden
Tillgänglig från: 2019-09-03 Skapad: 2019-09-03 Senast uppdaterad: 2019-11-08Bibliografiskt granskad
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. In: Gurpreet Dhillin, Spyridon Samonas (Ed.), Proceedings of the Annual Information Institute Conference: . Paper presented at 17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018. The Information Institute
Öppna denna publikation i ny flik eller fönster >>Current Situation Analysis of Information Security Level in Municipalities
Visa övriga...
2018 (Engelska)Ingår i: Proceedings of the Annual Information Institute Conference / [ed] Gurpreet Dhillin, Spyridon Samonas, The Information Institute , 2018Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Municipalities manage a significant part of society's services, and hence also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and the municipality's supply and management of information are, therefore, critical for society in general, but also for achieving the municipality's own operational goals. However, investigations show weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security. This paper presents the result from a GAP analysis mapping the Swedish municipalities current situation for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding systematic security work is generally low and that there is a need for adapted tools for Information Security Management Systems in order to support municipalities.

Ort, förlag, år, upplaga, sidor
The Information Institute, 2018
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
INF303 Informationssäkerhet; Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-16755 (URN)978-1-935160-19-9 (ISBN)
Konferens
17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018
Tillgänglig från: 2019-04-08 Skapad: 2019-04-08 Senast uppdaterad: 2019-07-08Bibliografiskt granskad
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. Journal of Information System Security, 14(1), 3-19
Öppna denna publikation i ny flik eller fönster >>Current Situation Analysis of Information Security Level in Municipalities
Visa övriga...
2018 (Engelska)Ingår i: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, nr 1, s. 3-19Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Municipalities manage a significant part of society's services, and hence they also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and municipalities’ supply and management of information are, therefore, critical for society in general, and also for achieving the municipalities’ own operational goals. However, research shows weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security.

This paper presents the result from a GAP analysis mapping the current situation of Swedish municipalities' for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding the systematic security work is generally low, and that there is a need to implement adapted tools for Information Security Management Systems in order to support municipalities.

Ort, förlag, år, upplaga, sidor
The Information Institute, 2018
Nyckelord
Information Security, Information Security Management Systems, Municipality
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-16354 (URN)
Tillgänglig från: 2018-11-02 Skapad: 2018-11-02 Senast uppdaterad: 2019-11-19Bibliografiskt granskad
Kävrestad, J. & Nohlberg, M. (2018). Defining and modelling the online fraud process. In: Nathan L. Clarke, Steven M. Furnell (Ed.), Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018. Paper presented at Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018 (pp. 203-213). Plymouth: University of Plymouth Press
Öppna denna publikation i ny flik eller fönster >>Defining and modelling the online fraud process
2018 (Engelska)Ingår i: Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018 / [ed] Nathan L. Clarke, Steven M. Furnell, Plymouth: University of Plymouth Press, 2018, s. 203-213Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

As we have become more and more active online so has online criminals. Looking at one type of Internet crimes, online frauds, it is apparent that any-one can be targeted by a fraudster online. It has also been shown that online frauds keep increasing from year to year. It has even been estimated that one third of the adult population in America encounters online fraudsters, annually. In this paper we aimed to increase the knowledge about online frauds. We did this by producing a model that describes the process and aspects of an online fraud as well as a proposed definition of the term "online fraud". In this paper, we present the model and definition that we created and demonstrate their usefulness. The usefulness is demonstrated in our validation step, where we applied the definition to known online fraud schemes. We also conducted an interview in which the model was said to be useful in order to explain how an online fraud scheme was carried out, during a criminal prosecution. As such, that demonstrates that our model can be used to increase the understanding of online frauds.

Ort, förlag, år, upplaga, sidor
Plymouth: University of Plymouth Press, 2018
Nyckelord
Online fraud, Definition, Model
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-16338 (URN)000485186600018 ()978-0-244-40254-9 (ISBN)
Konferens
Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018
Tillgänglig från: 2018-10-25 Skapad: 2018-10-25 Senast uppdaterad: 2019-09-26Bibliografiskt granskad
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2018). The Development of a Password Classification Model. Journal of Information System Security, 14(1), 31-46
Öppna denna publikation i ny flik eller fönster >>The Development of a Password Classification Model
2018 (Engelska)Ingår i: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, nr 1, s. 31-46Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.

Ort, förlag, år, upplaga, sidor
The Information Institute, 2018
Nyckelord
Passwords, Categorization, Classification, Strategies, Model
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-15984 (URN)
Tillgänglig från: 2018-07-17 Skapad: 2018-07-17 Senast uppdaterad: 2018-12-21Bibliografiskt granskad
Organisationer

Sök vidare i DiVA

Visa alla publikationer