his.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Nohlberg, Marcus
Alternative names
Publications (10 of 32) Show all publications
Kävrestad, J., Zaxmy, J. & Nohlberg, M. (2019). Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage. In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019.
Open this publication in new window or tab >>Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage
2019 (English)In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), 2019Conference paper, Published paper (Refereed)
Abstract [en]

Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.

Keywords
passwords, password guessing, keyboard patterns, encryption, brute force
National Category
Computer Sciences
Research subject
INF301 Data Science; Information Systems
Identifiers
urn:nbn:se:his:diva-17455 (URN)
Conference
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019
Available from: 2019-07-18 Created: 2019-07-18 Last updated: 2019-08-06
Kävrestad, J., Åhlfeldt, R.-M., Nohlberg, M., Johani, K. & Kowalski, S. (2019). Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS). In: Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider (Ed.), Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019). Paper presented at 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019 (pp. 153-155). , 2398
Open this publication in new window or tab >>Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)
Show others...
2019 (English)In: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider, 2019, Vol. 2398, p. 153-155Conference paper, Poster (with or without abstract) (Refereed)
Series
CEUR Workshop Proceedings, E-ISSN 1613-0073 ; 2398
Keywords
education, spiral learning, curriculum, information security
National Category
Other Computer and Information Science
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-17453 (URN)2-s2.0-85069459247 (Scopus ID)
Conference
5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019
Available from: 2019-07-18 Created: 2019-07-18 Last updated: 2019-08-22
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2019). Understanding passwords – a taxonomy of password creation strategies. Information and Computer Security, 27(3), 453-467
Open this publication in new window or tab >>Understanding passwords – a taxonomy of password creation strategies
2019 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, no 3, p. 453-467Article in journal (Refereed) Published
Abstract [en]

Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2019
Keywords
Computer security, Strategies, Passwords, Classification, Categorization
National Category
Computer and Information Sciences
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-17203 (URN)10.1108/ICS-06-2018-0077 (DOI)2-s2.0-85066986036 (Scopus ID)
Available from: 2019-06-19 Created: 2019-06-19 Last updated: 2019-07-01Bibliographically approved
Kävrestad, J., Skärgård, M. & Nohlberg, M. (2019). Users perception of using CBMT for informationsecurity training. In: Steven Furnell, Nathan Clarke (Ed.), Proceedings of the Thirteenth International Symposium onHuman Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201.
Open this publication in new window or tab >>Users perception of using CBMT for informationsecurity training
2019 (English)In: Proceedings of the Thirteenth International Symposium onHuman Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven Furnell, Nathan Clarke, 2019Conference paper, Published paper (Refereed)
Abstract [en]

It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.

Keywords
information security, training, learning, user behavior, micro training, ContextBased MicroTraining, CBMT
National Category
Computer Sciences
Research subject
INF301 Data Science; Information Systems
Identifiers
urn:nbn:se:his:diva-17454 (URN)978-0-244-19096-5 (ISBN)
Conference
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201
Available from: 2019-07-18 Created: 2019-07-18 Last updated: 2019-08-06
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. Journal of Information System Security, 14(1), 3-19
Open this publication in new window or tab >>Current Situation Analysis of Information Security Level in Municipalities
Show others...
2018 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, no 1, p. 3-19Article in journal (Refereed) Published
Abstract [en]

Municipalities manage a significant part of society's services, and hence they also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and municipalities’ supply and management of information are, therefore, critical for society in general, and also for achieving the municipalities’ own operational goals. However, research shows weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security.

This paper presents the result from a GAP analysis mapping the current situation of Swedish municipalities' for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding the systematic security work is generally low, and that there is a need to implement adapted tools for Information Security Management Systems in order to support municipalities.

Keywords
Information Security, Information Security Management Systems, Municipality
National Category
Computer and Information Sciences
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-16354 (URN)
Available from: 2018-11-02 Created: 2018-11-02 Last updated: 2019-02-08Bibliographically approved
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. In: Gurpreet Dhillin, Spyridon Samonas (Ed.), Proceedings of the Annual Information Institute Conference: . Paper presented at 17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018. The Information Institute
Open this publication in new window or tab >>Current Situation Analysis of Information Security Level in Municipalities
Show others...
2018 (English)In: Proceedings of the Annual Information Institute Conference / [ed] Gurpreet Dhillin, Spyridon Samonas, The Information Institute , 2018Conference paper, Published paper (Refereed)
Abstract [en]

Municipalities manage a significant part of society's services, and hence also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and the municipality's supply and management of information are, therefore, critical for society in general, but also for achieving the municipality's own operational goals. However, investigations show weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security. This paper presents the result from a GAP analysis mapping the Swedish municipalities current situation for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding systematic security work is generally low and that there is a need for adapted tools for Information Security Management Systems in order to support municipalities.

Place, publisher, year, edition, pages
The Information Institute, 2018
National Category
Information Systems
Research subject
INF303 Information Security; Information Systems
Identifiers
urn:nbn:se:his:diva-16755 (URN)978-1-935160-19-9 (ISBN)
Conference
17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018
Available from: 2019-04-08 Created: 2019-04-08 Last updated: 2019-07-08Bibliographically approved
Kävrestad, J. & Nohlberg, M. (2018). Defining and modeling the online fraud process. In: Nathan L. Clarke, Steven M. Furnell (Ed.), Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018. Paper presented at Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018 (pp. 203-213). Plymouth: University of Plymouth Press
Open this publication in new window or tab >>Defining and modeling the online fraud process
2018 (English)In: Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018 / [ed] Nathan L. Clarke, Steven M. Furnell, Plymouth: University of Plymouth Press, 2018, p. 203-213Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
Plymouth: University of Plymouth Press, 2018
Keywords
Online fraud, Definition, Model
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-16338 (URN)978-0-244-40254-9 (ISBN)
Conference
Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018
Available from: 2018-10-25 Created: 2018-10-25 Last updated: 2019-02-08Bibliographically approved
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2018). The Development of a Password Classification Model. Journal of Information System Security, 14(1), 31-46
Open this publication in new window or tab >>The Development of a Password Classification Model
2018 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, no 1, p. 31-46Article in journal (Refereed) Published
Abstract [en]

In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.

Place, publisher, year, edition, pages
The Information Institute, 2018
Keywords
Passwords, Categorization, Classification, Strategies, Model
National Category
Computer and Information Sciences
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-15984 (URN)
Available from: 2018-07-17 Created: 2018-07-17 Last updated: 2018-12-21Bibliographically approved
Åhlfeldt, R.-M., Nohlberg, M. & Söderstöm, E. (2017). Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet. Stockholm: Myndigheten för samhällsskydd och beredskap
Open this publication in new window or tab >>Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet
2017 (Swedish)Report (Other academic)
Abstract [sv]

En studie har genomförts av Högskolan i Skövde på uppdrag av Myndigheten för Samhällsskydd och beredskap (MSB) med syfte att kartlägga länsstyrelsernas faktiska möjligheter att samordna och stödja kommunernas arbete avseende informationssäkerhet. Arbetet har även inkluderat hur länsstyrelserna arbetar med att samordna och stödja kommunernas arbete avseende informationssäkerhet. Kartläggningen genomfördes hos sju utvalda länsstyrelser under perioden oktober 2016 till januari 2017 genom intervjuer av representanter från varje länsstyrelse.

Resultatet visar att länsstyrelserna behöver ett tydligt uppdrag med tillhörande mandat och resurser för att ha förutsättningar att kunna samordna och stödja kommunerna i deras informationssäkerhetsarbete. Detta anser de involverade länsstyrelserna saknas i nuläget. Dessutom visar resultatet på att det finns omfattande kompetensbrist inom informationssäkerhetsområdet. Kompetensbristen finns såväl i det interna arbetet som i det externa arbetet ut mot kommunerna, allt från ledningsnivå till operativ nivå. Det finns även behov av tydligare roller både strategiskt och operativt för att sätta igång arbetet och möjliggöra en tydligare överblick. Detta behövs för att ge förutsättningar till länsstyrelserna för att kunna samordna och stödja länsstyrelserna i informationssäkerhetsarbetet relaterat till kris och höjd beredskap men även för att erhålla en strategisk helhetssyn på informationssäkerhetsarbetet utifrån ett samhällsperspektiv.

Place, publisher, year, edition, pages
Stockholm: Myndigheten för samhällsskydd och beredskap, 2017. p. 29
Keywords
informationssäkerhet, krisberedskap
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13655 (URN)978-91-7383-729-3 (ISBN)
Projects
LISAK - Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet
Funder
Swedish Civil Contingencies Agency
Available from: 2017-06-08 Created: 2017-06-08 Last updated: 2018-01-13Bibliographically approved
Åhlfeldt, R.-M., Söderstöm, E., Nohlberg, M., Lennerholt, C. & van Laere, J. (2016). Metod och kartläggning av informationssäkerhet för kommuner i Västra Götaland.
Open this publication in new window or tab >>Metod och kartläggning av informationssäkerhet för kommuner i Västra Götaland
Show others...
2016 (Swedish)Report (Other (popular science, discussion, etc.))
Abstract [sv]

Information är ett viktigt arbetsverktyg för alla typer av verksamheter, inklusive kommunalverksamhet. Kommuner hanterar en betydande del av samhällets tjänster varför kommunensinformationsförsörjning blir en kritisk del för samhällets informationssäkerhet. En säkerinformationshantering är en verksamhetsfråga och omfattar därför hela kommunens verksamhet.Utredningar visar dock på brister hos kommunernas arbete med informationssäkerhet och det finnsett behov av att se över detta arbete och identifiera nuvarande säkerhetsnivå.Högskolan i Skövde och forskargruppen i Informationssystem fick i uppdrag av VästKom ochSkaraborgs femton kommuner att dels utveckla metoden för genomförande av en Gap-analys medutgångspunkt från det nationella metodstödet som finns på informationssäkerhet.se, dels praktisktgenomföra en Gap-analys utifrån metodutvecklingen i Skaraborgs femton kommuner. I arbetet medmetodutvecklingen ingick aktiviteterna att 1) uppdatera checklistan i Gap-analysen till ny version, 2)kommunanpassa vilka åtgärder som anses kritiska för en kommun samt anpassa de roller som ingår ianalysen till kommunal kontext, 3) utveckla ett förenklat IT-verktyg som stöd för analysarbetet.Projektet varade mellan april 2015 och januari 2016. Metodutvecklingen samt planering förkartläggningen hos kommunerna genomfördes under våren och själva kartläggningen genomfördesunder första delen av hösten. Analysarbetet och sammanställning av resultat har sedan pågått underresterande del av 2015 och presenterats och slutrapporterats under januari månad 2016.Resultatet av metodutvecklingen har genererat dels en uppdaterat checklista för genomförande aven Gap-analys där kritiska åtgärder för kommunerna har identifierats. Dessutom har enrollförteckning anpassad för kommunal kontext upprättats. Ett förenklat IT-verktyg har ocksåutformats mest i syfte att visa på vilka krav på design och övriga förbättringar som behövs för att fåett effektivt och användbart IT-stöd vid genomförande av en Gap-analys.Resultatet av kartläggningen i Skaraborgs femton kommuner visar generellt på att kommunerna harbrister vad gäller det systematiska informationssäkerhetsarbetet. Främst handlar bristerna om attfundamentet för ett systematiskt informationssäkerhetsarbete saknas i de flesta kommunerna, d v s.styrdokument, organisation och ansvar kring informationssäkerhetsarbetet brister. Dessutom visarkartläggningen på stort behov av ökad kompetens inom informationssäkerhetsområdet.Fortsatt arbete i form av samverkan mellan kommunerna i Västra Götaland ses som enframgångsfaktor. Det är unikt att ha gjort denna form av gemensamt arbete och därför finnspotential för att fortsätta arbetet med att införa ett systematiskt informationssäkerhetsarbete ikommunerna och då främst genom att samarbeta kring aktiviteter i ett införande av ettledningssystem för informationssäkerhet

Publisher
p. 36
Series
IIT Technical Reports ; HS-IIT-TR-16-001
National Category
Information Systems
Research subject
Technology; Information Systems
Identifiers
urn:nbn:se:his:diva-12106 (URN)
Projects
KLISTER
Note

HS-IIT-TR-16-001

Available from: 2016-04-06 Created: 2016-04-06 Last updated: 2019-03-05Bibliographically approved
Organisations

Search in DiVA

Show all publications