his.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Nohlberg, Marcus
Alternative names
Publications (10 of 33) Show all publications
Kävrestad, J., Zaxmy, J. & Nohlberg, M. (2019). Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage. In: Steven M. Furnell, Nathan L. Clarke (Ed.), Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019 (pp. 155-165). University of Plymouth Press
Open this publication in new window or tab >>Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage
2019 (English)In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press, 2019, p. 155-165Conference paper, Published paper (Refereed)
Abstract [en]

Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.

Place, publisher, year, edition, pages
University of Plymouth Press, 2019
Keywords
passwords, password guessing, keyboard patterns, encryption, brute force
National Category
Computer Sciences
Research subject
INF301 Data Science; Information Systems
Identifiers
urn:nbn:se:his:diva-17455 (URN)978-0-244-19096-5 (ISBN)
Conference
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019
Available from: 2019-07-18 Created: 2019-07-18 Last updated: 2019-10-11Bibliographically approved
Kävrestad, J., Åhlfeldt, R.-M., Nohlberg, M., Johani, K. & Kowalski, S. (2019). Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS). In: Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider (Ed.), Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019). Paper presented at 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019 (pp. 153-155). CEUR-WS, 2398
Open this publication in new window or tab >>Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)
Show others...
2019 (English)In: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider, CEUR-WS , 2019, Vol. 2398, p. 153-155Conference paper, Poster (with or without abstract) (Refereed)
Place, publisher, year, edition, pages
CEUR-WS, 2019
Series
CEUR Workshop Proceedings, E-ISSN 1613-0073 ; 2398
Keywords
education, spiral learning, curriculum, information security
National Category
Other Computer and Information Science
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-17453 (URN)2-s2.0-85069459247 (Scopus ID)
Conference
5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019
Available from: 2019-07-18 Created: 2019-07-18 Last updated: 2019-09-09Bibliographically approved
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2019). Understanding passwords – a taxonomy of password creation strategies. Information and Computer Security, 27(3), 453-467
Open this publication in new window or tab >>Understanding passwords – a taxonomy of password creation strategies
2019 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, no 3, p. 453-467Article in journal (Refereed) Published
Abstract [en]

Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2019
Keywords
Computer security, Strategies, Passwords, Classification, Categorization
National Category
Computer and Information Sciences
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-17203 (URN)10.1108/ICS-06-2018-0077 (DOI)000479219900008 ()2-s2.0-85066986036 (Scopus ID)
Available from: 2019-06-19 Created: 2019-06-19 Last updated: 2019-09-30Bibliographically approved
Kävrestad, J., Skärgård, M. & Nohlberg, M. (2019). Users perception of using CBMT for informationsecurity training. In: Steven M. Furnell, Nathan L. Clarke (Ed.), Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201 (pp. 122-131). University of Plymouth Press
Open this publication in new window or tab >>Users perception of using CBMT for informationsecurity training
2019 (English)In: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press, 2019, p. 122-131Conference paper, Published paper (Refereed)
Abstract [en]

It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.

Place, publisher, year, edition, pages
University of Plymouth Press, 2019
Keywords
information security, training, learning, user behavior, micro training, ContextBased MicroTraining, CBMT
National Category
Computer Sciences
Research subject
INF301 Data Science; Information Systems
Identifiers
urn:nbn:se:his:diva-17454 (URN)978-0-244-19096-5 (ISBN)
Conference
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201
Available from: 2019-07-18 Created: 2019-07-18 Last updated: 2019-10-11Bibliographically approved
Kävrestad, J. & Nohlberg, M. (2019). Using Context Based MicroTraining to Develop OER for the Benefit of All. In: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden: . Paper presented at 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden. New York: ACM Digital Library, Article ID A7.
Open this publication in new window or tab >>Using Context Based MicroTraining to Develop OER for the Benefit of All
2019 (English)In: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden, New York: ACM Digital Library, 2019, article id A7Conference paper, Published paper (Refereed)
Abstract [en]

This paper demonstrates how Context Based MicroTraining (CBMT) can be used to develop open educational resources in a way that benefits students enrolled in university courses as well as anyone who wants to participate in open-learning activities. CBMT is a framework that provides guidelines for how educational resources should be structured. CBMT stipulates that information should be presented in short sequences and that is relevant for the learner’s current situation. In this paper, CBMT is implemented in a practical ICT course using video lectures that are delivered as open educational resources using YouTube. The experiences of enrolled students as well as YouTube users are evaluated as well as the actual results of the enrolled students. The results of the study suggest that users of the video lectures appreciate the learning approach. The actual results, i.e. learning outcomes, of the enrolled students are maintained. The study also demonstrates how using CBMT as open educational resources can free up time for teachers and increase the quality of teaching by benefitting from community feedback.

Place, publisher, year, edition, pages
New York: ACM Digital Library, 2019
Keywords
Open-learning, OER, Context Based MicroTraining, ondemand learning, higher education, nanolearning
National Category
Other Engineering and Technologies
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-17636 (URN)10.1145/3306446.3340814 (DOI)978-1-4503-6319-8 (ISBN)
Conference
15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden
Available from: 2019-09-03 Created: 2019-09-03 Last updated: 2019-09-09Bibliographically approved
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. Journal of Information System Security, 14(1), 3-19
Open this publication in new window or tab >>Current Situation Analysis of Information Security Level in Municipalities
Show others...
2018 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, no 1, p. 3-19Article in journal (Refereed) Published
Abstract [en]

Municipalities manage a significant part of society's services, and hence they also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and municipalities’ supply and management of information are, therefore, critical for society in general, and also for achieving the municipalities’ own operational goals. However, research shows weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security.

This paper presents the result from a GAP analysis mapping the current situation of Swedish municipalities' for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding the systematic security work is generally low, and that there is a need to implement adapted tools for Information Security Management Systems in order to support municipalities.

Keywords
Information Security, Information Security Management Systems, Municipality
National Category
Computer and Information Sciences
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-16354 (URN)
Available from: 2018-11-02 Created: 2018-11-02 Last updated: 2019-02-08Bibliographically approved
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. In: Gurpreet Dhillin, Spyridon Samonas (Ed.), Proceedings of the Annual Information Institute Conference: . Paper presented at 17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018. The Information Institute
Open this publication in new window or tab >>Current Situation Analysis of Information Security Level in Municipalities
Show others...
2018 (English)In: Proceedings of the Annual Information Institute Conference / [ed] Gurpreet Dhillin, Spyridon Samonas, The Information Institute , 2018Conference paper, Published paper (Refereed)
Abstract [en]

Municipalities manage a significant part of society's services, and hence also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and the municipality's supply and management of information are, therefore, critical for society in general, but also for achieving the municipality's own operational goals. However, investigations show weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security. This paper presents the result from a GAP analysis mapping the Swedish municipalities current situation for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding systematic security work is generally low and that there is a need for adapted tools for Information Security Management Systems in order to support municipalities.

Place, publisher, year, edition, pages
The Information Institute, 2018
National Category
Information Systems
Research subject
INF303 Information Security; Information Systems
Identifiers
urn:nbn:se:his:diva-16755 (URN)978-1-935160-19-9 (ISBN)
Conference
17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018
Available from: 2019-04-08 Created: 2019-04-08 Last updated: 2019-07-08Bibliographically approved
Kävrestad, J. & Nohlberg, M. (2018). Defining and modelling the online fraud process. In: Nathan L. Clarke, Steven M. Furnell (Ed.), Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018. Paper presented at Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018 (pp. 203-213). Plymouth: University of Plymouth Press
Open this publication in new window or tab >>Defining and modelling the online fraud process
2018 (English)In: Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018 / [ed] Nathan L. Clarke, Steven M. Furnell, Plymouth: University of Plymouth Press, 2018, p. 203-213Conference paper, Published paper (Refereed)
Abstract [en]

As we have become more and more active online so has online criminals. Looking at one type of Internet crimes, online frauds, it is apparent that any-one can be targeted by a fraudster online. It has also been shown that online frauds keep increasing from year to year. It has even been estimated that one third of the adult population in America encounters online fraudsters, annually. In this paper we aimed to increase the knowledge about online frauds. We did this by producing a model that describes the process and aspects of an online fraud as well as a proposed definition of the term "online fraud". In this paper, we present the model and definition that we created and demonstrate their usefulness. The usefulness is demonstrated in our validation step, where we applied the definition to known online fraud schemes. We also conducted an interview in which the model was said to be useful in order to explain how an online fraud scheme was carried out, during a criminal prosecution. As such, that demonstrates that our model can be used to increase the understanding of online frauds.

Place, publisher, year, edition, pages
Plymouth: University of Plymouth Press, 2018
Keywords
Online fraud, Definition, Model
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-16338 (URN)000485186600018 ()978-0-244-40254-9 (ISBN)
Conference
Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018
Available from: 2018-10-25 Created: 2018-10-25 Last updated: 2019-09-26Bibliographically approved
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2018). The Development of a Password Classification Model. Journal of Information System Security, 14(1), 31-46
Open this publication in new window or tab >>The Development of a Password Classification Model
2018 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, no 1, p. 31-46Article in journal (Refereed) Published
Abstract [en]

In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.

Place, publisher, year, edition, pages
The Information Institute, 2018
Keywords
Passwords, Categorization, Classification, Strategies, Model
National Category
Computer and Information Sciences
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-15984 (URN)
Available from: 2018-07-17 Created: 2018-07-17 Last updated: 2018-12-21Bibliographically approved
Åhlfeldt, R.-M., Nohlberg, M. & Söderstöm, E. (2017). Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet. Stockholm: Myndigheten för samhällsskydd och beredskap
Open this publication in new window or tab >>Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet
2017 (Swedish)Report (Other academic)
Abstract [sv]

En studie har genomförts av Högskolan i Skövde på uppdrag av Myndigheten för Samhällsskydd och beredskap (MSB) med syfte att kartlägga länsstyrelsernas faktiska möjligheter att samordna och stödja kommunernas arbete avseende informationssäkerhet. Arbetet har även inkluderat hur länsstyrelserna arbetar med att samordna och stödja kommunernas arbete avseende informationssäkerhet. Kartläggningen genomfördes hos sju utvalda länsstyrelser under perioden oktober 2016 till januari 2017 genom intervjuer av representanter från varje länsstyrelse.

Resultatet visar att länsstyrelserna behöver ett tydligt uppdrag med tillhörande mandat och resurser för att ha förutsättningar att kunna samordna och stödja kommunerna i deras informationssäkerhetsarbete. Detta anser de involverade länsstyrelserna saknas i nuläget. Dessutom visar resultatet på att det finns omfattande kompetensbrist inom informationssäkerhetsområdet. Kompetensbristen finns såväl i det interna arbetet som i det externa arbetet ut mot kommunerna, allt från ledningsnivå till operativ nivå. Det finns även behov av tydligare roller både strategiskt och operativt för att sätta igång arbetet och möjliggöra en tydligare överblick. Detta behövs för att ge förutsättningar till länsstyrelserna för att kunna samordna och stödja länsstyrelserna i informationssäkerhetsarbetet relaterat till kris och höjd beredskap men även för att erhålla en strategisk helhetssyn på informationssäkerhetsarbetet utifrån ett samhällsperspektiv.

Place, publisher, year, edition, pages
Stockholm: Myndigheten för samhällsskydd och beredskap, 2017. p. 29
Keywords
informationssäkerhet, krisberedskap
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13655 (URN)978-91-7383-729-3 (ISBN)
Projects
LISAK - Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet
Funder
Swedish Civil Contingencies Agency
Available from: 2017-06-08 Created: 2017-06-08 Last updated: 2018-01-13Bibliographically approved
Organisations

Search in DiVA

Show all publications