ITU-T X 1212-2017 Design considerations for improved end-user perception of trustworthiness indicators (Study Group 17).pdf

1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1212 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (03/2017) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security Cybersecurity Design considerations for improved end-user perception of t

2、rustworthiness indicators Recommendation ITU-T X.1212 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.5

3、00X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069

4、Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X

5、.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 PKI related Recommendations X.1340X.1349 Internet of things

6、(IoT) security X.1360X.1369 Intelligent transportation system (ITS) security X.1370X.1379 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics a

7、nd information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Clou

8、d computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1212 (03/2017) i Recommendation ITU-T X.1212 Design considerations for improved end-user perception of trustworthiness ind

9、icators Summary Diverse kinds of attacks employ replicated content from trustworthy service providers, thereby deceiving end-users into believing its false trustworthiness. Recommendation ITU-T X.1212 describes design consideration for improved end-user perception of trustworthiness indicators. The

10、appendices describe representative techniques for measuring end-user perception of such indicators. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1212 2017-03-30 17 11.1002/1000/13195 Keywords End-user perception, phishing, trustworthiness indicators. ii Rec. ITU-T X.1212 (03/2017)

11、 FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for stu

12、dying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study gro

13、ups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with

14、ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisi

15、ons (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of suc

16、h words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position

17、 concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected

18、 by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part of th

19、is publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1212 (03/2017) iii Table of Contents Page 1 Scope . 5 2 References . 5 3 Definitions 5 3.1 Terms defined elsewhere 5 3.2 Terms defined in this Recommendation . 5 4 Abbreviations and a

20、cronyms 6 5 Conventions 6 6 End-user perception of trustworthiness indicators . 6 7 Techniques for improved end-user perception of trustworthiness indicators . 6 7.1 Visual elements 6 7.2 Narrative elements 7 7.3 Peripheral design transitions . 8 7.4 Training mode 8 7.5 Accessibility . 8 7.6 Childre

21、n 9 Appendix I Considerations for cognitive task analysis in cybersecurity 10 I.1 Considerations for cognitive task analysis in cybersecurity . 10 I.2 Three enabling concepts of information security . 10 I.3 Possible measurement methods 10 Appendix II Consideration of end user protection with cognit

22、ive task analysis 11 II.1 Estimation of users knowledge and skills 11 Bibliography. 14 Recommendation ITU-T X.1212 Design considerations for improved end-user perception of trustworthiness indicators 1 Scope A wide variety of attacks utilize replicated content from trustworthy service providers, the

23、reby deceiving end-users into believing their false trustworthiness. This Recommendation describes design considerations for improved end-user perception of trustworthiness indicators. The appendices describe representative techniques for measuring the end-user perception of such indicators. 2 Refer

24、ences None. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 disability b-ITU-T F.790: This is defined as a state when use of telecommunications equipment and services is restricted. Mainly, “disability“ is viewed as a result of temporar

25、y or permanent functional limitation due to disease, accident, ageing and so on. More generally, “disability“ includes a state when full use of telecommunications equipment and services is not possible due to the physical and/or social environment (e.g., voice telephony under noisy environment). 3.1

26、.2 measurement b-ENISA: The act or the process of measuring, where the value of a quantitative variable in comparison to a (standard) unit of measurement is determined. 3.1.3 metric b-ENISA: A system of related measuring enabling quantification of some characteristic of a system, component or proces

27、s. A metric is composed of two or more measures. 3.1.4 personally identifiable information (PII) b-ITU-T X.1252: Any information a) that identifies or can be used to identify, contact, or locate the person to whom such information pertains; b) from which identification or contact information of an i

28、ndividual person can be derived; or c) that is or can be linked to a natural person directly or indirectly. 3.1.5 phishing b-ITU X.1254: A scam by which an email user is duped into revealing personal or confidential information which the scammer can then use illicitly. 3.1.6 telecommunications acces

29、sibility b-ITU-T F.790: For the telecommunications area, the usability of a product, service, environment or facility by the widest possible range of users and especially users with disabilities. 3.1.7 person with disabilities b-ITU-T F.791:The correct way to refer a person with a disability b-UNCRP

30、D. 3.2 Terms defined in this Recommendation This Recommendation defines the following term: 3.2.1 trustworthiness indicators: Symbols presented by a web user agent that will be used to inform the trustworthiness of the website to end users. 6 Rec. ITU-T X.1212 (03/2017) 4 Abbreviations and acronyms

31、DKIM DomainKeys Identified Mail DOM Document Object Model FNE Fear of Negative Evaluation SSL Secure Socket Layer URL Uniform Resource Locator 5 Conventions None. 6 End-user perception of trustworthiness indicators Protocols for cybersecurity information exchange, as identified in b-ITU-T X.1500, ma

32、y convey useful information for trustworthiness decisions of any interactions in cyberspace. Such information includes, but is not limited to, extended validation certificate information b-CAB-Baseline, level of assurance of identities b-ITU-T X.1254, domainkeys identified mail (DKIM) signatures of

33、e-mail b-IETF RFC 6376 and indication of phishing sites b-IETF RFC 5901. These trustworthiness indicators are however often ignored or least considered by end users, according to past studies based on diverse demographics (details are provided in Appendix II). Thus it is necessary to improve the end

34、-user perception of trustworthiness indicators. 7 Techniques for improved end-user perception of trustworthiness indicators In this clause, several techniques for improving end-user perception of trustworthiness indicators are presented. These techniques can be used individually or in combination, a

35、s desired or appropriate, to present trustworthiness indicators in a more recognizable manner. 7.1 Visual elements Developers of trustworthiness indicators shall consider the use of standardized visual elements. Past studies have revealed that symbolic encoding of trustworthiness indicators, e.g., i

36、n uniform resource locators (URLs), are not friendly to novice users and they are often ignored b-Miyamoto. It is thus recommended to introduce visual elements, e.g., icons that represent trustworthiness indication. Implementers may consider employing a few standardized visual elements, as in road s

37、igns, to minimize cognitive overhead and training overhead. According to product safety signs and labels b-ANSI-Z535.4, the use of signal words (e.g., “Danger,“ “Warning,“) with associated colours (red, orange, yellow) decreases levels of risks. Rec. ITU-T X.1212 (03/2017) 7 Figure 1 Product safety

38、signs and labels (ANSI Z535.4) The message “DANGER“ uses a white triangle, red exclamation mark and red background. The “WARNING“ message employs a black triangle with an orange exclamation mark. The “CAUTION“ message uses a black triangle with a yellow exclamation mark. Additionally, developers of

39、trustworthiness indicators should employ standard colouring schemes to represent the level of trustworthiness. In the context of colour psychology, red is used for attention. Red is the longest wavelength in the visible light spectrum, and has the property of appearing to be nearer than it is. Red t

40、herefore grasps users attention and is used for traffic lights. The wavelength of yellow is relatively long and essentially stimulating, and it can grab users attention. The centre of the spectrum is green; it is the intermediate wavelength of visible light. Green also tends to require no adjustment

41、 to be seen, so it is used as a restful and relaxed sign. Blue calms the mind and aids concentration. Developers of trustworthiness indicators may use the concept of the “social brain,“ which encourages pro-social and cooperative behaviour. Past studies have found that people behave in a more social

42、ly conscious manner when they are near images of watching eyes b-Rigdon, b-Senju. However, there is a sceptical view about it, which claims that the image of watching eyes had little to no effect on behaviour b-Felt2014. 7.2 Narrative elements Past studies have revealed that certain groups of users

43、make their trustworthiness decision based on narrative writings, rather than domain names, protocol types or URLs b-Felst2014, b-Felt2015. It is recommended to equip end-user software with the capability to convert symbolic information into narrative elements that do not employ acronyms. It can also

44、 be helpful to visually impaired users, when combined with text-to-speech systems. In order to capture users attention, i.e., warning messages, end-user software may need to consider several design criteria as follows: 1. Developers of trustworthiness indicators should avoid using technical terms. I

45、n the warning message, technical terms should be replaced with phrases or expressions that can be understood by users; they will ignore the message if they do not know how to properly respond to it. 2. Developers of trustworthiness indicators should consider the brevity of messages. Large quantities

46、 of text will give an indication that much effort will be required to read it, thus users may not read it. In the message, redundant text should be removed in order to be concise and accurate. It should be noted that there is a trade-off relationship between brevity and accuracy; it is not possible

47、to explain all aspects of the threat model in a single short paragraph. Therefore warnings may utilize both visual and text elements. In order to calculate the level of the brevity, the developers may apply a readability index, which is the 8 Rec. ITU-T X.1212 (03/2017) measure of readability that e

48、stimates the years of education a person needs to understand a piece of writing. 3. Developers of trustworthiness indicators should describe the risk that had occurred or is about to occur. Warning messages should describe the underlying risk, since users are likely to comprehend and comply with the

49、 message if it describes the risks explicitly and unambiguously. The message should also include instructions on how to avoid risk, unless these instructions are obvious in the statement of the risk. 7.3 Peripheral design transitions Developers of trustworthiness indicators may test their interface regarding the peripheral design transitions. Sudden transition in peripheral vision may be effective to signal potential risk. It is thus recommended to employ this technique through the t