Evaluation of the Model for Analysing Anti-Phishing Authentication Ceremonies

Phishing takes advantage of the way humans interact with computers or interpret messages. A security ceremony is one way of extending the reach of current methods for social, technical and contextual analysis of security protocols to include humans. It is an extension of the concept of network security protocol and includes user interface and human-protocol interaction. We propose a model with which anti-phishing authentication ceremonies can be examined not only with a technical focus but by including the human into the analysis. The model examines anti-phishing authentication tasks that a human needs to apply, how users process these additional authentication tasks and how these tasks impact the human’s decision outcome. We outline the evaluation of the model and propose a ceremony called MultiStep Mutual Authentication (MSMA) that combines PIN, text password and dynamic image feedback as a help to foil phishing attacks. The MSMA ceremony is used as part of the evaluation of the model.