{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T03:19:58Z","timestamp":1743045598964,"version":"3.40.3"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030397487"},{"type":"electronic","value":"9783030397494"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-39749-4_10","type":"book-chapter","created":{"date-parts":[[2020,1,24]],"date-time":"2020-01-24T18:03:07Z","timestamp":1579888987000},"page":"156-170","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["A Risk-Driven Model to Minimize the\u00a0Effects of Human Factors on Smart Devices"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9220-7700","authenticated-orcid":false,"given":"Sandeep","family":"Gupta","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2723-2410","authenticated-orcid":false,"given":"Attaullah","family":"Buriro","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1252-8465","authenticated-orcid":false,"given":"Bruno","family":"Crispo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,1,25]]},"reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Gupta, S., Buriro, A., Crispo, B.: Demystifying authentication concepts insmartphones: ways and types to secure access. Mob. Inf. Syst. 2018, 16 p. (2018)","DOI":"10.1155\/2018\/2649598"},{"issue":"1","key":"10_CR2","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1109\/MWC.2015.7054729","volume":"22","author":"D He","year":"2015","unstructured":"He, D., Chan, S., Guizani, M.: Mobile application security: malware threats and defenses. IEEE Wirel. Commun. 22(1), 138\u2013144 (2015)","journal-title":"IEEE Wirel. Commun."},{"key":"10_CR3","doi-asserted-by":"publisher","DOI":"10.1002\/9781118988374","volume-title":"Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis","author":"T UcedaVelez","year":"2015","unstructured":"UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Wiley, Hoboken (2015)"},{"key":"10_CR4","unstructured":"Ward, M.: Ransomware \u2018here to stay\u2019, warns google study (2017). http:\/\/www.bbc.com\/news\/technology-40737060"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Pieters, W.: Defining \u201cthe weakest link\u201d comparative security in complex systems of systems. In: Proceeding of 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2, pp. 39\u201344. IEEE (2013)","DOI":"10.1109\/CloudCom.2013.101"},{"key":"10_CR6","volume-title":"Human Factors in Simple and Complex Systems","author":"RW Proctor","year":"2018","unstructured":"Proctor, R.W., Van Zandt, T.: Human Factors in Simple and Complex Systems. CRC Press, Boca Raton (2018)"},{"issue":"3","key":"10_CR7","first-page":"329","volume":"45","author":"P Li","year":"2011","unstructured":"Li, P., Chen, G., Zhang, L., et al.: Research review and development trends of human reliability analysis techniques. At. Energy Sci. Technol. 45(3), 329\u2013340 (2011)","journal-title":"At. Energy Sci. Technol."},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Gu, T., Li, L., Lu, M., Li, J.: Research on the calculation method of information security risk assessment considering human reliability. In: 2014 International Conference on Reliability, Maintainability and Safety (ICRMS), pp. 457\u2013462. IEEE (2014)","DOI":"10.1109\/ICRMS.2014.7107238"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST Special Publication 800\u201330 (2002)","DOI":"10.6028\/NIST.SP.800-30"},{"key":"10_CR10","unstructured":"Microsoft: Definition of a security vulnerability. https:\/\/msdn.microsoft.com\/en-us\/library\/cc751383.aspx?f=255&MSPPError=-2147217396 (2018)"},{"key":"10_CR11","unstructured":"ISO\/IEC 25010:2011: Reliability (2018). https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:25010:ed-1:v1:en"},{"key":"10_CR12","unstructured":"ISO: Human factors. https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso:9241:-210:ed-1:v1:en (2018)"},{"key":"10_CR13","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1016\/j.sbspro.2014.07.133","volume":"147","author":"E Metalidou","year":"2014","unstructured":"Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., Giannakopoulos, G.: The human factor of information security: unintentional damage perspective. Soc. Behav. Sci. 147, 424\u2013428 (2014)","journal-title":"Soc. Behav. Sci."},{"key":"10_CR14","unstructured":"Vidalis, S., Jones, A.: Analyzing threat agents and their attributes. In: ECIW, pp. 369\u2013380 (2005)"},{"key":"10_CR15","unstructured":"Fixmo: Enabling your business through mobile risk management (2018). https:\/\/www.eiseverywhere.com\/file_uploads\/12d988fc44b269ec828834bbaef0c6b3_FixmoWhitepaper.pdf"},{"key":"10_CR16","unstructured":"Lord, N.: A history of ransomware attacks: the biggest and worst ransomware attacks of all time (2017). https:\/\/digitalguardian.com\/blog\/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time"},{"key":"10_CR17","unstructured":"Johar, A.: Now ransomware attacks android: doublelocker locks your smartphone by changing the pin (2017). https:\/\/economictimes.indiatimes.com\/tech\/internet\/now-ransomware-attacks-android-doublelocker-locks-your-smartphone-by-changing-the-pin\/articleshow\/61247838.cms"},{"key":"10_CR18","unstructured":"Goodin, D.: Ransomware scammers exploited safari bug to extort porn-viewing IOS users. https:\/\/arstechnica.com\/information-technology\/2017\/03\/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users\/ (2017)"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Iqbal, M.S., Zulkernine, M.: SAM: a secure anti-malware framework for the smartphone operating systems. In: Proceeding of Wireless Communications and Networking Conference (WCNC), pp. 1\u20136. IEEE (2016)","DOI":"10.1109\/WCNC.2016.7564870"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Yang, T., Yang, Y., Qian, K., Lo, D.C.-T., Qian, Y., Tao, L.: Automated detection and analysis for android ransomware. In: Proceeding of 7th International Symposium on Cyberspace Safety and Security (CSS), pp. 1338\u20131343. IEEE (2015)","DOI":"10.1109\/HPCC-CSS-ICESS.2015.39"},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Hong, S., Liu, C., Ren, B., Chen, J.: Poster: Sdguard: an android application implementing privacy protection and ransomware detection. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 149\u2013149. ACM (2017)","DOI":"10.1145\/3081333.3089293"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Joshi, J., Parekh, C.: Android smartphone vulnerabilities: a survey. In: Proceeding of International Conference on Advances in Computing, Communication, & Automation (ICACCA) (Spring), pp. 1\u20135. IEEE (2016)","DOI":"10.1109\/ICACCA.2016.7578857"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Yang, W., Hu, J., Fernandes, C., Sivaraman, V., Wu, Q.: Vulnerability analysis of iPhone 6. In: Proceeding of 14th Annual Conference on Privacy, Security and Trust (PST), pp. 457\u2013463. IEEE (2016)","DOI":"10.1109\/PST.2016.7907000"},{"key":"10_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/3-540-36159-6_24","volume-title":"Information and Communications Security","author":"K-P Yee","year":"2002","unstructured":"Yee, K.-P.: User interaction design for secure systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278\u2013290. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-36159-6_24"},{"key":"10_CR25","unstructured":"Apple: IOS requesting permission (2018). https:\/\/developer.apple.com\/design\/human-interface-guidelines\/ios\/app-architecture\/requesting-permission\/"},{"key":"10_CR26","unstructured":"Google: Android permissions overview (2018). https:\/\/developer.android.com\/guide\/topics\/permissions\/overview"},{"issue":"2","key":"10_CR27","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MSP.2010.2","volume":"8","author":"A Shabtai","year":"2010","unstructured":"Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google android: a comprehensive security assessment. IEEE Secur. Priv. 8(2), 35\u201344 (2010)","journal-title":"IEEE Secur. Priv."},{"key":"10_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/978-3-642-39256-6_15","volume-title":"Data and Applications Security and Privacy XXVII","author":"Y Wang","year":"2013","unstructured":"Wang, Y., Zheng, J., Sun, C., Mukkamala, S.: Quantitative security risk assessment of android permissions and applications. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 226\u2013241. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39256-6_15"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Neugschwandtner, M., Platzer, C.: Marvin: efficient and comprehensive mobile app classification through static and dynamic analysis. In: 39th Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 422\u2013433. IEEE (2015)","DOI":"10.1109\/COMPSAC.2015.103"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Aytes, K.: Computer security and risky computing practices: a rational choice perspective. In: Information Security and Ethics: Concepts, Methodologies, Tools, and Applications, pp. 1994\u20132011. IGI Global (2008)","DOI":"10.4018\/978-1-59904-937-3.ch135"},{"key":"10_CR31","doi-asserted-by":"publisher","DOI":"10.1201\/9781315382425","volume-title":"Reliability Engineering and Risk Analysis: A Practical Guide","author":"M Modarres","year":"2016","unstructured":"Modarres, M., Kaminskiy, M.P., Krivtsov, V.: Reliability Engineering and Risk Analysis: A Practical Guide. CRC Press, Boca Raton (2016)"},{"key":"10_CR32","unstructured":"Winnick, M.: Putting a finger on our phone obsession - mobile touches: a study on humans and their tech (2016). https:\/\/blog.dscout.com\/mobile-touches"},{"key":"10_CR33","unstructured":"Harbach, M., Von Zezschwitz, E., Fichtner, A., De Luca, A., Smith, M.: It\u2019s a hard lock life: a field study of smartphone (un) locking behavior and risk perception. In: Symposium on usable privacy and security (SOUPS), pp. 213\u2013230 (2014)"},{"key":"10_CR34","unstructured":"Summerson, C.: What is USB debugging, and is it safe to leave it enabled on android? (2016). https:\/\/www.howtogeek.com\/258788\/what-is-usb-debugging-and-is-it-safe-to-leave-it-enabled-on-android\/"},{"key":"10_CR35","doi-asserted-by":"crossref","unstructured":"Padgette, J.: Guide to Bluetooth Security. NIST Special Publication 800-121 (2017)","DOI":"10.6028\/NIST.SP.800-121r2"},{"key":"10_CR36","doi-asserted-by":"crossref","unstructured":"Shaked, Y., Wool, A.: Cracking the Bluetooth Pin. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, pp. 39\u201350. ACM (2005)","DOI":"10.1145\/1067170.1067176"},{"issue":"2","key":"10_CR37","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MSP.2010.3","volume":"8","author":"J Dunning","year":"2010","unstructured":"Dunning, J.: Taming the blue beast: a survey of Bluetooth based threats. IEEE Secur. Priv. 8(2), 20\u201327 (2010)","journal-title":"IEEE Secur. Priv."},{"key":"10_CR38","unstructured":"kaspersky: How to avoid public WiFi security risks (2018). https:\/\/usa.kaspersky.com\/resource-center\/preemptive-safety\/public-wifi-risks"},{"issue":"11","key":"10_CR39","doi-asserted-by":"publisher","first-page":"3209","DOI":"10.1109\/TMC.2017.2686855","volume":"16","author":"M Muaaz","year":"2017","unstructured":"Muaaz, M., Mayrhofer, R.: Smartphone-based gait recognition: from authentication to imitation. IEEE Trans. Mob. Comput. 16(11), 3209\u20133221 (2017)","journal-title":"IEEE Trans. Mob. Comput."},{"issue":"2","key":"10_CR40","doi-asserted-by":"publisher","first-page":"575","DOI":"10.1007\/s11042-013-1518-5","volume":"71","author":"I Traore","year":"2014","unstructured":"Traore, I., Woungang, I., Obaidat, M.S., Nakkabi, Y., Lai, I.: Online risk-based authentication using behavioral biometrics. Multimed. Tools Appl. 71(2), 575\u2013605 (2014)","journal-title":"Multimed. Tools Appl."},{"key":"10_CR41","unstructured":"Google: Background execution limits (2018). https:\/\/developer.android.com\/about\/versions\/oreo\/background"},{"key":"10_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-642-21599-5_7","volume-title":"Trust and Trustworthy Computing","author":"Y Zhou","year":"2011","unstructured":"Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming information-stealing smartphone applications (on android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93\u2013107. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21599-5_7"},{"key":"10_CR43","doi-asserted-by":"crossref","unstructured":"Shiroma, T., Nishio, Y., Inoue, H.: A threat to mobile devices from spoofing public USB charging stations. In: Proceeding of International Conference on Consumer Electronics (ICCE), pp. 88\u201389. IEEE (2017)","DOI":"10.1109\/ICCE.2017.7889241"},{"key":"10_CR44","unstructured":"Google: Android debug bridge (adb) (2018). https:\/\/developer.android.com\/studio\/command-line\/adb"},{"key":"10_CR45","doi-asserted-by":"crossref","unstructured":"Hwang, S., Lee, S., Kim, Y., Ryu, S.: Bittersweet ADB: attacks and defenses. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 579\u2013584. ACM (2015)","DOI":"10.1145\/2714576.2714638"},{"key":"10_CR46","doi-asserted-by":"crossref","unstructured":"Demetriou, S., Zhou, X.-Y., Naveed, M., Lee, Y., Yuan, K., Wang, X., Gunter, C.A.: What\u2019s in your dongle and bank account? Mandatory and discretionary protection of android external resources. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23098"},{"key":"10_CR47","doi-asserted-by":"crossref","unstructured":"Kywe, S.M., Li, Y., Petal, K., Grace, M.: Attacking android smartphone systems without permissions. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 147\u2013156. IEEE (2016)","DOI":"10.1109\/PST.2016.7906949"},{"key":"10_CR48","doi-asserted-by":"crossref","unstructured":"Spaulding, J., Krauss, A., Srinivasan, A.: Exploring an open WiFi detection vulnerability as a malware attack vector on IOS devices. In: Proceeding of 7th International Conference on Malicious and Unwanted Software (MALWARE), pp. 87\u201393. IEEE (2012)","DOI":"10.1109\/MALWARE.2012.6461013"},{"key":"10_CR49","doi-asserted-by":"crossref","unstructured":"Wasil, D., Nakhila, O., Bacanli, S.S., Zou, C., Turgut, D.: Exposing vulnerabilities in mobile networks: a mobile data consumption attack. In: Proceeding of 14th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), pp. 550\u2013554. IEEE (2017)","DOI":"10.1109\/MASS.2017.76"},{"key":"10_CR50","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"555","DOI":"10.1007\/978-981-10-6005-2_56","volume-title":"Next-Generation Networks","author":"K Sharma","year":"2018","unstructured":"Sharma, K., Gupta, B.B.: Attack in smartphone Wi-Fi access channel: state of the art, current issues, and challenges. In: Lobiyal, D.K., Mansotra, V., Singh, U. (eds.) Next-Generation Networks. AISC, vol. 638, pp. 555\u2013561. Springer, Singapore (2018). https:\/\/doi.org\/10.1007\/978-981-10-6005-2_56"},{"issue":"1","key":"10_CR51","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/s00779-017-1081-6","volume":"22","author":"D-Z Sun","year":"2018","unstructured":"Sun, D.-Z., Mu, Y., Susilo, W.: Man-in-the-middle attacks on secure simple pairing in Bluetooth standard v5. 0 and its countermeasure. Pers. Ubiquit. Comput. 22(1), 55\u201367 (2018)","journal-title":"Pers. Ubiquit. Comput."},{"key":"10_CR52","unstructured":"Zeiter, K.: Hackers can control your phone using a tool that\u2019s already built into it (2014). https:\/\/www.wired.com\/2014\/07\/hackers-can-control-your-phone-using-a-tool-thats-already-built-into-it\/"}],"container-title":["Lecture Notes in Computer Science","Emerging Technologies for Authorization and Authentication"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-39749-4_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,23]],"date-time":"2025-01-23T23:04:13Z","timestamp":1737673453000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-39749-4_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030397487","9783030397494"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-39749-4_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"25 January 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ETAA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Emerging Technologies for Authorization and Authentication","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"etaa2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iit.cnr.it\/etaa2019\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}