User Perceptions of Privacy and Security on the Web

User Perceptions of Privacy and Security on the Web Scott Flinn and Joanna Lumsden

National Research Council Canada

{Scott.Flinn|Jo.Lumsden}@nrc.gc.ca

Abstract

This paper describes an online survey that was conducted to explore typical Internet users’ awareness and knowledge of specific technologies that relate to their security and privacy when using a Web browser to access the Internet. The survey was conducted using an anonymous, online questionnaire. Over a four month period, 237 individuals completed the questionnaire. Respondents were predominately Canadian, with substantial numbers from the United Kingdom and the United States. Important findings include evidence that users have tried to educate themselves regarding their online security and privacy, but with limited success; different interpretations of the term “secure Web site” can lead to very different levels of trust in a site; respondents strongly expressed their skepticism about privacy policies, but nevertheless believe that sites can be trusted to respect their stated policies; and users may confuse browser cookies with other types of data stored locally by browsers, leading to inappropriate conclusions about the risks they present.

Keywords: Human factors, privacy, risk, risk management, security, transparency, trust, usability, Web, Web browser, WWW.

1.Introduction

In the early days of the Internet, a large proportion of its users had considerable technical experience and a deep understanding of its operation. This is no longer true. Today, many Internet users exchange e-mail, view pages and consume services from the World Wide Web, and use it for any of several other common activities. Engaging in these activities can pose a number of risks to an individual's online privacy and security. Without a deep technical understanding to guide them, some risks may be elevated for these users.

The technically skilled people who have designed and built the software used for these activities – e-mail clients, Web browsers, etc. – have equipped the software with various tools that individuals might use to remain informed of the risks they face and to manage various aspects of their privacy and security as they utilize the Internet. However, anecdotal evidence suggests that typical users are unaware of many risks, or misunderstand them, and that they are ill equipped to use available tools to manage those risks.

This paper describes a preliminary study intended to explore some of the assumptions underlying the design of specific privacy and security tools available in contemporary Web browsers. Our objective was, in part, to empirically test common assumptions that are based primarily on anecdotal evidence. Participants in our study responded to a questionnaire designed to highlight the extent of their awareness, knowledge, and range of perspectives concerning the technology.

The questionnaire focused on four specific areas relating to the use of Web browsers: secure Web sites; browser cookies; Web site privacy policies; and trust marks. In each category, it sought to elicit responses that would reveal what users understand about the risks they face when using a Web browser to access the Internet in a variety of situations; how aware they are of the tools at their disposal for managing security and privacy risks in those situations; and how prepared they are to use the tools in terms of both willingness and ability.

The survey was largely qualitative and was not designed to produce data for statistical (other than descriptive) analysis. Our objective was not to precisely characterize a particular user population, but rather to explore some of the misunderstandings and misinterpretations that can lead to undesirable but avoidable outcomes. Ideally, we also hoped to gain some insight into how those inaccurate perceptions arose.

Similarly, the questionnaire was not intended to assess the usability of particular technologies, but rather to determine which technologies are actually used by our respondents.

The study consisted of a single questionnaire that was advertised publicly on the Internet and administered anonymously online. We received 237 responses over a period of four and a half months from 7 June 2004 to 27 September 2004. Section 5 presents additional summary statistics for the questionnaire along with our detailed findings.

Our survey was essentially designed to answer the following questions:

1.Are typical Internet users fully aware of the risks they

face online, and do they understand these risks in sufficient detail and with sufficient clarity to support accurate risk management decisions?

2.Are typical Internet users aware of the common Web

browser tools available to assist with this decision making process, and do they use them when appropriate to make accurate and informed decisions?

Based on anecdotal observations, our expectation was that the survey would highlight low levels of awareness and understanding of online security issues amongst typical Internet users, and a subsequent avoidance or inappropriate use of available tools to manage online security risks.

2.Related work

A growing body of evidence clearly demonstrates that Internet users tend to base their judgments of the trustworthiness of Web sites on characteristics such as navigation and fulfillment (e.g., [2]) that are not causally linked with the actual trustworthiness of the site. They also tend to be too relaxed in terms of critical thinking, preferring instead to focus on prominent features without considering their importance very deeply [6].

On the other hand, they are clearly concerned about their own privacy and safety, and the privacy and safety of the information that describes them and of the technology they use [4][8].

The general problem, then, is that users are concerned about the risks they might face online but do not currently make good risk management decisions. Many technologies have been proposed to address the problem, but often they seem to compound it. For example, it is straightforward in principle to encrypt and digitally sign e-mail, but even experienced computer users have difficulty performing the simplest of these tasks [12]. This result has been widely cited, and the situation has not improved significantly in the six years since it was published. Less empirical evidence is available with respect to the use of Web browsers to conduct business with Web sites through secure connections, but there is clear cause for concern [5][9][11].

A reasonable conjecture is that the technologically minded people who have designed and built our networks and applications have produced an environment that can only be effectively understood and controlled by those who think in similar ways. It is unreasonable to expect users to think like Computer Scientists and Engineers when they go online, and not surprising when they don't. For example, there is a stark contrast between the human terms in which a sociologist describes trust online [7] and the algorithmic trust models on which the technology is built (e.g., [1]).

It is relatively straightforward to document the symptoms of the problem, but more of a challenge to understand the underlying causes. The study we present here is intended as a preliminary step toward that understanding.

As indicated above, the purpose of the study was to look specifically at how people perceive certain limited classes of risks, and how they employ specific software tools to help them manage those risks. It was not intended to assess the usability of the tools, nor to identify broader or more general issues. It builds on previous research rather than repeating or seeking to reproduce it. For example, work has been done to identify the range of concerns expressed by typical Internet users [4][8]. Many of the questionnaire’s response options were guided by these findings to help ensure that closed-ended questions offered a meaningful set of choices. The same research has also revealed differences between the perceptions of different demographic groups; these findings guided the choice of specific demographic questions for our questionnaire. Research has been done to explore how users relate to and use specific software features. For example, Millett et al. have performed a retrospective analysis of tools for managing browser cookies [11]. Friedman et al. have performed user studies to determine how typical Internet users assess whether a given connection to a Web site is secure [9]. The findings from these studies guided the development of questions in our study relating to cookies and secure Web sites.

Very little work has been done, however, to assess the effectiveness of existing technology. Cranor et al. have performed such analyses in the domain of Web site privacy policies [3], but focused primarily on a piece of software that is not included with any browser by default and which is not widely deployed. Recently, using a survey similar to the one described here, Garfinkel et al. [10] explored the perceptions and opinions of online merchants regarding digitally signed e-mail. Although some of their general findings are relevant in this context, their focus was on a distinctly different piece of end-user security technology; the need, therefore, remains to explore browser related technologies more fully.

3.Survey design

The questionnaire began with a set of demographic questions about age, education, and country of residence. These were followed by a few very general questions to determine which browser and operating system respondents were accustomed to using, and the frequency with which they use them.

The remainder of the questionnaire repeated the same pattern of five questions for each of the four technologies of interest (secure sites, cookies, privacy policies and trust marks). The first question in each section asked whether the respondent had any previous knowledge of the technology; only when respondents indicated that they had previously heard of it were they required to complete the rest of the questions in the associated section.

The second question in each section asked respondents to describe in a few brief sentences what they understood about the technology. The third probed their beliefs about the technology by listing a number of statements pertaining to the technology and asking them to indicate the degree to which they agreed or disagreed with each statement; the statements and the five-point Likert scale response options for each were collectively presented using a matrix-style format.

The fourth question assessed respondents’ familiarity with the technology in question, and the fifth explored the degree to which respondents' feelings of security and privacy depend on the technology.

There were 69 questions in total, including the four open text questions. Most respondents answered the majority of the questions, taking about 20 minutes on average to complete.

3.1.Recruiting

We invited people to respond to the questionnaire by circulating a standard invitation to participate via e-mail. Our target audience was Internet users, and, ideally, we hoped to recruit a representative sample. Through friends, family, and colleagues, we circulated the invitation on mailing lists and in discussion fora whose purposes were not related to information and computing technology. We also invited geographically distant friends and relatives to participate, and to relay the invitation to their own contacts.

Section 5 summarizes the outcome of this recruiting effort, including a characterization of the group that ultimately responded.

3.2.Implementation and mechanics

The questionnaire was implemented as a set of servlets and Java Server Pages (JSPs) running in the Apache Tomcat servlet container on our server. The recruiting message directed potential respondents to a consent form. Those who declined consent were instructed simply to proceed no further. The remainder indicated consent by clicking a clearly labeled form submission button. When respondents indicated their consent, they were assigned a user number, counting sequentially from one.

We relied on Tomcat's HTTP session tracking, supplemented by URL rewriting to support those users whose browsers blocked Tomcat’s session tracking cookies. Sessions were set to expire in 60 minutes. Requests for questionnaire pages that were not associated with an active session were redirected to the consent page. During the questionnaire period, we registered 23 session expiries. Of these, only one individual persevered to give their consent a second time and complete the questionnaire. We did not record any instances of someone attempting to fetch questionnaire pages without first giving consent.

Although we did not expect any attempt by a malicious respondent to skew the results by submitting multiple responses, we nevertheless made an effort to detect multiple responses from the same source to assure the quality of the results. We accepted all responses and labeled each response set with a value derived from the browser source IP address and user-agent string. This allowed us to detect likely cases of submission from the same browser (though it would not thwart a determined adversary who varied the user-agent string or spoofed the source IP). Several such duplicates were in fact detected, though no more than four responses came from the same IP/user-agent combination. We inspected each of these responses individually and did not detect clear evidence of multiple responses from a single individual. In most cases, the responses from the same IP/user-agent combination were received on different days. Likely explanations include IP addresses being re-used by respondents who share the same ISP, responses from public access terminals, or responses from individuals within an organization with a standard browser deployment and a shared HTTP proxy.

To help preserve anonymity, our server was configured to not log requests, thereby preventing source IP addresses from being recorded. The browser “fingerprint” described in the previous paragraph was computed by concatenating a string representation of the source IP address with the user-agent string as received from the agent, and computing a SHA1 digest of the resulting string. Only the digest was stored for comparison. Given the wide variety of user-agent strings in use, even for what is ostensibly the same browser (predominately Microsoft's Internet Explorer version 6), and combined with the relatively large space of source IP addresses, this technique makes it computationally expensive to recover IP addresses for respondents, while still allowing a comparison based on source IP address.

As respondents progressed through the sequence of questionnaire pages, their intermediate responses were recorded in their HTTP session record. If a session expired or was abandoned, these responses were lost. Upon reaching the end of the questionnaire, respondents were instructed to click a button labeled “Submit Responses” to have their answers recorded, or to simply close their browser window to have their answers discarded. Upon clicking the submit button, their data was copied from the transient session record into the database.

4.Did design affect results?

In many cases it was difficult to formulate questions with enough precision to be useful, but without revealing too much of the expected answer in the question itself. Early drafts of the questionnaire used precise terminology and its questions were very specific. Reviewers of these drafts quickly pointed out that, in doing so, the questions revealed sufficient information that they were likely to influence respondents’ answers. The broad range of technical expertise that we expected to encounter compounded the difficulty. The final questionnaire consistently errs in the direction of imprecision when necessary to avoid biasing the responses.

Nevertheless, there is evidence that respondents still based their responses on information they learned or deduced from previous questions. For example, several respondents reported that they were unaware that they could click on trust marks to authenticate them, yet later reported that they are more likely to trust a site if they authenticate the trust mark it displays by clicking on it.

This section discusses these and other ways in which design decisions influenced the responses we received.

4.1.Secure Web sites

One of the most interesting findings of the survey concerns how people interpret the phrase “secure Web site”. In technical circles, the term commonly refers to the use of SSL/TLS technology for encrypting and authenticating HTTP connections. Indeed, the majority of respondents appear to have used this interpretation in answering related questions. That said, many people interpreted the term to mean that the site itself was secure in some unspecified way. This is not surprising given that the term refers to a site, not a transport channel. Users who chose this interpretation demonstrated a significantly different understanding. The issue is discussed further in Section 5.

As a design issue, the first technical question asked

respondents how familiar they were with the term “secure Web site”. Early drafts of the question spelled out what we meant by secure site before asking about familiarity with the term. In the final version, interpretation of the term was largely up to the respondents, giving them the flexibility to tell us their understanding of the term and for us to elicit a range of possible interpretations.

4.2.Browser cookies

One question asked respondents whether they believe cookies help improve their browsing experience. A large majority of respondents agreed, as we expected. But one respondent indicated that he disagreed with the statement because he believes that it should be technically possible to make a site just as usable, friendly and customized without using cookies. The same may have been true for other respondents who disagreed but did not explain their reasoning in the open text portion of the question.

One question asked respondents to indicate their level of agreement with the following statement:

Cookies can reveal to a Web site the names of other Web sites I have visited.

This is a good example of a question that would be difficult to make more precise without revealing too much of its motive. Strictly speaking, cookies themselves do not reveal names of other sites; it is the referer header in the HTTP request that does so. Cookies are implicated, however, because they potentially allow individual requests to be linked to build a list of names from the referer values of other sites the user has visited.

We did not ask respondents about the distinction between persistent cookies and session cookies. At least one respondent observed that the correct answers to some of the questions depend on which type of cookie is being considered.

4.3.Privacy policies

One question asked respondents to indicate their level of agreement with the following statement:

A privacy policy helps protect sensitive information after

it has been collected by a Web site.

Strictly speaking, the privacy policy itself cannot protect information after it has been collected, but it may provide assurance that the operators of the site will take other measures to protect the information. Answers to this question will depend on which interpretation respondents chose.

4.4.The meaning of privacy

One question asked respondents to indicate their level of agreement with the statement, “Cookies invade my privacy”. Some responses were surprising. For example, several respondents strongly disagreed that cookies invade their privacy, but agreed with all of the statements positing that cookies reveal personal information to Web sites and allow browsing behavior to be tracked.

It is clear that the interpretation of the term privacy will influence many of the responses to questions about cookies and privacy policies, but we did not ask questions explicitly designed to reveal respondents’ interpretation of privacy.

The questions relating to cookies and privacy policies were not precise about certain distinctions out of concern that more precise questions would be too technical or too revealing. In particular, our questions relating to privacy policies presumed a P3P-like model, but did not name P3P explicitly. The distinction between compact policies and full policies was therefore omitted entirely.

With the deployment of P3P capabilities in contemporary browsers, cookie management has become implicated with the enforcement of privacy preferences. This connection is not reflected in any of the questions relating to browser cookies or privacy policies, as we felt such questions would be incomprehensible to a lay audience. In retrospect, it seems likely that many of our respondents would have been knowledgeable about the distinction. Had we asked about it, we may have learned more about the range of perspectives that might ultimately filter down to less technical users.

4.5.Self-selecting respondents

Although we had some control over how we seeded our recruiting message, we had little insight into how it propagated, and our respondents were all self-selected (as is the norm for most online questionnaires).

It is not our intention, however, to use our data to characterize the awareness, knowledge or beliefs of a more general population, but rather to reveal a broad range of real beliefs. Knowledge of what interpretations (or misinterpretations) are possible will be valuable in designing privacy and security tools that are effective across the spectrum of potential Internet users.

The open text responses were critical to the success of the study because they frequently provided explanations for why respondents answered as they did. Without the text responses, the questionnaire data would have been much less revealing.

In many cases, it would have helped to know whether the respondent was a domain expert in the area (as many apparently were, based on their text responses). We did ask questions about education level and experience with computers. In retrospect, it would have been useful to ask at least one additional question to assess technical expertise in areas relevant to the questionnaire.

4.6.Browser identification

For each technology, we asked respondents to indicate their awareness of specific browser features. We can assess the accuracy of these responses based on which browser they have in mind when answering the question. In most cases, the presence of a feature depends on the browser version as well as its vendor. For this purpose, we preferred to use the user-agent strings sent by browsers rather than relying on respondents to accurately report details of browser version. However, since there was a possibility that respondents would fill out the questionnaire using a browser that is not the one with which they are most familiar, we asked respondents to indicate whether they were currently using the same browser that they most often use for Internet activity. For

affirmative responses, we have assumed that the user-agent string then accurately identifies the browser with respect to which subsequent questions were answered. For negative responses, we asked respondents to select the name of the browser they normally use, without reference to a specific version. When assessing the accuracy of responses related to specific browser features, we used only the first group of responses.

4.7.Other limitations

One respondent neatly summarized some of the methodological limitations in saying, “The correct answer to many of these questions relies on your browser settings”. In our analysis we have looked for broad trends and a range of different perspectives, and have avoided making precise quantitative statements other than simple proportions.

5.Results and analysis

The survey ran from 7 June 2004 to 27 September 2004. During that time, about 470 visitors viewed our consent page. Of those, 356 gave their consent to participate and 237 persevered to the end, submitting answers to the questionnaire. One respondent skipped every question, completing the questionnaire in 17 seconds. This response was discarded (treated as if consent was given but no responses submitted), leaving 236 complete responses. The average time taken to complete the questionnaire was about 20 minutes. We logged a total of 109 hours of interaction with our questionnaire (more than 4.5 days). Those who completed the questionnaire account for more than 77 of those hours (more than three days of effort). They registered over 15,000 answers and opinions through radio button responses and contributed over 22,000 words through their text responses. Needless to say, we are very grateful to all those who participated.

Tables 1-5 provide some summary statistics describing participation in the survey. A technical report (available from the authors) containing an expanded version of this paper provides a more complete description of our sample, as well as the full text of the questionnaire and a detailed quantitative summary of responses.

Table 1: Country of residence (as reported)

Country Responses % of Total Canada 172 72.6

United Kingdom 31 13.1

United States 17 7.2

Spain 3 1.3

Israel, Italy 2 0.8

Others 1 0.4

Table 2: Responses by age group

Age Group Responses % of Total

18 to 20 6 2.5

21 to 30 78 33.1

31 to 40 78 33.1

41 to 50 41 17.4

51 to 60 27 11.4

61 to 70 4 1.7

71 or older 1 0.4

Table 3: Responses by gender

Gender Responses % of Total Female 78 33.1

Male 157 66.5

Unspecified 1 0.4

Table 4: Responses by operating system

Operating System Responses % of Total Windows (all versions) 190 80.5

Linux Intel 20 8.5

Mac OS (all versions) 17 7.2

Unknown 9 3.8

Table 5: Responses by browser type

Browser Responses % of Total MSIE 153 64.8

Mozilla-derived 58 24.6

Safari 10 4.2

Other 15 6.4

Among these demographic statistics, Table 5 (browser types, as reported in the user-agent request header) contains a hint as to how representative our sample was. Various sources report the market share of Microsoft's Internet Explorer (MSIE) at well above 90%. For example, for June 2004 – the period during which we recorded most of our responses – The Counter (https://www.wendangku.net/doc/a78173111.html,/) reports a 94% market share for MSIE, with Mozilla derived browsers at less than 4% and Apple's Safari at just 1%. At the time, Google's Zeitgeist (https://www.wendangku.net/doc/a78173111.html,/ press/zeitgeist.html) reported similar figures for the same period. The profile of our respondents much more closely resembles the readership of the Safalra site (https://www.wendangku.net/doc/a78173111.html,/website/browsermarket/index.html), which features information about hypertext, programming languages, and general science topics. On this basis, it seems reasonable to speculate (but not to conclude) that our respondents were more representative of a technically sophisticated audience than of the wider population of Internet users.

5.1.Analysis

To support the data analysis, we created a servlet capable of extracting subsets of responses based on demographic and other criteria and displaying summary statistics for each question. The format of the summary page mirrors the original questionnaire, displaying each question and all of the response options. For each response option, it displays the percentage of respondents in the subset who selected that option, and color-codes the option such that higher percentages result in darker colors. This proved to be an effective way to quickly discern the pattern of responses for any given subset. Subset criteria could be quickly specified using a simple hand-crafted HTML form.

For subsets containing a single response, the response to each question was immediately evident as only one option was darkly colored in each case. This served as the basis for examining individual responses. The consistency of presentation between responses was useful in recognizing patterns of responses. Open text responses were displayed in full for subsets having only one response; for larger subsets, only the numbers of open text responses given for the question were reported.

Following the data collection period, we began the analysis by reading through the responses individually and making notes about potentially interesting findings and apparent trends. Based on this preliminary analysis, we partitioned the responses in a number of ways and examined the response patterns for each group. Specifically, we examined three partition criteria.

Interpretation of “secure site”. We asked respondents to tell us, in their own words, what they understood the term “secure Web site” to mean. It was immediately evident from the responses that two quite different interpretations of the term were common. As noted earlier, some respondents thought that it referred specifically to the securing of transport connections using SSL/TLS (the “secure connection” interpretation), while others thought that it referred more generally to the security of the site itself, its hosts, servers and databases (the “secure site” interpretation). In many cases, the text responses were unambiguous in stating one interpretation or the other. We used these text responses to manually divide the 236 responses into three categories:

?those clearly stating the “secure connection”

interpretation (96 responses);

?those clearly stating the more general “secure site”

interpretation (53 responses); and

?those that did not provide a text response, or whose response left any room for uncertainty (87 responses).

The pattern of responses to the opinion questions regarding secure sites was clearly different between the two groups, as discussed below.

Browser and operating system.The overwhelming majority of Internet users use Microsoft Internet Explorer running on some version of Microsoft Windows, while more security-conscious users often make other choices. To explore possible trends, we created the following partitions: ?respondents using Windows, any version, any browser (178) vs. those not using Windows (39);

?respondents using Internet Explorer (143) vs. those using another browser (74); and

?respondents using Internet Explorer on Windows, any version (142) vs. those using a different operating

system or a different browser (75).

The second and third divisions were nearly identical because of the strong coupling between Internet Explorer and Windows (we had only one respondent using IE on a Macintosh). Note that complementary sets add to 217 responses, not 236. As noted earlier (Section 4.6), we used the user-agent string for this partitioning and only included those respondents who indicated that they were answering the questionnaire using the same browser they normally use for Internet activity. These divisions did not reveal any noteworthy patterns.

Confidence in responses.Several questions in each section asked respondents to indicate how confident they felt about their knowledge of the technology, or about adequately managing their risks. We used these responses to partition respondents into those who were confident and those who were not with respect to each technology. Because respondents often expressed confidence in one area but not in another, we did not feel it would be meaningful to average confidence responses across technology categories. Consequently, we ended up with a relatively large number of groups, none of which revealed strong response patterns.

5.2.Findings

Security practitioners, especially those on the front lines, frequently lament that users are uninformed and unmotivated regarding security issues, and call for renewed efforts to educate users. While we too are convinced that education is a critical component, our survey provides some evidence that the benefits of modest education may not be as dramatic as we would hope. The problem may not be so much that people are not interested in learning, but that it is a difficult subject. We provide many examples in this section of highly educated users who have clearly made an effort to understand the technologies they use, but who nevertheless retain serious misconceptions.

For example, one respondent reported – through an open text question – that he does not understand what a secure Web site is. He has read information about site security but has not retained it:

“My only knowledge of secure web sites is that they store sensitive information on a seperate [sic] secure server however I'm not really sure what that means or how it benefits me. I have read the security information provided on a few secure sights [sic] but I have not retained the information, possibly due to not fully understanding it.”

The evidence is most pronounced for matters relating to browser cookies (see Section 5.2.2 below).

Because we cannot say how representative our sample is, we cannot draw strong conclusions about Internet users in general. However, we believe the evidence we present here is sufficient to raise a question about the efficacy and potential of widespread education about personal privacy and security.

As expected, correlation between education level and

technical knowledge was weak. Most of our respondents were highly educated, with 82% having completed some kind of post-secondary training, and 41% possessing an advanced university or professional degree. Many respondents in these groups had only superficial understanding of the technologies they used.

5.2.1.Secure sites

Only one respondent (0.4%) admitted to never having heard the term “secure Web site”. Another 12% had heard of the term, but had little or no idea what it means to be secure. 88% claimed to have at least some knowledge of secure sites. Transport vs. storage.As noted earlier, respondents interpreted the term “secure Web site” in one of two ways. Some assumed it referred specifically to HTTP over SSL/TLS, while others assumed it referred more broadly to the security of the entire site. The interpretation had a significant impact on subsequent opinion questions. For example, we asked respondents to indicate their level of agreement with the statement, “A secure Web site assures me that the site is trustworthy for the purpose of conducting business”. Among respondents who clearly used the “secure connection” interpretation, 61% disagreed to some extent, while 18% agreed. (Respondents who chose “strongly disagree” or “disagree” for a given statement are said to disagree to some extent with that statement, and similarly for agreement). Among those who clearly used the “secure site” interpretation, in contrast, only 18% disagreed to some extent while 55% agreed. In other words, those with the “secure site” interpretation were much more likely to regard a site as trustworthy.

Many respondents in the latter group reinforced these views in their open text responses. One respondent characterized a secure site as “A site [where] I can carry out business transactions with confidence”. Another put it this way:

“The information given on a secure web is for the recipient only and cannot be shared or stolen. It makes buying on the internet a much safer experience.”

In general, respondents in this group had a greater number of misconceptions about the assurances provided by Web sites labeled as “secure”. One way to interpret the responses we received is to postulate that many people do not clearly perceive the distinction between transport and storage. For example, consider these statements:

“When a website is secure, other people can't see your credit card numbers, personal info., etc. when ordering things online.”

“Information is encrypted to preserve privacy.”

There is no hint here that the respondents are thinking about the distinction. On the other hand, it was widely understood (using either interpretation) that a secure site involves encryption in some way. How then would users who do not consciously consider the distinction between transport and storage interpret the message that a closed lock icon indicates a “secure site”? One possible answer is that they will be confused about what data is encrypted, where, and for how long, and consequently conclude that the lock icon indicates that information they submit will be permanently encrypted at the server. We found substantial evidence to support this hypothesis. For example, one respondent characterized secure sites this way:

“The servers are in a secure location, and data is encrypted by very high level (eg256 bit) encryption.

Concern: nothing is infallible, and geeks can crack what geeks created.”

Several respondents indicated their belief that personal information submitted to a Web site is selectively encrypted according to its sensitivity. For example, one respondent said:

“I'm under the impression that with secure websites, any personal information that I may enter is only accessible to the compnay [sic] that I intend to provide the information to and that things like social security numbers or passwords are encrypted.”

Another believes that “login id and passwords are encrypted when transmitted”. Some users simply place trust in a higher power:

"I think it means that the information I give to the website can't be accessed by anyone else. I hope that's what it means!”

“I understand that information sent between the client and server is encrypted using a very strong encryption method. My major concern is that the data stored on the host computer may be stolen. However, I'm fairly confident that major institutions, such as banks, have this problem licked.”

The problem is compounded because we in the technical community have used the term “secure site” to refer to something very specific (HTTPS transport) that cannot be deduced from the label itself. It is not surprising that many people interpret the term “secure site” to mean a site that is secure.

While those respondents who associate security only with the transport connection often demonstrated detailed technical knowledge of the protocols involved, there were many in this group who were clearly less knowledgeable. One respondent knew that the term “secure site” somehow implicates encryption, but was uncertain precisely how: “I think secure Web site use encryption when sending information. But I am not quite sure what encryption really means, and if certain people can still intercept that information and make use of it.”

Friedman et al. have also drawn attention to differing interpretations of Web site security [9]. In their study, they asked subjects to define “secure connection”, and divided responses into three categories: transit, encryption, and remote site. They found roughly similar proportions, though a precise comparison is not meaningful because of differences in the sample populations. Their study did not explore a connection between interpretation and other beliefs about secure sites.

Untrustworthy transport. A surprising number of people

disagreed with the following statement:

I can always rely on a secure Web site to protect sensitive

information as it is being sent to or from the site.

It is surprising because protecting information in transit is a relatively strong link in the chain and one of the few things for which HTTPS can be solidly relied upon. The result does not appear to stem from the interpretation of “secure site”. Over 35% of the respondents with the “secure connection” interpretation still disagreed to some extent, though over 52% agreed. Over 35% of the respondents with the “secure site” interpretation disagreed to some extent while 41% agreed – similar proportions. So what were the 35% of respondents in the first group thinking?

The most likely explanation is that many respondents were influenced by the italicized word always in the statement. One respondent made the following observation:

“... any questions that say "always" are useless; all generalities are false and I must disagree with them on principle.”

Another respondent explained in the open text response that he had to disagree because one cannot be certain of perfect confidentiality:

“A secure web site establishes an encrypted channel (usually using SSL), through which HTTP can be sent back and forth without the possibility of a third party easily intercepting and reading the communication. When using a secure site, we can be more confident (though not perfectly confident) that sensitive information is being seen only by the intended recipient.”

Awareness of server authentication. Many respondents, including those who appear to be relatively well informed about the technology, seem unaware that the SSL/TLS protocols underlying HTTPS provide server authentication. We asked respondents to indicate their level of agreement with the following statement:

A secure Web site assures me that I am communicating

with the real site and not an impostor.

37% of all respondents disagreed to some extent, while 37% agreed. Surprisingly, 41% of those who used the “secure connection” interpretation of secure site disagreed, while 37% agreed. We interpret these results to mean that the respondents who disagreed are not aware of the authentication component of secure connections (note that the question does not say always, but rather asks whether secure sites give some assurance in this regard). Unfortunately, the open text responses did not reveal an explanation for the trend. One respondent reported the incident some years ago in which VeriSign issued two code signing certificates in Microsoft's name to a fraudulent applicant (complete with a link to a mailing list discussion of the incident). He cited the incident as evidence that a digital certificate does not guarantee the identity of the remote party in an SSL/TLS transaction. While this explains one respondent's disagreement, it seems unlikely that it would explain the overall trend.

In the absence of a better explanation, the evidence suggests that respondents were unaware of the benefits (or importance) of server authentication in communicating with secure sites, including many respondents who demonstrated detailed technical knowledge of at least some aspects of the SSL/TLS protocol. There is clearly a need for further investigation.

Awareness of tools. 22% of respondents do not know if their browser can display security details relating to encryption and server authentication. A further 24% believe it does, but have not attempted to view them. Among those respondents who used the “secure connection” interpretation, these percentages are 10% and 16% respectively; for those who used the “secure site” interpretation, the values are 30% and 38%.

This suggests that a significant number of Internet users are unaware of the tools involved, although it is unclear how this result should be interpreted. Is lack of awareness of these tools necessarily a negative thing? Do users who view security details achieve better outcomes? It is interesting to note that in designing its new Safari browser, Apple Computer chose to intentionally hide this information. Although the browser is capable of displaying certificate details in certain rare situations, and it provides warnings when server certificates cannot be validated, it is not generally possible to view the certificate or connection details for a page served through HTTPS.

Reliance on tools. 60% of our respondents reported that they would stop using some sites if they were not secure. On the other hand, 14% reported that site security never influences their trust decisions, while another 25% indicated that they are more comfortable with some sites because they are secure, but would probably still use them even if they were not. Among those respondents who used the “secure connection” interpretation of “secure site”, these numbers are 70%, 8% and 22% respectively; among those with the “secure site” interpretation, they are 62%, 9% and 28% respectively.

5.2.2.Cookies

Only three respondents (1.3%) admitted to never having heard the term “browser cookie”. Another 9% had heard of the term, but had little or no idea what cookies are. 89% claimed to have at least some knowledge of browser cookies.

We asked respondents to indicate their level of agreement with a number of statements. Among these were a number of distinctly negative statements:

?Cookies invade my privacy.

?Cookies reveal my personal information to Web sites without my knowledge.

?Cookies allow others to track my browsing activities on the Internet.

?Cookies can reveal to a Web site the names of other Web sites I have visited.

Overall, there was widespread agreement with all of these statements. The suggestion that cookies facilitate the tracking of browsing activities was the most broadly supported, with 72% of respondents agreeing to some extent. Users have tried to educate themselves. The open text

question in this section revealed a wide range of ways to describe cookies. Some demonstrated misconceptions (discussed below), but most had at least a kernel of accuracy. For example, one particular respondent appears to know little about cookies, does not know if his browser can do anything with them, and responded to the opinion questions in ways that are arguably wrong. Yet his open text description of cookies is concise and accurate:

“I believe they are files containing personal information that other computers (servers) place on my hard drive to identify my machine, and me, when I access their web sites.”

This trend provides some evidence to contradict the widespread belief that typical Internet users have no idea what cookies are. If our respondents were knowledgeable about only one technology, it was almost always cookies. Cookies speed up web sites. Many respondents expressed the belief that the primary purpose (or primary benefit) of cookies is to speed up web sites. Many went on to explain that the speed up is obtained because cookies allow login forms (and occasionally other forms, such as payment details) to be bypassed. Some also observed that server-side auto-completion of Web forms saves time as well.

Others appear to have confused cookies with data caching. For example,

“A cookie stays on your computer so that when you visit that web page again, it loads pictures faster.”

“My understanding of cookies is that my computer stores web sites that are used so when I want to view these sites they can be viewed quicker.”

It is interesting to note that in the user interface for recent versions of Microsoft's Internet Explorer, the button to delete cookies is visually grouped with the button to delete temporary Internet files, which together are introduced with the following statement:

Pages you view on the Internet are stored in a special folder for quick viewing later.

This may explain why some users associate cookies with browser caching, which may in turn lead to inappropriate conclusions about their function and purpose, and therefore about the risks they pose.

Cookies protect data in transit. Some respondents agreed with the following statement:

Cookies help protect sensitive information as it is being sent to or from a Web site.

This may be indicative of a serious misconception. One respondent went on to explain his reasoning, observing that cookies can obviate the need to (re)transmit sensitive data to a site. It is unknown whether others who agreed with the statement had similar reasons.

Revealing information vs. tracking. We asked respondents to indicate the degree to which they agreed with the following two statements:

Cookies reveal my personal information to Web sites

without my knowledge.

Cookies allow others to track my browsing activities on the Internet.

In practice, cookies rarely contain personal information. Instead, they generally contain a unique identifier that is linked to information stored at the server that was previously submitted by some other means, such as through an HTML form. For this reason, the first statement is arguably false. On the other hand, one of the greatest privacy concerns about cookies is that they can be used to correlate visits to multiple, often independent web sites with a single user (or browser). Therefore, the second statement is arguably true. We were interested in the number of respondents who would perceive this distinction.

Only 25 respondents (11%) disagreed to some extent with the first statement while agreeing with the second. By including neutral responses, we found that 59 respondents (25%) agreed with the second statement, but not the first. Given that many of our respondents demonstrated a deep technical understanding of the technology, these proportions would tend to suggest that the distinction is not widely recognized.

Other observations. Several respondents noted that a possible concern with cookies is that they can be stolen by other sites (presumably through browser security flaws or packet interception).

One respondent described cookies this way:

“Contains information that will allow the website to "recognize" you as a returned user. No personal information is stored on the website server.”

There is too little context to be certain, but this may suggest a misconception that makes cookies seem like a good thing by reducing the need for servers to store personal information. This idea presents an interesting contrast to the belief that it is good for servers to store sensitive information because it avoids the need for repeated transmission. Confidence. 58% of respondents express confidence that they understand how cookies may be used to track their activities online, while only 17% report a lack of confidence in this regard. On the other hand, only 28% of respondents are confident in their ability to “distinguish between cookies that are beneficial and those that may be harmful”, whereas 42% are not.

26% of respondents report having used cookie managers, but without confidence that doing so has helped them. Only 29% are confident that use of cookie managers has helped them.

Awareness. 21% of respondents do not know if their browser allows cookie management of any kind. Another 9% do not know if they have used cookie management features, and a further 12% believe they have not used them. Altogether, that represents 42% of respondents whose awareness is low. 55% of respondents reported having used cookie management features.

Reliance on tools. 27% of our respondents reported that they would stop using some sites if they could not control (or block) cookies exchanged with the site. 72% of respondents reported that they have either never used cookie management features (24%), or would not change their browsing behavior even if cookie management features were not available (48%).

5.2.3.Privacy policies

Thirteen respondents (5%) reported never having heard of privacy policies described in this way:

Privacy policies are concise statements of what the operators of a Web site will do with information they collect from you, and how they promise to safeguard it.

Another 14% had heard of the term in this context, but had little or no idea what they are for or how they helped site visitors. 79% claimed to have at least some knowledge of Web site privacy policies.

Skepticism is widespread. Our respondents were overwhelmingly unimpressed with Web site privacy policies. Many used strong and colorful language to express their dissatisfaction (e.g.,“CYA: cover your ass statements”, “horse shit”, and “as trustworthy as a politican's [sic] promises”).

In their open text responses, many of the respondents described one or more of the following weaknesses:

?privacy policies typically disclaim the sharing of information, rather than assuring its protection;

?the legal standing of privacy policies is not well known and is presumed to be very weak; and ?privacy policies are subject to change at any time, which is widely presumed to mean that site operators

can, with impunity, ignore any promises they may

have made to you simply by changing their policy.

A significant number of respondents appear to believe that the existence of a privacy policy automatically implies a promise of confidentiality when in fact they may disclaim it. One respondent described privacy policies this way: “They are to protect any information you give to that particular site. You are protected from them giving out your personal information.”

This suggests that users may often be jumping to inappropriate conclusions when they see that a site has a privacy policy.

40% of respondents agreed that privacy policies help protect information after it has been collected, while 33% disagree. It is unclear how many of the respondents who agree also believe that the existence of a policy automatically implies a promise of confidentiality.

We trust you anyway. One result was quite surprising. We asked respondents to indicate their level of agreement with the following statements:

If a Web site has a privacy policy, its operators have no choice but to respect it.

A web site can violate its stated privacy policy, but most

sites can be trusted to respect it.

Overall, only 9% agreed to some extent with the first statement. Two thirds (67%) disagreed. On the other hand, 44% agreed with the second statement, while only 18% disagreed. The pattern was quite evident when reading individual responses. One respondent after another would express deep skepticism with respect to nearly every question about privacy policies, but most appear to believe that sites in general can be trusted to be honorable. One respondent, who appeared to be knowledgeable in this domain, strongly disagreed with every single positive statement posed for any of the four technologies, with only one exception: he agreed that sites can be trusted to respect their policies. We could not find anything in the open text responses to shed light on this apparent contradiction.

Confidence. A large number of respondents, 73%, are not confident that they would know if a privacy policy was violated. Only 6% expressed confidence in this regard.

39% of respondents claim to be familiar with their browser's privacy policy features, but only 9% admitted to not knowing how to control them. 23% of respondents claim to have adjusted their browser's privacy settings to suit their personal preferences, and a further 7% have investigated the controls and are comfortable with the default settings. This means that nearly a third of our respondents are confident in their use of privacy preference features in their browser. We had expected this number to be substantially lower. Awareness. 41% of respondents do not know if their browser has features relating to privacy policies, and a further 10% believe their browser has privacy features, but have never looked at them. Because these features are relatively new, having appeared only in the latest major versions of Internet Explorer, Netscape and Mozilla, we were not surprised to find that a majority of our respondents were unfamiliar with them.

Reliance on tools. 25% of our respondents reported that they would stop using some sites if the sites did not have privacy policies that were both understandable and acceptable. A further 6% would stop using some sites if the sites did not have privacy policies at all.

34% of our respondents reported that their decision to trust a site never depends on a stated privacy policy. Another 29% feel more comfortable with some sites because of the privacy policies they present, but would probably continue to use the site even if a written policy was not available.

5.2.4.Trust marks

We introduced trust marks in this way:

Many Web pages display a trust mark. For example, you may have seen some of the trust marks below displayed on a Web page:

The images of the following five common trust marks were displayed below the introductory statement: ?TRUSTe Initiative Trust Seal

?BBB (Better Business Bureau) System Trust Seal ?VeriSign Secure Site Seal

?CPA WebTrust Electronic Commerce Seal

?ePublicEye Registered Safer Shopping Site Seal

Thirty-eight of our respondents (16%) reported never having heard of the term. Another 28% had heard of the term, but had little or no idea what they are for or how they help site visitors. 55% claimed to have at least some knowledge of Web site trust marks.

Some evidence that trust marks are trusted. 42% of respondents reported that they are more likely to trust a site that displays a trust mark, while only 19% said they were not more likely to trust it. Similarly, 49% of respondents reported that they are more likely to trust a site displaying a trust mark only if they recognize the trust mark program, while 12% reported that they are not more likely to trust it.

Only 32% of respondents reported that the trust they attribute to a site because of a trust mark is conditional upon its validation; 32% indicated that the trust they base on a trust mark is not conditional upon validation.

Other observations. Many respondents recognized that spoofing of a trust mark is a concern, even those who did not appear to have significant technical expertise. The following statement is typical of the way in which this was reported: “Anyone can copy the graphic and put it on their site – it doesn't mean that the site is actually secure.”

One respondent appears to have confused the purpose of trust marks with the server authentication capabilities of HTTPS. He described trust marks as follows:

“third party companies which guarantee that the site i am communicating with is the actual site with whom communication is intended.”

Another's open text response was simply, “provide a reliable source the [sic] the site's public key”.

One possible explanation for this confusion is that VeriSign's Secure Site Seal program intentionally couples its trust marks with the digital certificates it supplies to member sites. When one clicks on a VeriSign trust seal to validate it, the resulting information refers primarily to the authenticity of the site.

If this is indeed the real source of the confusion, then it may lead users to attribute server authentication properties to other trust mark programs that are not in fact connected with server authentication.

Several respondents believe that trust marks indicate that site security is managed by the trust mark company. This is a misconception, although it is not clear that it is a particularly dangerous one.

One respondent described trust marks in the following way:

“trustmarks are fancy buzz words used to placate the masses into making them seem trustworthy. Since their membership is pay only, the trust in them stops at the buck. About as trustworthy as CA's.”

This sentiment is reminiscent of Matt Blaze's remark that a commercial certificate authority will protect you from anyone whose money they refuse to take.

There is some evidence to suggest that people who know how to validate trust marks do not generally find the validation evidence compelling. Many of our respondents claim to be aware of the validation process, but are not confident that they could detect forgeries. We asked respondents to indicate their level of agreement with the following statement:

I am confident that I would know if a trust mark displayed

on a Web site was a forgery and not sanctioned by the trust mark program or company.

54% of respondents disagreed to some extent, while only 11% agreed.

Awareness of authenticity and validation. 12% of respondents reported being unaware that authenticity of trust marks is a concern (many of whom made this point explicitly in their open text responses). A further 23% were unaware that most trust marks can be validated by clicking on the graphic. 19% of respondents were aware that validation information for a trust mark can be viewed by clicking on the graphic, but had never done it. (It is unclear how many of these respondents had never had the opportunity.) Confidence. As noted above, only 11% of respondents reported being confident that they could recognize a forged trust mark, while 54% reported a lack of confidence in this regard. Of the 68 respondents who reported being aware that validation information can be obtained by clicking on the graphic, 37 indicated that the validation process does not increase their trust. Only 31 of the 68 respondents are influenced by the validation.

Reliance on tools. Only 6% of our respondents reported that they would stop using some sites if the sites did not display trust marks. 64% either are never influenced by the presence of trust marks (35%), or feel more comfortable with some sites because they display trust marks, but would probably use the sites even if they did not (29%).

6.Summary and conclusions

We have described an online survey that explored typical Internet users’ awareness and knowledge of specific technologies that relate to their security and privacy when using a Web browser to access the Internet. Over a four-month period, 237 individuals completed an online questionnaire. Respondents were predominately Canadian, with substantial numbers from the United Kingdom and the United States.

We had three Spanish and two Italian respondents (reported as country of residence). When reading through their responses to the opinion questions, all five stood out as following an unusual response pattern. Although the differences are not easy to characterize and we cannot draw specific conclusions from our data, it suggests that there may be cultural differences to be explored more deeply.

Because respondents were anonymous and self-selecting, the survey did not seek to precisely characterize the security awareness and knowledge of typical Internet users. Rather, it was used to identify potential misunderstandings and misconceptions, the most interesting of which are

summarized below. In many cases, it is clear that software designers could easily make different choices to avoid confusing or misleading some users. In others (e.g., skepticism about privacy policies),changes would be relatively difficult or expensive. In such cases, our observations may help identify areas where more precise quantification of the issues is needed.

6.1.Significant Findings

https://www.wendangku.net/doc/a78173111.html,ers have tried to educate themselves regarding their

security and privacy online, but with mixed results. It appears that many who have tried have had limited success because the subject is a difficult one in which technical subtleties are significant. This finding calls into question the assumption that a modest amount of education would be effective if only users were motivated to pursue it.

2.The term “secure Web site” is used in technical circles to

refer to the use of SSL/TLS to secure the HTTP transport between a client and server. However, some users clearly interpret the term to mean that the site itself is secure in some assumed but unspecified way. Users who learn about the closed lock icon and other indicators of “secure sites” may therefore attribute security properties to the site itself whenever they see these cues in the browser.

As a group, they tend to believe that the presumed security makes such sites more trustworthy for the purpose of conducting business.

3.Relatively few of our respondents agreed with the

statement that secure sites provide assurance that the site with which they are communicating is authentic and not an impostor. It is unclear whether this indicates a lack of awareness of the server authentication component of the SSL/TLS protocols, or whether respondents disagreed for other reasons. Further investigation is necessary to resolve the matter.

4.Skepticism of privacy policies is widespread and our

respondents expressed their views on this issue very strongly. Nevertheless, respondents generally seem prepared to trust that site operators will respect their stated policy even though they generally believe that the policies have no legal standing and can be changed at any time.

5.There is evidence of confusion between the roles of

browser and Web server, especially with respect to the handling of cookies. In particular, many respondents confused cookie usage with browser-side caching and form-filling. We found evidence to suggest that the distinctions between the different types of information stored by browsers (cookies, bookmarks, cached pages and form data) are not clearly understood, and may lead to inappropriate conclusions about the impact of browser cookies.

6.Some respondents believed that trust marks provide some

assurance of server authenticity. This confusion may arise from the tight coupling of trust marks with server certificates in VeriSign's Secure Site Seal program. Acknowledgments

The authors would like to thank Michelle Anderson who helped build the online questionnaire web application during a co-op work term from January to April 2004.

References

[1]Branchaud, M. and Linn, J. Extended validation models in PKI:

Alternatives and implications. In Sean Smith, editor, Proceedings of the 1st Annual PKI Research Workshop, pages 37-43. NIST, April 2002. Retrieved 23-Feb-2005 from https://www.wendangku.net/doc/a78173111.html,/~pki02/Branchaud/.

[2]Cheskin Research. Trust in the Wired Americas. July 2000.

Retrieved 23-Feb-2005 from https://www.wendangku.net/doc/a78173111.html,/p/ar.asp?mlid=7.

[3]Cranor, L.F., Arjula, M., and Guduru, P. Use of a P3P user

agent by early adopters. In Proceeding of the ACM workshop on Privacy in the Electronic Society, pages 1-10. ACM Press, 2002.

[4]Dourish, P., Grinter, R.E., Dalal, B., Delgado de la Flor, J. and

Joseph, M. Security Day-to-Day: User Strategies for Managing Security as an Everyday, Practical Problem. Technical Report UCI-ISR-03-5, Institute for Software Research, University of California, Irvine, June 2003.

[5]Ellison, C. and Schneier, B. Ten risks of PKI: What you're not

being told about public key infrastructure. Computer Security Journal, 16(1):1-7, 2000.

[6]Fogg, B.J. Prominence-Interpretation Theory: Explaining How

People Assess Credibility Online. In Conference Extended Abstracts on Human Factors in Computer Systems, pages 722-723, Fort Lauderdale, Florida, USA, April 5-10 2003. ACM Press.

[7]Friedman, B., Khan, P.H., Jr. and Howe, D.C. Trust online.

Communications of the ACM, 43(12):34-40, 2000.

[8]Friedman, B., Nissenbaum, H., Hurley, D., Howe, D.C. and

Felten, E. Users' Conceptions of Risks and Harms on the Web:

A Comparative Study. In Conference Extended Abstracts on

Human Factors in Computer Systems, pages 614-615, Minneapolis, Minnesota, USA, April 20-25, 2002. ACM Press.

[9]Friedman, B., Hurley, D., Howe, D.C., Felten, E. and

Nissenbaum, H. Users' Conceptions of Web Security: A Comparative Study. In Conference Extended Abstracts on Human Factors in Computer Systems, pages 746-747, Minneapolis, Minnesota, USA, April 20-25, 2002. ACM Press.

[10]Garfinkel, S.L., Schiller, J.I., Nordlander, E., Margrave, D. and

Miller, R.C. Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce. To appear in Proceedings of Financial Cryptography and Data Security, 2005.

[11]Millett, L.I., Friedman, B. and Felten, E. Cookies and Web

browser design: toward realizing informed consent online. In Proceedings of the SIGCHI conference on Human factors in computing systems, pages 46-52, 2001. ACM Press.

[12]Whitten, A. and Tygar, J.D. Why Johnny can't encrypt: A

usability evaluation of PGP 5.0. In Proceedings of the Eighth USENIX Security Symposium (Security'99), pages 169-183, 23-

26 August 1999. USENIX Association.

(完整word版)特殊角三角函数值表

特殊角三角函数值表： 函数名 在平面直角坐标系xOy中，从点O引出一条射线OP，设旋转角为θ，设OP=r，P点的坐标为（x，y）有 正弦函数sinθ=y/r余弦函数cosθ=x/r正切函数tanθ=y/x余切函数cotθ=x/y 正弦（sin）:角α的对边比斜边余弦（cos）:角α的邻边比斜边 正切（tan）:角α的对边比邻边余切（cot）:角α的邻边比对边 特殊函数人倒数关系: tanα ?cotα=1sinα ?cscα=1cosα ?secα=1特殊函数人商数关系:tanα=sinα/cosαcotα=cosα/sinα 特殊函数人平方关系：sinα2+cosα2=11+tanα2=secα21+cotα=cscα2 以下关系，函数名不变，符号看象限 sin（π+α）=-sinα cos（π+α）=-cosα tan（π+α）=tanα cot（π+α）=cotα sin（π－α）=sinα cos（π－α）=-cosα tan（π－α）=-tanα cot（π－α）=-cotα sin（2π－α）=-sinα cos（2π－α）=cosα tan（2π－α）=-tanα cot（2π－α）=-cotα 以下关系，奇变偶不变，符号看象限 sin（90°-α）=cosα cos（90°-α）=sinα tan（90°-α）=cotα cot（90°-α）=tanα sin（90°+α）=cosα cos（90°+α）=sinα tan（90°+α）=-cotαcot（90°+α）=-tanα 特殊三角函数人积化和差的关系： sinα ?cosβ=（1/2）*[sin（α+β）+sin（α－β）] cosα ?sinβ=（1/2）*[sin（α+β）－sin（α－β）] cosα ?cosβ=（1/2）*[cos（α+β）+cos（α－β）] sinα ?sinβ=（1/2）*[cos（α+β）－cos（α－β）] 特殊三角函数 - 和差化积公式 sinα+sinβ=2*[sin(α+β)/2]*[cos(α-β)/2] sinα-sinβ=2*[cos(α+β)/2]*[sin(α-β)/2]

(完整版)三角函数特殊角值表

角度 函数 0 30 45 60 90 120 135 150 180 270 360 角a 的弧度 0 π/6 π/4 π/3 π/2 2π/3 3π/4 5π/6 π 3π/2 2π sin 0 1/2 √2/2 √3/2 1 √3/2 √2/2 1/2 0 -1 0 cos 1 √3/2 √2/2 1/2 0 -1/2 -√2/2 -√3/2 -1 0 1 tan √3/3 1 √3 -√3 -1 -√3/3 1、图示法：借助于下面三个图形来记忆，即使有所遗忘也可根据图形重新推出： sin30°=cos60°=2 1 ，sin45°=cos45°=22， tan30°=cot60°=33， tan 45°=cot45°=1 正弦函数 sinθ=y/r 余弦函数 cosθ=x/r 正切函数 tanθ=y/x 余切函数 cotθ=x/y 正割函数 secθ=r/x 余割函数 cscθ=r/y 2、列表法： 说明：正弦值随角度变化，即0? 30? 45? 60? 90?变化；值从0 2 1 22 23 1变化，其余类似记忆． 3、规律记忆法：观察表中的数值特征，可总结为下列记忆规律： ① 有界性：（锐角三角函数值都是正值）即当0°＜α＜90°时， 则0＜sin α＜1； 0＜cos α＜1 ； tan α＞0 ； cot α＞0。 ②增减性：（锐角的正弦、正切值随角度的增大而增大；余弦、余切值随角度的增大而减小），即当0＜A ＜B ＜90°时，则sin A ＜sin B ；tan A ＜tan B ； cos A ＞cos B ；cot A ＞cot B ；特别地：若0°＜α＜45°，则sin A ＜cos A ；tan A ＜cot A 若45°＜A ＜90°，则sin A ＞cos A ；tan A ＞cot A ． 4、口决记忆法：观察表中的数值特征 正弦、余弦值可表示为 2m 形式，正切、余切值可表示为3 m 形式，有关m 的值可归纳成顺口溜：一、二、三；三、二、一；三九二十七． 30? 1 2 3 1 45? 1 2 1 2 60? 3

第四代核能系统介绍

目前世界大多数国家电力市场上的竞争日趋激烈，迫使电力生产商和它们的供应商更加关注它们的运行成本和投资的盈利能力。现有的核电系统在这样的市场上显得初投资太高、建设期太长和项目规模太大。核工业要生存下去并保持繁荣，就需要执行商业化的、以利润为导向的方针。从总体上看，核动力在中期和远期的市场中都具有竞争潜力。但是，要使这种潜力变为现实，还要在许多方面付出极大的努力，包括必须能在不危及安全的前提下大幅度降低成本，包括运行和维护费用，并使电厂的可利用率达到较高水平。面对上述挑战，国际核能界正在进行多方面的研究和调整，其中一项举措就是对第四代核能系统的研发。包括有关国家政府、工业界、电力公司、大学、实验室、研究院所都不同程度地关注或参与这个研发。每年的研发费用超过20亿美元。按广泛被接受的观点，已有的核能系统分为三代：（1）上个世纪50年代末至60年代初建造的第一批原型核电站；（2）60年代至70年代大批建造的单机容量在600~1400 MW的标准型核电站，它们是目前世界上正在运行的439座核电站（2002年6月统计数）的主体；（3）80年代开始发展、在90年代末开始投入市场的先进轻水堆（AL WR）核电站。 Gen-IV的概念最先是在1999年6月召开的美国核学会年会上提出的。在当年11月该学会冬季年会上，进一步明确了发展Gen-IV的设想。美国、法国、日本、英国等核电发达国家在2000年组建了Gen-IV国际论坛，拟用2~3年的时间完成制定Gen-IV研发目标计划。这项计划总的目标是在2030年左右，向市场上提供能够很好解决核能经济性、安全性、废物处理和防止核扩散问题的Gen-IV。 2 Gen-IV的研发目标目前Gen-IV先进核能系统的概念还比较模糊，国际上也没有一个确切的定义。但是，这里已经明确的是"先进核能系统"，而非"先进反应堆"。其应满足安全、经济、可持续发展、极少的废物生成、燃料增殖的风险低等基本标准。具体来说，研发Gen-IV的目标有三类： 2.1 可持续能力目标按照比较权威的定义，可持续能力的本质是如何维系地球生存支持系统去满足人类基本需求的能力。对一个特定系统而言，是其在规定目标和预设阶段

工业控制系统安全现状与风险分析--省略-CS工业控制系统安全(精)

c o m p u t e r s e c u r i t y 工控安全专题 导语 :本文将从 IT 领域熟悉的信息安全管理体系的基本理论和潜在威胁的角度,借鉴国际上有关工业控制系统安全保护要求及标准,分析当前我国工业控制系统存在的风险,并提出一套基于 I C S 系统的威胁发现与识别模型。 工业控制系统安全现状与风险分析——ICS 工业控制系统安全风险分析之一 张帅 2011年 11月 12日,待测伊朗弹道导弹收到控制指令后突然爆炸。事故经媒体披露,迅速引发各国政府与安全机构的广泛关注,对真凶的质疑直指曾攻击布什尔核电站工业控制系统的 Stuxnet 蠕虫病毒。截至目前,事故真相与细节并未公布,但工业控制系统长期存在的风险隐患却已是影响国家关键基础设施稳定运行重要因素,甚至威胁到国家安全战略实施。为此工信部于 2011年 10月份发布文件,要求加强国家主要工业领域基础设施控制系统与 SCADA 系统的安全保护工作。 1 工业控制系统介绍 工业控制系统(Industrial Control Systems, ICS ,是由各种自动化控制组件以及对实时数据进行采集、监测的过程控制组件,共同构成的确保工业基础设施自动化运行、过程控制与监控的业务流程管控系统。其核心组件包括数据采集与监控系统(SCADA 、分布式控制系统(DCS 、可编程逻辑控制器(PLC 、远程终端(RTU 、智能电子设备 (IED ,以及确保各组件通信的接口技术。 目前工业控制系统广泛地应用于我国电力、水利、污水处理、石油天然气、化工、交通运输、制药以及大型制造行业,其中超过 80%的涉及国计民生的关键基础设施依靠工业控制系统来实现自动化作业,工业控制系统已是国家安全战略的重要组成部分。

核电设备名词及主要系统简介

核电设备名词及系统简介 1、装备制造业名词：RCC-M 来源：发改委 RCC-M是法国《压水堆核岛机械设备设计和建造规则》的简称，由法国核岛设备设计和建造规则协会（AFCEN）为规范法国压水堆核电站机械设备设计和建造而编制，已被法国政府采纳，是法国核电标准RCC系列的一个分支。RCC系列（RCC-C、RCC-E、RCC-M、RCC-MR和RSE-M五部分）规范标准的原始基础是美国轻水堆核电标准，法国在20世纪70年代初期引进了美国西屋公司的90万千瓦级核电机组技术，启动了压水堆核电发展计划，按照美国ASME－III等标准陆续建成一批90万千瓦级核电机组。为适应法国核安全管理的要求并根据工业实践经验和业主（EDF）对制造和检测的要求，法国相关部门对引进的标准增设了相关的附加规定。此后，法国相关部门又把附加规定与设计和建造标准全部收集到一套完整的文件中。这就是RCC系列标准的由来。自1980年10月出版第一版以来，应法国国内及国外项目建设的需要，AFCEN不断对RCC-M进行升级或补遗，截至目前最新版本2007版，共计有7个版本。RCC-M是针对不同核电项目建设而不断进行升级的。在RCC-M标准的使用过程中，世界上任意一家使用方均可提出修改要求。AFCEN定期举行小型会议（每年10～20次），由50～100个会员参加，综合考虑各种情况和问题，如法规和涉及标准的变化、国际范围内管理要求的更新以及工业发展情况等对RCC-M标准进行更新。 RCC-M主要用于安全级设备，在法国和其他国家（如中国）供买卖双方在合同签订时作为依据性文件使用。RCC-M中所给出的规则主要借鉴了"ASME锅炉及压力容器规范"第III卷核动力装臵设备（NB、NC、ND、NG、NF）

工业控制系统安全防护技术

工业控制系统信息安全防护技术

目 录 0102 03工控事件攻击技术概述工控系统安全技术工控系统防护体系思考04 结束语 信息化和软件服务业司

HAVEX病毒 ?2014年，安全研究人员发现了一种类似震网病毒的恶意软件，并将其命名为：Havex，这种恶意软件已被用在很多针对国家基础设施的网络攻击中。 ?就像著名的Stuxnet蠕虫病毒，Havex也是被编写来感染SCADA和工控系统中使用的工业控制软件，这种恶意软件在有效传播之后完全有能力实现禁用水电大坝、使核电站过载、甚至有能力关闭一个地区和国家的电网。

篡改供应商网站，在下载软件升级包中包含恶意间谍软件 被攻击用户下被载篡改的升级包 恶意间谍代码自动安装到OPC客户端 OPC服务器回应数据信息黑客采集获取的数据 恶意间谍代码通过OPC协议发出非法数据采集指令 1 24将信息加密并传输到C&C （命令与控制）网站 3 5 7 6 通过社会工程向工程人员发送包含恶意间谍代码的钓鱼邮件 1 供应商官方网站 工控网络 OPC客户端OPC客户端 OPC服务器 OPC服务器 生产线 PLC PLC HAVEX病毒攻击路径概述

Havex 传播途径 在被入侵厂商的主站上，向用户提供包含恶意代码的升级软件包 利用系统漏洞，直接将恶意代码植入包含恶意代码的钓鱼邮件 l有三个厂商的主站被这种方式被攻入，在网站上提供的软件安装包中包含了Havex。这三家公司都是开发面向工业的设备和软件，这些公司的总部分别位于德国、瑞士和比利时。 l其中两个供应商为ICS系统提供远程管理软件，第三个供应商为开发高精密工业摄像机及相关软件。

工业控制的应用现状和发展趋势

现代工业控制总线的发展趋势 前言 随着计算机、通信、自动控制、微电子等技术的发展，大量智能控制芯片和智能传感器的不断出现，以及在传感器、通信和计算机领域所取得的巨大成就使人们对系统综合性能尤其是安全性能提出了越来越高的要求：希望能对系统设备的工作状况进行实时监测和控制，并在此基础上实现设备的智能维护。对企业自动化设备而言，对其工作状况进行远程监测和控制，不仅可方便设备管理者随时了解设备工作状态，设备出现异常时主动报警，便于及时维修，还可拓宽设备服务范围，提高工作性能，延长使用寿命。这一目标的实现对控制网络在开放性、互连性、分散性等方面提出了更高要求。 一分散控制系统(DCS) 当前工业控制计算机的应用范围仍以大系统、分散对象、连续生产过程(如冶金、石化、电力)为主，采用分布式系统结构的分散控制系统仍在发展。由于开放结构和集成技术的发展，进一步扩展了大型分散控制系统的应用。 1. 应用现状 DCS自1975年问世以来，大约有3次比较大的变革，70年代操作站的硬件、操作系统、监视软件都是专用的，由各DCS厂家自己开发并没有动态流程图，通信网络基本上是轮询方式；80年代通信网络较多使用令牌方式；90年代操作站出现了通用系统，90年代末通信网络有的部分遵循TCP/IP协议，有的开始采用以太网。20多年来，DCS已广泛应用于各工业领域并趋于成熟，成为工业控制系统的主流。 虽以现场总线为基础的FCS发展很快，最终将取代传统DCS，但其发展仍面临一些问题，如统一标准、仪表智能化等。而传统控制系统的维护和改造还需DCS，因此FCS完全取代传统DCS尚有较长过程。现DCS的新产品的特点为：系统开放、管控一体化及带有先进控制软件，DCS生产厂家也从事FCS的研发、生产和推广应用。

三角函数特殊角值表

三角函数特殊值 1、图示法：借助于下面三个图形来记忆，即使有所遗忘也可根据图形重新推出： sin30°=cos60°= 21 sin45°=cos45°=2 2 tan30°=cot60°=3 3 tan 45°=cot45°=1 2 30? 1 2 3 1 45? 1 2 1 2 60? 3

说明：正弦值随角度变化，即0? 30? 45? 60? 90?变化；值从0 2 3 1变化，其余类似记忆． 3、规律记忆法：观察表中的数值特征，可总结为下列记忆规律： ① 有界性：（锐角三角函数值都是正值）即当0°＜α＜90°时， 则0＜sin α＜1； 0＜cos α＜1 ； tan α＞0 ； cot α＞0。 ②增减性：（锐角的正弦、正切值随角度的增大而增大；余弦、余切值随角度的增大而减小），即当0＜A ＜B ＜90°时，则sin A ＜sin B ；tan A ＜tan B ； cos A ＞cos B ；cot A ＞cot B ；特别地：若0°＜α＜45°，则sin A ＜cos A ；tan A ＜cot A 若45°＜A ＜90°，则sin A ＞cos A ；tan A ＞cot A ． 4、口决记忆法：观察表中的数值特征 正弦、余弦值可表示为 2m 形式，正切、余切值可表示为3 m 形式，有关m 的值可归纳成顺口溜：一、二、三；三、二、一；三九二十七． 巧记特殊角的三角函数值 初学三角函数，记忆特殊角三角函数值易错易混。若在理解掌握的基础上，经过变形，使其呈现某种规律，再配以歌诀，则可浅显易记，触目成诵。 仔细观察表1，你会发现重要的规律。

特殊角三角函数值表

特殊角三角函数值表 函数名 在平面直角坐标系xOy中，从点0引出一条射线0P，设旋转角为0,设OP=r , P点的坐标为（x, y ）有 正弦函数sin 0 =y/r 余弦函数cos 0 =x/r 正切函数tan 0 =y/x 余切函数cot 0 =x/y 正弦（Sin ）：角a的对边比斜边余弦（COS ）:角a的邻边比斜边 正切（tan ）:角a的对边比邻边余切（cot ）:角a的邻边比对边 特殊函数人倒数关系：tan a ?COt a =1 sin a ?CSC a =1 COS a ?SeC a =1 特殊函数人商数关系：tan a =Sin a /COS a COt a =COS a /Sin a 特殊函数人平方关系：sin a 2+COS a 2=1 1+tan a 2=sec a2 1+cot a =CSC a2 以下关系，函数名不变，符号: 看象限 sin (n + a) =-Sin a COS (n + a) =. -COS a tan (n + a) =tan a cot (n + a) =cot a sin (n — a) =sin a cos (n —-a) =-COS a tan (n — a) =-tan a cot (n —-a) =-COt a sin (2 n — a) =-Sin a COS (2 n —a )=COS a tan (2 n — a) =-tan a COt (2 n —a )=-cot 以下关系，奇变偶不变，付号看象限 sin (90° - a) =COS a COS (90°-a ) =sin a tan (90° - a) =COt a cot (90°-a ) =ta n a sin (90° + a) =COS a cos (90°+ a )=sin a tan (90° + a) =- COt a(90°+ a ) =-ta n a 特殊三角函数人积化和差的关系: sin a ?cos 3 = ( 1/2 ) *[si n (a + 3) +sin (a — 3) ] COS a ?si n 3 = ( 1/2 ) *[si n (a + 3) —sin (a — 3) ] COS a ?cos 3 = ( 1/2 ) *[cos (a + 3) +COS (a — 3) ] sin a ?si n 3 = ( 1/2 ) *[cos (a + 3) —COS (a — 3) ] 特殊三角函数-和差化积公式 sin a +sin 3 =2*[sin( a + 3 )/2]*[cos( a - 3 )/2] sin a -sin 3 =2*[cos( a + 3 )/2]*[sin( a - 3 )/2]

三角函数特殊角值表

1、图示法：借助于下面三个图形来记忆，即使有所遗忘也可根据图形重新推出： sin30°=cos60°=2 1 ，sin45°=cos45°=22，tan30°=cot60°=33，tan45°=cot45°=1 正弦函数sinθ=y/r 余弦函数cosθ=x/r 正切函数tanθ=y/x 余切函数cotθ=x/y 正割函数secθ=r/x 余割函数cscθ=r/y 2、列表法： 说明：正弦值随角度变化，即0?30?45?60?90?变化；值从0 21222 3 1变化，其余类似记忆． 3、规律记忆法：观察表中的数值特征，可总结为下列记忆规律： ① 有界性：（锐角三角函数值都是正值）即当0°＜α＜90°时， 则0＜sin α＜1；0＜cos α＜1；tan α＞0；cot α＞0。 ②增减性：（锐角的正弦、正切值随角度的增大而增大；余弦、余切值随角度的增大而减小），即当0＜A ＜B ＜90°时，则sin A ＜sin B ；tan A ＜tan B ；cos A ＞cos B ；cot A ＞cot B ；特别地：若0°＜ α＜45°，则sin A ＜cos A ；tan A ＜cot A 若45°＜A ＜90°，则sin A ＞cos A ；tan A ＞cot A ． 4、口决记忆法：观察表中的数值特征 正弦、余弦值可表示为 2m 形式，正切、余切值可表示为3 m 形式，有关m 的值可归纳成顺口溜：一、二、三；三、二、一；三九二十七． 函数名正弦余弦正切余切正割余割 符号sincostancotseccsc 正弦函数sin （A ）=a/c 余弦函数cos （A ）=b/c 正切函数tan （A ）=a/b 余切函数cot （A ）=b/a 其中a 为对边，b 为邻边，c 为斜边 三角函数对照表 30? 1 2 1 45? 1 1 2 60?

特殊三角函数数值表图文稿

特殊三角函数数值表集团文件发布号：（9816-UATWW-MWUB-WUNN-INNUL-DQQTY-

两角和公式 sin(A+B) = sinAcosB+cosAsinB sin(A-B) = sinAcosB-cosAsinB cos(A+B) = cosAcosB-sinAsinB cos(A-B) = cosAcosB+sinAsinB tan(A+B) = (tanA+tanB)/(1-tanAtanB) tan(A-B) = (tanA-tanB)/(1+tanAtanB) cot(A+B) = (cotAcotB-1)/(cotB+cotA) cot(A-B) = (cotAcotB+1)/(cotB-cotA) sin3A = 3sinA-4(sinA)^3; cos3A = 4(cosA)^3 -3cosA tan3a = tan a · tan(π/3+a)· tan(π/3-a) 公式 sin(A/2) = √{(1--cosA)/2} cos(A/2) = √{(1+cosA)/2} tan(A/2) = √{(1--cosA)/(1+cosA)} cot(A/2) = √{(1+cosA)/(1-cosA)} tan(A/2) = (1--cosA)/sinA=sinA/(1+cosA) sin(a)+sin(b) = 2sin[(a+b)/2]cos[(a-b)/2]

sin(a)-sin(b) = 2cos[(a+b)/2]sin[(a-b)/2] cos(a)+cos(b) = 2cos[(a+b)/2]cos[(a-b)/2] cos(a)-cos(b) = -2sin[(a+b)/2]sin[(a-b)/2] tanA+tanB=sin(A+B)/cosAcosB sin(a)sin(b) = -1/2*[cos(a+b)-cos(a-b)] cos(a)cos(b) = 1/2*[cos(a+b)+cos(a-b)] sin(a)cos(b) = 1/2*[sin(a+b)+sin(a-b)] cos(a)sin(b) = 1/2*[sin(a+b)-sin(a-b)] 诱导公式 sin(-a) = -sin(a) cos(-a) = cos(a) sin(π/2-a) = cos(a) cos(π/2-a) = sin(a) sin(π/2+a) = cos(a) cos(π/2+a) = -sin(a) sin(π-a) = sin(a) cos(π-a) = -cos(a) sin(π+a) = -sin(a) cos(π+a) = -cos(a) tgA=tanA = sinA/cosA 万能公式

特殊三角函数数值表

特殊三角函数数值表 Company number：【WTUT-WT88Y-W8BBGB-BWYTT-19998】

两角和公式 sin(A+B) = sinAcosB+cosAsinB sin(A-B) = sinAcosB-cosAsinB cos(A+B) = cosAcosB-sinAsinB cos(A-B) = cosAcosB+sinAsinB tan(A+B) = (tanA+tanB)/(1-tanAtanB) tan(A-B) = (tanA-tanB)/(1+tanAtanB) cot(A+B) = (cotAcotB-1)/(cotB+cotA) cot(A-B) = (cotAcotB+1)/(cotB-cotA) sin3A = 3sinA-4(sinA)^3; cos3A = 4(cosA)^3 -3cosA tan3a = tan a · tan(π/3+a)· tan(π/3-a) 公式 sin(A/2) = √{(1--cosA)/2} cos(A/2) = √{(1+cosA)/2} tan(A/2) = √{(1--cosA)/(1+cosA)} cot(A/2) = √{(1+cosA)/(1-cosA)} tan(A/2) = (1--cosA)/sinA=sinA/(1+cosA) sin(a)+sin(b) = 2sin[(a+b)/2]cos[(a-b)/2] sin(a)-sin(b) = 2cos[(a+b)/2]sin[(a-b)/2] cos(a)+cos(b) = 2cos[(a+b)/2]cos[(a-b)/2] cos(a)-cos(b) = -2sin[(a+b)/2]sin[(a-b)/2] tanA+tanB=sin(A+B)/cosAcosB sin(a)sin(b) = -1/2*[cos(a+b)-cos(a-b)] cos(a)cos(b) = 1/2*[cos(a+b)+cos(a-b)] sin(a)cos(b) = 1/2*[sin(a+b)+sin(a-b)] cos(a)sin(b) = 1/2*[sin(a+b)-sin(a-b)] 诱导公式 sin(-a) = -sin(a) cos(-a) = cos(a) sin(π/2-a) = cos(a) cos(π/2-a) = sin(a) sin(π/2+a) = cos(a) cos(π/2+a) = -sin(a) sin(π-a) = sin(a)

特殊角三角函数值表

特殊角三角函数值表： ? 函数名 在平面直角坐标系ｘＯy中，从点O引出一条射线OＰ，设旋转角为θ，设OＰ=r,Ｐ点的坐标为(x,ｙ)有?正弦函数sinθ=y/r余弦函数ｃoｓθ=x／r 正切函数tanθ＝ y/x 余切函数cｏｔθ=ｘ／ｙ?正弦（sin):角α的对边比斜边余弦（cos)：角α的邻边比斜边 正切(ｔan）:角α的对边比邻边余切（cot）:角α的邻边比对边 特殊函数人倒数关系: tａnα ?coｔα=１sinα ?csｃα＝1 ｃosα ?secα=1 特殊函数人商数关系:tａｎα=sinα／cｏsαｃotα＝cosα/sinα?特殊函数人平方关系:sinα2+cｏｓα2=1 1+tanα2=sｅｃα21+cotα=cscα2?以下关系,函数名不变，符号看象限 siｎ（π+α)＝－siｎαcos（π+α)=-cｏsα ｔan（π+α）＝ｔａnα coｔ(π＋α)=ｃotα sin（π—α)=ｓinα cos（π—α)=—cosα tａn(π—α)=－taｎαcｏt(π—α）=—ｃotα ｓin(2π－α）=-sinα cos（2π－α）=ｃosα tan(2π－α）=-tａnα cｏt(２π—α）＝－cotα?以下关系,奇变偶不变,符号看象限 siｎ(90°-α)=cosα cｏs(90°-α)=ｓinα tan（90°－α）=cｏｔα coｔ（９０°—α)=tａｎα?ｓin（９0°+α)=cosαｃｏ s(90°+α）=sinα tan（90°+α）=-ｃotαcot（90°＋α）＝—tanα 特殊三角函数人积化和差的关系：?siｎα ?ｃoｓβ=（1/2）*[ｓiｎ（α+β）+sin （α-β）］ cｏsα ?ｓinβ=(1/2)＊[sｉn（α+β)—sin(α－β）］ ｃoｓα ?cｏｓβ=（1/2）*［cｏs（α+β）＋cos（α—β)] sｉnα ?ｓｉnβ=（1/２）＊[ｃoｓ（α+β）-cｏs（α—β）]?特殊三角函数 - 和差化积公式?siｎα＋siｎβ=2*［ｓｉｎ(α＋β）/2］*[coｓ(α－β)/2] sinα-sinβ=2*［ｃos(α+β)／２]＊[ｓin（α—β）/2] cosα＋ｃｏｓβ=2*[ｃos(α＋β）/２］*［ｃｏｓ(α－β）/2］cosα—ｃosβ＝-22*［ｓin（α+β）／2］＊［sin(α－β)/2］

三角函数值表

（1）特殊角三角函数值 sin0=0 sin30=0.5 sin45=0.7071 二分之根号2 sin60=0.8660 二分之根号3 sin90=1 cos0=1 cos30=0.866025404 二分之根号3 cos45=0.707106781 二分之根号2 cos60=0.5 cos90=0 tan0=0 tan30=0.577350269 三分之根号3 tan45=1 tan60=1.732050808 根号3 tan90=无 cot0=无 cot30=1.732050808 根号3 cot45=1 cot60=0.577350269 三分之根号3 cot90=0 （2）0°～90°的任意角的三角函数值，查三角函数表。（见下）（3）锐角三角函数值的变化情况 （i）锐角三角函数值都是正值

（ii）当角度在0°～90°间变化时， 正弦值随着角度的增大（或减小）而增大（或减小） 余弦值随着角度的增大（或减小）而减小（或增大） 正切值随着角度的增大（或减小）而增大（或减小） 余切值随着角度的增大（或减小）而减小（或增大） （iii）当角度在0°≤α≤90°间变化时， 0≤sinα≤1, 1≥cosα≥0, 当角度在0°<α<90°间变化时， tanα>0, cotα>0. “锐角三角函数”属于三角学，是《数学课程标准》中“空间与图形”领域的重要内容。从《数学课程标准》看，中学数学把三角学内容分成两个部分，第一部分放在义务教育第三学段，第二部分放在高中阶段。在义务教育第三学段，主要研究锐角三角函数和解直角三角形的内容，本套教科书安排了一章的内容，就是本章“锐角三角函数”。在高中阶段的三角内容是三角学的主体部分，包括解斜三角形、三角函数、反三角函数和简单的三角方程。无论是从内容上看，还是从思考问题的方法上看，前一部分都是后一部分的重要基础，掌握锐角三角函数的概念和解直角三角形的方法，是学习三角函数和解斜三角形的重要准备。 附：三角函数值表 sin0=0, sin15=（√6-√2)/4 , sin30=1/2, sin45=√2/2, sin60=√3/2, sin75=(√6+√2)/2 , sin90=1, sin105=√2/2*(√3/2+1/2) sin120=√3/2 sin135=√2/2 sin150=1/2 sin165=（√6-√2)/4 sin180=0 sin270=-1 sin360=0

三角函数特殊角值表

创作编号：BG7531400019813488897SX 创作者： 别如克* 只想上传这一个表 下面的都是无用的话 不用看了。 1、图示法：借助于下面三个图形来记忆，即使有所遗忘也可根据图形重新推出： sin30°=cos60°= 2 1 sin45°=cos45°=22 tan30°=cot60°=3 3 tan 45°=cot45°=1 230? 1 2 3 1 45? 1 2 1 2 60? 3

说明：正弦值随角度变化，即0? 30? 45? 60? 90?变化；值从0 23 1变化，其余类似记忆． 3、规律记忆法：观察表中的数值特征，可总结为下列记忆规律： ① 有界性：（锐角三角函数值都是正值）即当0°＜α＜90°时， 则0＜sin α＜1； 0＜cos α＜1 ； tan α＞0 ； cot α＞0。 ②增减性：（锐角的正弦、正切值随角度的增大而增大；余弦、余切值随角度的增大而减小），即当0＜A ＜B ＜90°时，则sin A ＜sin B ；tan A ＜tan B ； cos A ＞cos B ；cot A ＞cot B ；特别地：若0°＜α＜45°，则sin A ＜cos A ；tan A ＜cot A 若45°＜A ＜90°，则sin A ＞cos A ；tan A ＞cot A ． 4、口决记忆法：观察表中的数值特征 正弦、余弦值可表示为 2m 形式，正切、余切值可表示为3 m 形式，有关m 的值可归纳成顺口溜：一、二、三；三、二、一；三九二十七． 创作编号：BG7531400019813488897SX 创作者： 别如克*

初中三角函数值表

文案大全 初中三角函数值表 特殊角三角函数值 sin0=0 sin30=0.5 sin45=0.7071=22 sin60=23=0.866 sin90=1 cos0=1 cos30=23 =0.866 cos45=22=0.70 cos60=0.5 cos90=0 tan0=0 tan30=33 =0.577 tan45=1 tan60=3=1.732 tan90=无 cot0=无cot30=3=1.732 cot45=1 cot60=33 =0.577 cot90=0 （2）0°～90°的任意角的三角函数值，查三角函数表。（见下） （3）锐角三角函数值的变化情况 （i ）锐角三角函数值都是正值 （ii ）当角度在0°～90°间变化时， 正弦值随着角度的增大（或减小）而增大（或减小） 余弦值随着角度的增大（或减小）而减小（或增大）

正切值随着角度的增大（或减小）而增大（或减小） 余切值随着角度的增大（或减小）而减小（或增大）（iii）当角度在0°≤α≤90°间变化时， 0≤sinα≤1, 1≥cosα≥0, 当角度在0°<α<90°间变化时， tanα>0, cotα>0. 附：三角函数值表 sin0=0, sin15=（√6-√2)/4 , sin30=1/2, sin45=√2/2, sin60=√3/2, sin75=(√6+√2)/2 , sin90=1, sin105=√2/2*(√3/2+1/2) 文案大全

sin120=√3/2 sin135=√2/2 sin150=1/2 sin165=（√6-√2)/4 sin180=0 sin270=-1 sin360=0 文案大全

三角函数特殊角值表

1、图示法：借助于下面三个图形来记忆，即使有所遗忘也可根据图形重新推出： sin30°=cos60°=2 1 ，sin45°=cos45°=22， tan30°=cot60°=33， tan 45°=cot45°=1 正弦函数 sinθ=y/r 余弦函数 cosθ=x/r 正切函数 tanθ=y/x 余切函数 cotθ=x/y 正割函数 secθ=r/x 余割函数 cscθ=r/y 2、列表法： 说明：正弦值随角度变化，即0? 30? 45? 60? 90?变化；值从0 2 1 22 23 1变化，其余类似记忆． 3、规律记忆法：观察表中的数值特征，可总结为下列记忆规律： ① 有界性：（锐角三角函数值都是正值）即当0°＜α＜90°时， 则0＜sin α＜1； 0＜cos α＜1 ； tan α＞0 ； cot α＞0。 ②增减性：（锐角的正弦、正切值随角度的增大而增大；余弦、余切值随角度的增大而减小），即当0＜A ＜B ＜90°时，则sin A ＜sin B ；tan A ＜tan B ； cos A ＞cos B ；cot A ＞cot B ；特别地：若0°＜α＜45°，则sin A ＜cos A ；tan A ＜cot A 若45°＜A ＜90°，则sin A ＞cos A ；tan A ＞cot A ． 4、口决记忆法：观察表中的数值特征 正弦、余弦值可表示为 2m 形式，正切、余切值可表示为3 m 形式，有关m 的值可归纳成顺口溜：一、二、三；三、二、一；三九二十七． 30? 1 2 3 1 45? 1 2 1 2 60? 3

函数名正弦余弦正切余切正割余割符号sin cos tan cot sec csc 正弦函数sin（A）=a/c 余弦函数cos（A）=b/c 正切函数tan（A）=a/b 余切函数cot（A）=b/a 其中a为对边，b为邻边，c为斜边 三角函数对照表