Project

User Experience Aspects of Security and Privacy

Goal: This interdisciplinary project is situated at the intersection of Human-Computer Interaction (HCI) and security. We apply concepts and methods from UX to the field of security with the aim of understanding which factors contribute to perceived security and trust, using these insights to provide actionable design recommendations for safer technologies in various contexts including encryption, e-voting and private browsing.

Updates
0 new
0
Recommendations
0 new
0
Followers
0 new
13
Reads
0 new
79

Project log

Carine Lallemand
added 3 research items
This paper presents a mobile application for vote-casting and vote-verification based on the Selene e-voting protocol and explains how it was developed and implemented using the User Experience Design process. The resulting interface was tested with 38 participants, and user experience data was collected via questionnaires and semi-structured interviews on user experience and perceived security. Results concerning the impact of displaying security mechanisms on UX were presented in a complementary paper [7]. Here we expand on this analysis by studying the mental models revealed during the interviews and compare them with theoretical security notions. Finally, we propose a list of improvements for designs of future voting protocols.
Privacy is a timely topic that is increasingly scrutinized in the public eye. In spite of privacy and security breaches, people still frequently compromise their privacy in exchange for certain benefits of a technology or a service. This study builds on both technology acceptance (TA) and User Experience (UX) research in order to explore and build hypotheses regarding additional dimensions that might play a role in the acceptability of privacy tradeoffs that are not currently accounted for in TA models. Using four scenarios describing situations with potential privacy trade-offs, we conducted a focus group study with 8 groups of participants (N = 32). Our results suggest that factors influencing privacy trade-offs go beyond existing TA factors alone. A technology's perceived usefulness plays an important role, as well as dimensions related to context, previous experiences, perceived autonomy and the feeling of control over the data being shared.
Verena Distler
added a research item
When communication about security to end users is ineffective, people frequently misinterpret the protection offered by a system. The discrepancy between the security users perceive a system to have and the actual system state can lead to potentially risky behaviors. It is thus crucial to understand how security perceptions are shaped by interface elements such as text-based descriptions of encryption. This article addresses the question of how encryption should be described to non-experts in a way that enhances perceived security. We tested the following within-subject variables in an online experiment (N=309): a) how to best word encryption, b) whether encryption should be described with a focus on the process or outcome, or both c) whether the objective of encryption should be mentioned d) when mentioning the objective of encryption, how to best describe it e) whether a hash should be displayed to the user. We also investigated the role of context (between subjects). The verbs "encrypt" and "secure" performed comparatively well at enhancing perceived security. Overall, participants stated that they felt more secure not knowing about the objective of encryption. When it is necessary to state the objective, positive wording of the objective of encryption worked best. We discuss implications and why using these results to design for perceived lack of security might be of interest as well. This leads us to discuss ethical concerns, and we give guidelines for the design of user interfaces where encryption should be communicated to end users.
Verena Distler
added a research item
An unsolved debate in the field of usable security concerns whether security mechanisms should be visible, or black-boxed away from the user for the sake of usability. However, tying this question to pragmatic usability factors only might be simplistic. This study aims at researching the impact of displaying security mechanisms on User Experience (UX) in the context of e-voting. Two versions of an e-voting application were designed and tested using a between-group experimental protocol (N=38). Version D displayed security mechanisms, while version ND did not reveal any security-related information. We collected data on UX using standardised evaluation scales and semi-structured interviews. Version D performed better overall in terms of UX and need fulfilment. Qualitative analysis of the interviews gives further insights into factors impacting perceived security. Our study adds to existing research suggesting a conceptual shift from usability to UX and discusses implications for designing and evaluating secure systems.
Verena Distler
added a project goal
This interdisciplinary project is situated at the intersection of Human-Computer Interaction (HCI) and security. We apply concepts and methods from UX to the field of security with the aim of understanding which factors contribute to perceived security and trust, using these insights to provide actionable design recommendations for safer technologies in various contexts including encryption, e-voting and private browsing.