Article

Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0

August 1999

Authors:

User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. Is this simply due to a failure to apply standard user interface design techniques to security? We argue that, on the contrary, effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. To test this hypothesis, we performed a case study of a security program which does have a good user interface by general standards: PGP 5.0. Our case study used a cognitive walkthrough analysis together with a laboratory user test to evaluate whether PGP 5.0 can be successfully used by cryptography novices to achieve effective electronic mail security. The analysis found a number of user interface design flaws that may contribute to security failures, and the user test demonstrated that when our test participants were g...

The Security & Privacy Acceptance Framework (SPAF)

Book

Jan 2022

Cybersecurity and Privacy (S&P) unlock the full potential of computing. Use of encryption, authentication, and access control, for example, allows employees to correspond with professional colleagues via email with reduced fear of leaking confidential data to competitors or cybercriminals. It also allows, for example, parents to share photos of children with remote loved ones over the Internet with reduced fear of this data reaching the hands of unknown strangers, and anonymous whistleblowers to share information about problematic practices in the workplace with reduced fear of being outed. Conversely, failure to employ appropriate S&P measures can leave people and organizations vulnerable to a broad range of threats. In short, the security and privacy decisions we make on a day-to-day basis determine whether the data we share, manipulate, and store online is protected from theft, surveillance, and exploitation. How can end-users be encouraged to accept recommended S&P behavior from experts? In this monograph, prior art in human-centered S&P is reviewed, and three barriers to end-user acceptance of expert recommendations have been identified. These three barriers make up what we call the “Security & Privacy Acceptance Framework” (SPAF). The barriers are: (1) awareness: i.e., people may not know of relevant security threats and appropriate mitigation measures; (2) motivation: i.e., people may be unwilling to enact S&P behaviors because, e.g., the perceived costs are too high; (3) and, ability: i.e., people may not know when, why, and how to effectively implement S&P behaviors. This monograph also reviews and critically analyzes prior work that has explored mitigating one or more of the barriers that make up the SPAF. Finally, using the SPAF as a lens, discussed is how the human-centered S&P community might re-orient to encourage widespread end-user acceptance of pro-S&P behaviors by employing integrative approaches that address each one of the awareness, motivation, and ability barriers.

The Security & Privacy Acceptance Framework (SPAF)

Article

Jan 2022

A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead

Article

Jun 2022

In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of ‘usable security’ already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of ”usable security and privacy” evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.

Prototyping Usable Privacy and Security Systems: Insights from Experts

Article

Full-text available

Aug 2021

Iterative design, implementation, and evaluation of prototype systems is a common approach in Human-Computer Interaction (HCI) and Usable Privacy and Security (USEC); however, research involving physical prototypes can be particularly challenging. We report on twelve interviews with established and nascent USEC researchers who prototype security and privacy-protecting systems and have published work in top-tier venues. Our interviewees range from professors to senior PhD candidates, and researchers from industry. We discussed their experiences conducting USEC research that involves prototyping, opinions on the challenges involved, and the ecological validity issues surrounding current evaluation approaches. We identify the challenges faced by researchers in this area such as the high costs of conducting field studies when evaluating hardware prototypes, the scarcity of open-source material, and the resistance to novel prototypes. We conclude with a discussion of how the USEC community currently supports researchers in overcoming these challenges and places to potentially improve support.

How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study

Conference Paper

Full-text available

May 2022

For software to be secure in practice, users need to be willing and able to appropriately use security features. These features are usually implemented by software professionals during the software development process (SDP), who may be unable to consider the usability of these mechanisms. While research has made progress in supporting developers in creating secure software products, very little attention has been paid to whether and how these security features are made usable. In a semi-structured interview study with 25 software professionals (software developers, designers, architects), we explored how they and other decision-makers encounter and deal with security and usability during the software development process in their companies. Based on 37 hours of interview recordings, we qualitatively analyzed and investigated 23 distinct development contexts in detail. In addition to individual awareness and factors that directly influence the implementation phase, we identify a high impact of contextual factors, such as stakeholder pressure, presence of expertise, and collaboration culture, and the specific implementation of the SDP on usable security in software products. We conclude our work by highlighting important gaps, such as studying and improving contextual factors that contribute to usable security and discussing potential improvements of the status quo.

Recommender Model for Secure Software Engineering Using Cosine Similarity Measures

Article

Full-text available

Jun 2022

One of the essential components of Recommender Systems in Software Engineering is a static analysis that is answerable for producing recommendations for users. There are different techniques for how static analysis is carried out in recommender systems. This paper drafts a technique for the creation of recommendations using Cosine Similarity. Evaluation of such a system is done by using precision, recall, and so-called Dice similarity coefficient. Ground truth evaluations consisted of using experienced software developers for testing the recommendations. Also, statistical T-test has been applied in comparing the means of the two evaluated approaches. These tests point out the significant difference between the two compared sets.

Love at First Sight? A User Experience Study of Self-Sovereign Identity Wallets

Conference Paper

Apr 2022

Today’s systems for digital identity management exhibit critical security, efficiency, and privacy issues. A new paradigm, called Self-Sovereign Identity (SSI), addresses these shortcomings by equipping users with mobile wallets and empowering them to manage their digital identities. Various companies and governments back this paradigm and promote its development and diffusion. User experience often plays a subordinate role in these efforts, even though it is crucial for user satisfaction and adoption. We thus conduct a comprehensive user experience study of four prominent SSI wallets using a mixed-method approach that involves moderated and remote interviews and the User Experience Questionnaire (UEQ). We find that the examined wallets already provide a decent level of user experience, yet further improvements need to be done. In particular, the examined wallets do not make their novelty and benefits sufficiently apparent to users. Our analysis contributes to user experience research and offers guidance for SSI practitioners.

CoverDrop: Blowing the Whistle Through A News App

Article

Full-text available

Apr 2022

Whistleblowing is hazardous in a world of pervasive surveillance, yet many leading newspapers expect sources to contact them with methods that are either insecure or barely usable. In an attempt to do better, we conducted two workshops with British news organisations and surveyed whistleblowing options and guidelines at major media outlets. We concluded that the soft spot is a system for initial contact and trust establishment between sources and reporters. CoverDrop is a two-way, secure system to do this. We support secure messaging within a news app, so that all its other users provide cover traffic, which we channel through a threshold mix instantiated in a Trusted Execution Environment within the news organisation. CoverDrop is designed to resist a powerful global adversary with the ability to issue warrants against infrastructure providers, yet it can easily be integrated into existing infrastructure. We present the results from our workshops, describe CoverDrop’s design and demonstrate its security and performance.

On the security of instante messaging : towards solutions for multi-device and group applications

Thesis

Dec 2021

Céline Duguey

Secure Instant Messaging applications (such as WhatsApp or Signal) have become unavoidable means of communications in our every day lives. These applications offer desirable security features such as end-to-end encryption, forward and post-compromise security. However, these properties are often limited to one-to-one communications. The purpose of the work presented here is to reach, in the multi device context as well as in group messaging, an optimal level of security, as for the classial one-to-one communications. On the multi-device side, we propose a Multi-Device Instant Messaging protocole, based on the Ratcheted Key exchange used in Signal, and already widely deployed in other applications. On the group side, we are insterested in the Messaging Layer Security (MLS) protocol, which aims at providing a secure group messaging solution. The security of the protocol relies in particular on the possibility for any user to update the group secrets. In its actual design, a flaw appears in this updating process. We propose a solution to secure the update mechanism, using Zero-Knowledge (ZK) technics as building blocks. As a main contribution, we provide two different ZK protocols to prove knowledge of the input of a pseudorandom function implemented as a circuit, given an algebraic commitment of the output and the input.

Why IT Security Needs Therapy

Chapter

Full-text available

Jan 2022

Over the past decade, researchers investigating IT security from a socio-technical perspective have identified the importance of trust and collaboration between different stakeholders in an organisation as the basis for successful defence. Yet, when employees do not follow security rules, many security practitioners attribute this to them being “weak” or “careless”; many employees in turn hide current practices or planned development because they see security as “killjoys” who “come and kill our baby”. Negative language and blaming others for problems are indicators of dysfunctional relationships. We collected a small set of statements from security experts’ about employees to gauge how widespread this blaming is. To understand how employees view IT security staff, we performed a prolific survey with 100 employees (n = 92) from the US & UK, asking them about their perceptions of, and emotions towards, IT security staff. Our findings indicate that security relationships are indeed often dysfunctional. Psychology offers frameworks for identifying relationship and communication flows that are dysfunctional, and a range of interventions for transforming them into functional ones. We present common examples of dysfunctionality, show how organisations can apply those interventions to rebuild trust and collaboration, and establish a positive approach to security in organisations that seizes human potential instead of blaming the human element. We propose Transactional Analysis (TA) and the OLaF questionnaire as measurement tools to assess how organisations deal with error, blame and guilt. We continue to consider possible interventions inspired by therapy such as conditions from individual and group therapy which can be implemented, for example, in security dialogues or the use of humour and clowns. KeywordsHuman factors in IT securityIT security awarenessDysfunctional relationshipSocio-technical systemsInterpersonal communicationTransactional analysisJoint optimisation

SoK: Cryptographic Confidentiality of Data on Mobile Devices

Article

Full-text available

Jan 2022

Mobile devices have become an indispensable component of modern life. Their high storage capacity gives these devices the capability to store vast amounts of sensitive personal data, which makes them a high-value target: these devices are routinely stolen by criminals for data theft, and are increasingly viewed by law enforcement agencies as a valuable source of forensic data. Over the past several years, providers have deployed a number of advanced cryptographic features intended to protect data on mobile devices, even in the strong setting where an attacker has physical access to a device. Many of these techniques draw from the research literature, but have been adapted to this entirely new problem setting. This involves a number of novel challenges, which are incompletely addressed in the literature. In this work, we outline those challenges, and systematize the known approaches to securing user data against extraction attacks. Our work proposes a methodology that researchers can use to analyze cryptographic data confidentiality for mobile devices. We evaluate the existing literature for securing devices against data extraction adversaries with powerful capabilities including access to devices and to the cloud services they rely on. We then analyze existing mobile device confidentiality measures to identify research areas that have not received proper attention from the community and represent opportunities for future research.

SoK: Cryptographic Confidentiality of Data on Mobile Devices

Preprint

Full-text available

Sep 2021

Eight Lightweight Usable Security Principles for Developers

Article

Full-text available

Jan 2022
IEEE SECUR PRIV

A Review of Functional Encryption in IoT Applications

Article

Full-text available

Oct 2022
SENSORS-BASEL

The Internet of Things (IoT) represents a growing aspect of how entities, including humans and organizations, are likely to connect with others in their public and private interactions. The exponential rise in the number of IoT devices, resulting from ever-growing IoT applications, also gives rise to new opportunities for exploiting potential security vulnerabilities. In contrast to conventional cryptosystems, frameworks that incorporate fine-grained access control offer better opportunities for protecting valuable assets, especially when the connectivity level is dense. Functional encryption is an exciting new paradigm of public-key encryption that supports fine-grained access control, generalizing a range of existing fine-grained access control mechanisms. This survey reviews the recent applications of functional encryption and the major cryptographic primitives that it covers, identifying areas where the adoption of these primitives has had the greatest impact. We first provide an overview of different application areas where these access control schemes have been applied. Then, an in-depth survey of how the schemes are used in a multitude of applications related to IoT is given, rendering a potential vision of security and integrity that this growing field promises. Towards the end, we identify some research trends and state the open challenges that current developments face for a secure IoT realization.

Distributed Attestation Revocation in Self-Sovereign Identity

Preprint

Full-text available

Aug 2022

Self-Sovereign Identity (SSI) aspires to create a standardised identity layer for the Internet by placing citizens at the centre of their data, thereby weakening the grip of big tech on current digital identities. However, as millions of both physical and digital identities are lost annually, it is also necessary for SSIs to possibly be revoked to prevent misuse. Previous attempts at designing a revocation mechanism typically violate the principles of SSI by relying on central trusted components. This lack of a distributed revocation mechanism hampers the development of SSI. In this paper, we address this limitation and present the first fully distributed SSI revocation mechanism that does not rely on specialised trusted nodes. Our novel gossip-based propagation algorithm disseminates revocations throughout the network and provides nodes with a proof of revocation that enables offline verification of revocations. We demonstrate through simulations that our protocol adequately scales to national levels.

Can Security Be Decentralised?: The Case of the PGP Web of Trust

Chapter

Full-text available

Jan 2022

Ashwin J. Mathew

The PGP Web of Trust was intended to provide a decentralised trust model for digital security, an alternative to centralised security models that might be subject to government control. Drawing from five years of ethnographic research among cybersecurity engineers into the everyday practice of using the Web of Trust, I critically examine the relationship between security and trust in distributed computing systems. I employ sociological perspectives on trust to examine the distinct roles that decentralised interpersonal trust and centralised assurance structures play in ensuring security in the Web of Trust. I illustrate how the Web of Trust, although designed to evade government control, paradoxically relies upon assurances provided by government-issued documents to validate identity, even while also relying upon interpersonal trust for this purpose. Through my analysis, I offer a framework for thinking about the relationship between centralisation and decentralisation, and between trust and assurance, to ensure security in the design and operation of distributed computing systems.

Recommender System for Software Engineering using SQL Semantic Search

Article

Full-text available

Apr 2022

Recommender Systems are software tools that can assist developers with a wide range of activities, from reusing codes to suggest developers what to do during development of these systems. This paper outlines an approach to generating recommendation using SQL Semantic Search. Performance measurement of this recommender system is conducted by calculating precision, recall and F1-measure. Subjective evaluations consisted of 10 experienced developers for validating the recommendation. A statistical test t-Test is used to compare the means of two approaches of evaluations.

Image DePO: Towards Gradual Decentralization of Online Social Networks using Decentralized Privacy Overlays

Article

Full-text available

Mar 2022

Centralized online social networks --- e.g., Facebook, Twitter and TikTok --- help drive social connection on the Internet, but have nigh unfettered access to monitor and monetize the personal data of their users. This centralization can especially undermine the use of the social internet by minority populations, who disproportionately bear the costs of institutional surveillance. We introduce a new class of privacy-enhancing technology --- decentralized privacy overlays (DePOs) --- that helps cOSN users regain some control over their personal data by allowing them to selectively share secret content on cOSNs through decentralized content distribution networks. As a first step, we present an implementation and user evaluation of Image DePO, a proof-of-concept design probe that allows users to upload and share secret photos on Facebook through the Interplanetary File System peer-to-peer protocol. We qualitatively evaluated Image DePO in a controlled, test environment with 19 queer and Black, Indigenous, (and) Person of Color (BIPOC) participants. We found that while Image DePO could help address the institutional threats with which our participants expressed concern, interpersonal threats were the more salient concern in their decisions to share content. Accordingly, we argue that in order to see widespread use, DePOs must align protection against abstract institutional threats with protection against the more salient interpersonal threats users consider when making specific sharing decisions.

Usable Privacy and Security from the Perspective of Cognitive Abilities

Chapter

Mar 2022

Privacy, Information, and Cybersecurity (PICS) are related properties that have become a concern for more or less everyone. A large portion of the responsibility for PICS is put on the end-user, who is expected to adopt PICS tools, guidelines, and features to stay secure and maintain organizational security. However, the literature describes that many users do not adopt PICS tools and a key reason seems to be usability. This study acknowledges that the usability of PICS tools is a crucial concern and seeks to problematize further by adding cognitive ability as a key usability aspect. We argue that a user’s cognitive abilities determine how the user perceives the usability of PICS tools and that usability guidelines should account for varying cognitive abilities held by different user groups. This paper presents a case study with focus on how cognitive disabilities can affect the usability of PICS tools. Interviews with users with cognitive disabilities as well as usability experts, and experts on cognitive disabilities were conducted. The results suggest that many of the usability factors are shared by all users, cognitive challenges or not. However, cognitive challenges often cause usability issues to be more severe. Based on the results, several design guidelines for the usability of PICS tools are suggested.

“Taking out the Trash”: Why Security Behavior Change requires Intentional Forgetting

Conference Paper

Full-text available

Oct 2021

Security awareness is big business-virtually every organization in the Western world provides some form of awareness or training, mostly bought from external vendors. However, studies and industry reports show that these programs have little to no effect in terms of changing the security behavior of employees. We explain the conditions that enable behavior change, and identify one significant blocker in the implementation phase: not disabling existing (inse-cure) routines-failure to take out the trash-prevents embedding of new (secure) routines. Organizational Psychology offers the paradigm Intentional Forgetting (IF) and associated tools for replacing old (insecure) behaviors with new (secure) ones by identifying and eliminating different cues (sensoric, routine-based, time and space based as well as situational strength cues) that trigger old behavior. We introduce the underlying theory, examples of successful application in safety contexts, and show how its application leads to effective behavior change by reducing the information that needs to be transmitted to employees, and suppressing obsolete routines. CCS Concepts

User Perceptions of Gmail’s Confidential Mode

Article

Full-text available

Jan 2022

Gmail’s confidential mode enables a user to send confidential emails and control access to their content through setting an expiration time and passcode, pre-expiry access revocation, and prevention of email forwarding, downloading, and printing. This paper aims to understand user perceptions and motivations for using Gmail’s confidential mode (GCM). Our structured interviews with 19 Gmail users at UNC Charlotte show that users utilize this mode to share their private documents with recipients and perceive that this mode encrypts their emails and attachments. The most commonly used feature of this mode is the default time expiration of one week, and the least used feature is the pre-expiry access revocation. Our analysis suggests several design improvements.

Trustworthy humans and machines

Chapter

Full-text available

Oct 2021

Meaningful Technologies: How Digital Metaphors Change the Way We Think and Live

Book

Jan 2023

When we click on a picture of a shopping cart it connects a complex set of technologies to represent a simple idea that we’re all familiar with. A heart icon under a photo is understood as an expression of interest or appreciation. Digital metaphors like these are everywhere in our lives, but they aren’t just a clever way to describe technology. Metaphors like “the cloud” are also changing the way we think. They are the linchpin for a constant feedback loop between us and the digital technologies we consume. Meaningful Technologies focuses on the feedback loop between digital metaphors and technology: its meaning, how it changes over time, and how it impacts learning and attention. Uniting approaches from philosophy and the cognitive and computer sciences, the authors examine digital technologies, especially social media and smartphone apps like Facebook, Snapchat, and TikTok to offer a systematic reconsideration of the ways in which digital technologies impact our lives both individually and collectively. Eric Chown is the Sarah and James Bowdoin Professor of Digital and Computational Studies at Bowdoin College. Fernando Nascimento is Assistant Professor in Digital and Computational Studies at Bowdoin College.

File Encryption: PGP

Chapter

Nov 2022

Jörg Schwenk

Pretty Good Privacy (PGP) is well-known in the civil rights community – its author Phil Zimmerman was sued for violating US export controls, and Edward Snowden used PGP to secure his email communication with Glenn Greenwald. This chapter will concentrate on OpenPGP as a universal cryptographic data format. It can be used to encrypt files in an operating system, sign software updates, or communicate securely via email. Like any other cryptographic data format, it has been subject to attacks. Attacks on the data format itself are covered in this chapter, and attacks on OpenPGP-based email encryption are covered in chapter 18.

Unifying Grid and Organizational Security Mechanisms

Chapter

Nov 2009

David Chadwick

The Economics and Behavioral Economics of Privacy

Chapter

Jun 2014

Alessandro Acquisti

Massive amounts of data on human beings can now be analyzed. Pragmatic purposes abound, including selling goods and services, winning political campaigns, and identifying possible terrorists. Yet 'big data' can also be harnessed to serve the public good: scientists can use big data to do research that improves the lives of human beings, improves government services, and reduces taxpayer costs. In order to achieve this goal, researchers must have access to this data - raising important privacy questions. What are the ethical and legal requirements? What are the rules of engagement? What are the best ways to provide access while also protecting confidentiality? Are there reasonable mechanisms to compensate citizens for privacy loss? The goal of this book is to answer some of these questions. The book's authors paint an intellectual landscape that includes legal, economic, and statistical frameworks. The authors also identify new practical approaches that simultaneously maximize the utility of data access while minimizing information risk.

Weaving Privacy and Power: On the Privacy Practices of Labor Organizers in the U.S. Technology Industry

Article

Nov 2022

We investigate the privacy practices of labor organizers in the computing technology industry and explore the changes in these practices as a response to remote work. Our study is situated at the intersection of two pivotal shifts in workplace dynamics: (a) the increase in online workplace communications due to remote work, and (b) the resurgence of the labor movement and an increase in collective action in workplaces-especially in the tech industry, where this phenomenon has been dubbed the tech worker movement. The shift of work-related communications to online digital platforms in response to an increase in remote work is creating new opportunities for and risks to the privacy of workers. These risks are especially significant for organizers of collective action, with several well-publicized instances of retaliation against labor organizers by companies. Through a series of qualitative interviews with 29 tech workers involved in collective action, we investigate how labor organizers assess and mitigate risks to privacy while engaging in these actions. Among the most common risks that organizers experienced are retaliation from their employer, lateral worker conflict, emotional burnout, and the possibility of information about the collective effort leaking to management. Depending on the nature and source of the risk, organizers use a blend of digital security practices and community-based mechanisms. We find that digital security practices are more relevant when the threat comes from management, while community management and moderation are central to protecting organizers from lateral worker conflict. Since labor organizing is a collective rather than individual project, individual privacy and collective privacy are intertwined, sometimes in conflict and often mutually constitutive. Notions of privacy that solely center individuals are often incompatible with the needs of organizers, who noted that safety in numbers could only be achieved when workers presented a united front to management. Based on our interviews, we identify key topics for future research, such as the growing prevalence of surveillance software and the needs of international and gig worker organizers.We conclude with design recommendations that can help create safer, more secure and more private tools to better address the risks that organizers face.

Poster: User-controlled System-level Encryption for all Applications

Conference Paper

Nov 2022

Sigstore: Software Signing for Everybody

Conference Paper

Nov 2022

Cryptography, Trust and Privacy: It's Complicated

Conference Paper

Nov 2022

Design Principles for Actual Security

Conference Paper

Oct 2022

The importance of designing for actual security, i.e., security in practice, is underlined by previous work. However, clear design principles for actual security are missing. This paper reports early work on establishing such design principles based on heuristic evaluations of security-enhancing applications. Seven experts evaluated the actual security of four applications for secure email communication. Based on a qualitative analysis of the experts’ findings, we formulate six design principles for actual security that apply to secure email, secure communication, and other security-enhancing applications.

Distributed Attestation Revocation in Self-Sovereign Identity

Conference Paper

Sep 2022

Capturing drivers’ privacy preferences for intelligent transportation systems: An intercultural perspective

Article

Sep 2022
COMPUT SECUR

While recent research on intelligent transportation systems including vehicular communication systems has focused on technical aspects, little research work has been conducted on drivers’ privacy perceptions and preferences. Understanding the driver’s privacy perceptions and preferences will allow researchers to design usable privacy and identity management systems offering user privacy choices and controls for intelligent transportation systems. We conducted in-depth semi-structured interviews with 17 Swedish drivers to analyse their privacy perceptions and preferences for intelligent transportation systems, particularly for user control and for privacy trade-offs with cost, safety and usability. We also compare our results from the interviews with Swedish drivers with results from interviews that we conducted previously with South African drivers. Our cross-cultural comparison shows that perceived privacy implications, the drivers’ willingness to share location information under certain conditions with other parties, as well as their appreciation of Privacy Enhancing Technologies differ significantly across drivers with different cultural backgrounds. We further discuss the cultural impact on privacy preferences, including those for privacy trade-offs, and the implications of our results for usable privacy-enhancing Identity Management for future vehicular communication systems. In particular, we provide recommendations for suitable pre-defined privacy options to be offered to users with different cultural backgrounds enabling them to easily make privacy-related control choices.

”Do Metaphors Influence the Usability of Access Control?”: A Gamified Survey.

Conference Paper

Sep 2022

A Comparative Study on the User Experience on Using Secure Messaging Tools

Chapter

Sep 2022

Considering the cyber-threats landscape over the past few years, the security community has repeatedly advocated the use of encryption for ensuring the privacy and integrity of the user’s data and communications. As a result, we have witnessed a growth in number and usage of secure messaging tools. End-to-end encryption has been adopted by several existing and popular messaging apps. Email service providers have made efforts to integrate encryption as a core feature rather than treating it as optional. Recently, the pandemic situation has only reinforced this belief, causing us to rethink communication on a global scale, therefore put special emphasis on the security aspect of it. Despite the advances in research on usable security, the majority of these software still violates best practices in UI design and uses ineffective design strategies to communicate and let users control the security status of a message. Prior research indicates that many users have difficulty using encryption tools correctly and confidently. They either lack an understanding of encryption or the knowledge of its features. The paper investigates usable security design guidelines and models that lead to a better user experience for message encryption software. The study includes qualitative and quantitative research methods, conducted on a group of users, to discover the different factors that affect the user experience of encryption in everyday life. In the meantime, it also uncovers issues that current users are facing. Several recommendations and practical guidelines are outlined, these can be used by practitioners to make encryption more usable and thus increase the overall user experience of the software.KeywordsInformation security and privacysecurityEmail securityEncryption

Persistent S/MIME signature in e-mails forwarding

Conference Paper

Feb 2022

Investigating Influencer VPN Ads on YouTube

Conference Paper

May 2022

27 Years and 81 Million Opportunities Later: Investigating the Use of Email Encryption for an Entire University

Conference Paper

May 2022

A Survey of User Experience in Usable Security and Privacy Research

Chapter

Jun 2022

Today people depend on technology, but often do not take the necessary steps to prioritize privacy and security. Researchers have been actively studying usable security and privacy to enable better response and management. A breadth of research focuses on improving the usability of tools for experts and organizations. Studies that look at non-expert users tend to analyze the experience for a device, software, or demographic. There is a lack of understanding of the security and privacy among average users, regardless of the technology, age, gender, or demographic. To address this shortcoming, we surveyed 47 publications in the usable security and privacy space. The work presented here uses qualitative text analysis to find major themes in user-focused security research. We found that a user’s misunderstanding of technology is central to risky decision-making. Our study highlights trends in the research community and remaining work. This paper contributes to this discussion by generalizing key themes across user experience in usable security and privacy.KeywordsCybersecurityHuman factorsInformation securityPrivacyUsability

ParaSight: Enabling Privacy-preserving Sensing Data Sharing via Device-to-device Utterance-based Communication

Conference Paper

Apr 2022

The Emotional Impact of Multi-Factor Authentication for University Students

Conference Paper

Apr 2022

Users’ Expectations About and Use of Smartphone Privacy and Security Settings

Conference Paper

Apr 2022

OUTOPIA: private user discovery on the internet

Conference Paper

Apr 2022

Hybrid password meters for more secure passwords – a comprehensive study of password meters including nudges and password information

Article

Mar 2022

Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectiveness are varied. An extensive literature review revealed that, besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords choices and (b) additional guidance. A between-subjects study was carried out with 645 participants to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This study explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a hybrid password meter, was generally more efficacious than either intervention on its own, on all three metrics. Yet, the type of feedback nudge targeting either the person, the password creation task, or the social context, did not seem to matter much. The meters were nearly equally efficacious. Future work should explore the long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.

Privacy-Enhancing Technologies

Chapter

Full-text available

Jan 2022

Kent Seamons

An increasing amount of sensitive information is being communicated and stored online. Frequent reports of data breaches and sensitive data disclosures underscore the need for effective technologies that users and administrators can deploy to protect sensitive data. Privacy-enhancing technologies can control access to sensitive information to prevent or limit privacy violations. This chapter focuses on some of the technologies that prevent unauthorized access to sensitive information. These technologies include secure messaging, secure email, HTTPS, two-factor authentication, and anonymous communication. Usability is an essential component of a security evaluation because human error or unwarranted inconvenience can render the strongest security guarantees meaningless. Quantitative and qualitative studies from the usable security research community evaluate privacy-enhancing technologies from a socio-technical viewpoint and provide insights for future efforts to design and develop practical techniques to safeguard privacy. This chapter discusses the primary privacy-enhancing technologies that the usable security research community has analyzed and identifies issues, recommendations, and future research directions.

Systematization of Password ManagerUse Cases and Design Paradigms

Conference Paper

Dec 2021

Exploring Usable Security to Improve the Impact of Formal Verification: A Research Agenda

Article

Full-text available

Nov 2021

From Secure to Military-Grade: Exploring the Effect of App Descriptions on User Perceptions of Secure Messaging

Conference Paper

Full-text available

Nov 2021

Although end-to-end encryption (E2EE) is more widely available than ever before, many users remain confused about its security properties. As a result, even users with access to E2EE tools turn to less secure alternatives for sending private information. To investigate these issues, we conducted a 357-participant online user study analyzing how explanations of security impact user perceptions. In a between-subjects design, we varied the terminology used to detail the security mechanism, whether encryption was on by default, and the prominence of security in an app-store-style description page. We collected participants' perceptions of the tool's utility for privacy, security against adversaries, and whether use of the tool would be seen as "paranoid.'' Compared to "secure,'' describing the tool as "encrypted'' or "military-grade encrypted'' increased perceptions that it was appropriate for privacy-sensitive tasks, whereas describing it more precisely as "end-to-end encrypted'' did not. However, "military-grade encrypted'' was also associated with a greater perception of tool use as paranoid. Overall, we find that --- compared to prior work from 2006 --- the social stigma associated with encrypted communication has largely disappeared.

Let’s Create! Automated Certificate Management for End-users

Conference Paper

Sep 2021

Web and Browser Security

Chapter

Oct 2021

Paul C. van Oorschot

We now aim to develop an awareness of what can go wrong on the web, through browser- server interactions as web resources are transferred and displayed to users. When a browser visits a web site, the browser is sent a page (HTML document). The browser renders the document by first assembling the specified pieces and executing embedded executable content (if any), perhaps being redirected to other sites. Much of this occurs without user involvement or understanding. Documents may recursively pull in content from multiple sites (e.g., in support of the Internet’s underlying advertising model), including scripts (active content). Two security foundations discussed in this chapter are the same-origin policy (SOP), and how http traffic is sent over TLS (i.e., https). http proxies and http cookies also play important roles. As representative classes of attacks, we discuss cross-site request forgery, cross-site scripting and sql injection. Many aspects of security from other chapters tie in to web security.

Enhancing warning compliance through alternative product label designs

Article

Full-text available

Jan 1994

Access Control for Collaborative Environments

Article

Full-text available

Jul 1999

Access control is an indispensable part of any information sharing system. Collaborative environments introduce new requirements for access control, which cannot be met by using existing models developed for non-collaborative domains. We have developed a new access control model for meeting these requirements. The model is based on a generalized editing model of collaboration, which assumes that users interact with a collaborative application by concurrently editing its data structures. It associates fine-grained data displayed by a collaborative application with a set of collaboration rights and provides programmers and users a multi-dimensional, inheritance-based scheme for specifying these rights. The collaboration rights include traditional read and write rights and several new rights such as viewing rights and coupling rights. The inheritance-based scheme groups subjects, protected objects, and access rights; allows each component of an access specification to refer to both groups...

Evaluating a multimedia authoring tool

Article

Nov 1997
J Am Soc Inform Sci

We present a detailed case study of a computer scientist learning and using the Cognitive Walkthrough (CW) technique to assess a multimedia authoring tool. We then compare the predictions produced by the analysis to the usability problems actually found in empirical usability tests. In this case, the concepts of Cognitive Walkthrough were learnable by the analyst who had little prior training in psychology or Human-Computer Interaction, flexible enough for the analyst to make reasonable modifications to the technique to fit the design situation, but disappointingly ineffective in predicting actual user problems. We present several hypotheses about the cause of low effectiveness, which suggest that additional knowledge, currently tacit in CW-experts, could be used to improve the technique. In addition, the emergent picture of the process this evaluator went through to produce his analysis sets realistic expectations for other novice analysts who contemplate learning and using Cognitive Walkthroughs. © 1997 John Wiley & Sons, Inc.

The cognitive walkthrough method: A practitioner''s guide

Article

Jun 1994

G safeware: system safety and computers

Article

Jan 1995

N. G. Leveson

Iterative Usability Testing of a Security Application

Article

Oct 1989
Proc Hum Factors Ergon Soc Annu Meet

Clare-marie Karat

This paper reports the results of three iterative usability tests of a security application as it evolved through the application development process and highlights the use of several methodological techniques: 1) reusable color foil prototypes of application panels as an alternative to developing online prototypes during short development cycles, 2) field tests as a complement to laboratory tests, 3) iterative testing of an evolving prototype, and 4) analysis of dollar value of usability work. The techniques used represent an attempt to apply usability engineering to system design (Whiteside, Bennett, and Holtzblatt; 1988) and to provide management with a dollar value estimate of human factors work (Mantei, 1988). Significant improvements in end user performance and satisfaction occurred across the three iterative tests (field prototype test, laboratory prototype test, and laboratory integration test) conducted across 7 months with 27 participants. The product usability objective was met during the third test. By using the reusable foil prototypes of the interface panels, usability staff were able to efficiently and effectively identify problems, make design changes, and retest the panels. The field test furnished unique data necessary to understanding end user issues. Iterative testing provided the opportunity to test the impact of changes made to the interface and a reliability check on previous results. The methodology for computing the value of usability work provided a feasible way of analyzing the cost benefit of the human factors work.

Heuristic Evaluation In Usability Inspection Methods

Article

J. Nielsen

Heuristic Evaluation

Chapter

Jan 1994

Jabok Nielsen

User-Centered Security.

Conference Paper

Jan 1999

Mary Ellen Zurko

We introduce the term user-centered security to refer to security models, mechanisms, systems, and software that have usability as a primary motivation or goal. We discuss the history of usable secure systems, citing both past problems and present studies. We develop three categories for work in user-friendly security: applying usability testing and tech- niques to secure systems, developing security models and mechanisms for user-friendly systems, and considering user needs as a primary design goal at the start of secure system development. We discuss our work on user-centered authoriza- tion, which started with a rules-based authorization engine (MAP) and will continue with Adage. We outline the lessons we have learned to date and how they apply to our future work. We evaluate the pros and cons of this effort, as a precursor to fur- ther work in this area, and include a brief description of our current work in user-centered authorization. As our conclusion points out, we hope to see more work in user-centered security in the future; work that enables users to choose and use the protection they want, that matches their intuitions about security and privacy, and that supports the policies that teams and organizations need and use to get their work done. ~~1~~~1~~~1~~~1~~~1~~~1.

Handbook of Usability Testing: How to Plan, Design, and Conduct Effective Tests, by Jeffrey Rubin.

Article

Jan 1996

Debora Shaw

An analysis of security incidents on the Internet 1989-1995

Article

Jan 1998

John D. Howard

Analyzes trends in Internet security through an investigation of incidents reported to the CERT Coordination Center. Outcomes include a taxonomy for classifying Internet attacks and incidents, analysis of incident records available at the CERT/CC, and recommendations to improve Internet security. Thesis (Ph. D.)--Carnegie Mellon University, 1997. Includes bibliographical references (leaves 243-246). Photocopy.

Handbook of Usability Testing: How to Plan, Design and Conduct Effective Tests

Article

Jan 2008

Jeffrey Rubin

Incluye índice

Usability of Security: A Case Study

Article

Jan 1999

Human factors are perhaps the greatest current barrier to effective computer security. Most security mechanisms are simply too difficult and confusing for the average computer user to manage correctly. Designing security software that is usable enough to be effective is a specialized problem, and user interface design strategies that are appropriate for other types of software will not be sufficient to solve it. In order to gain insight and better define this problem, we studied the usability of PGP 5.0, which is a public key encryption program mainly intended for email privacy and authentication. We chose PGP 5.0 because it has a good user interface by conventional standards, and we wanted to discover whether that was sufficient to enable non-programmers who know little about security to actually use it effectively. After performing both user testing and a cognitive walkthrough analysis, we conclude that PGP 5.0 is not sufficiently usable to provide effective security for most users. In the course of our study, we developed general principles for evaluating the usability of computer security utilities and systems. This study is of interest not only because of the conclusions that we reach, but also because it can serve as an example of how to evaluate the usability of computer security software. This publication was supported by Contract No. 102590-98-C-3513 from the United States Postal Service. The contents of this publication are solely the responsibility of the authors and do not necessarily represent the official views of the United States Postal Service. Keywords: security, human-computer interaction, usability, public key cryptography, electronic mail, PGP. 1.

Evaluating a Multimedia Authoring Tool With Cognitive Walkthrough and Think-Aloud User Studies

Article

Nov 1995

We present a detailed case study, drawn from many information sources, of a computer scientist learning and using Cognitive Walkthrough to assess a multi-media authoring tool. We then compare the predictions produced by the analysis to the usability problems actually found though empirical usability tests. This study results in several clear messages to both system designers and to developers of evaluation techniques: (1) the Cognitive Walkthrough technique is currently learnable and usable, but (2) it may not predict most usability errors found empirically, and (3) several elaborations of the technique might improve its effectiveness. In addition, the emergent picture of the process this evaluator went through to produce his analysis sets realistic expectations for other novice analysts who contemplate learning and using Cognitive Walkthroughs. 1. Introduction Information systems in our networked and multimedia age must be usable by the people they are intended to serve. From the pr...

Why Cryptosystems Fail

Article

May 1998
COMMUN ACM

Ross J. Anderson

Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes. In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way. 1 Introduction Cryptology, the science of code and cipher systems, is used by governments, banks and other organisations to keep information secure. It is a complex subject, and its national security ov...

Compliance Defects in Public-Key Cryptography

Article

Sep 1996

Don Davis

Public-key cryptography has low infrastructural overhead because public-key users bear a substantial but hidden administrative burden. A public-key security system trusts its users to validate each others' public keys rigorously and to manage their own private keys securely. Both tasks are hard to do well, but publickey security systems lack a centralized infrastructure for enforcing users' discipline. A compliance defect in a cryptosystem is such a rule of operation that is both difficult to follow and unenforceable. This paper presents five compliance defects that are inherent in public-key cryptography; these defects make publickey cryptography more suitable for server-to-server security than for desktop applications. 1 Introduction Public-key cryptography is uniquely well-suited to certain parts of a secure global network. It is widely accepted that public-key security systems are easier to administer, more secure, less trustful, and have better geographical reach, than symmetric...

In More Than Screen Deep: Toward Every-Citizen Interfaces to the Nation's Information Infrastructure

Jan 1997

Stephen Kent
Security

Stephen Kent. Security. In More Than Screen Deep: Toward Every-Citizen Interfaces to the Nation's Information Infrastructure. National Academy Press, Washington, D.C., 1997.

PGP: Pretty Good Privacy. O'Reilly and Associates

Jan 1995

Simson Garfinkel

Simson Garfinkel. PGP: Pretty Good Privacy. O'Reilly and Associates, 1995.

User- Centered Security. New Security Paradigms Workshop

Jan 1996

Mary Ellen Zurko
Richard T Simon

Mary Ellen Zurko and Richard T. Simon. User- Centered Security. New Security Paradigms Workshop, 1996.

Threats and Solutions. Presentation to SHARE 86.0

Mar 1996

Matt Bishop
Security

Matt Bishop. UNIX Security: Threats and Solutions. Presentation to SHARE 86.0, March 1996. At http://seclab.cs.ucdavis.edu/ bishop/scriv/1996-share86.pdf.