Logo des Repositoriums

Auflistung nach Schlagwort "usable security"

1 - 7 von 7
  • Konferenzbeitrag
    Design Considerations for Usable Authentication in Smart Homes
    (Mensch und Computer 2021 - Tagungsband, 2021) Prange, Sarah; George, Ceenu; Alt, Florian
    Smart home devices are on the rise. To provide their rich variety of features, they collect, store and process a considerable amount of (potentially sensitive) user data. However, authentication mechanisms on such devices a) have limited usability or b) are nonexisting. To close this gap, we investigated, on one hand, users’ perspectives towards potential privacy and security risks as well as how they imagine usable authentication mechanisms in future smart homes. On the other hand, we considered security experts’ perspectives on authentication for smart homes. In particular, we conducted semi-structured interviews (N=20) with potential smart home users using the story completion method and a focus group with security experts (N=10). We found what kind of devices users would choose and why, potential challenges regarding privacy and security, and potential solutions. We discussed and verified these with security experts. We derive and reflect on a set of design implications for usable authentication mechanisms for smart homes and suggest directions for future research. Our work can assist designers and practitioners when implementing appropriate security mechanisms for smart homes.
  • Konferenzbeitrag
    Heuristics and Models for Evaluating the Usability of Security Measures
    (Mensch und Computer 2019 - Tagungsband, 2019) Feth, Denis; Polst, Svenja
    Security mechanisms are nowadays part of almost every software. At the same time, they are typically sociotechnical and require involvement of end users to be effective. The usability of security measures is thus an essential factor. Despite this importance, this aspect often does not receive the necessary attention, for example due to short resources like time, budget, or usability experts. In the worst-case, users reject or circumvent even strong security measures and technically secure systems become insecure. To tackle the problem of unusable security measures, we developed a heuristics-based usability evaluation and optimization approach for security measures. In order to make heuristics applicable also for non-usability experts, we enrich them with information from a joint model for usability and security. In particular, this approach allows developers and administrators to perform usability evaluations and thus enables an early tailoring to the user, complementary to expert or user reviews. In this paper, we present our approach, including an initial set of heuristics, a joint model for usability and security and a set of mapping rules that combine heuristics and model. We evaluated the applicability of our approach, which we present in this paper.
  • Workshopbeitrag
    Inclusive Security by Design
    (Mensch und Computer 2022 - Workshopband, 2022) Knierim, Pascal; Prange, Sarah; Feger, Sebastian; Schneegaß, Stefan; Sasse, Angela; Bayerl, Dominik; Hof, Hans-Joachim; Alt, Florian
    With the digital transformation touching all aspects of people’s lives, digital security practices and shortcomings increasingly affect the physical world, with substantial consequences for human quality of life. The way digital security is currently designed is a significant barrier for many users. It creates negative user experiences and makes many people dependent on others to participate in the digital world safely. Understanding, controlling, and acting on digital security aspects is key to a self-determined life. Collaborative research is required to address this important challenge that could bring the digital transformation to a halt. This workshop aims to bring together researchers from the human-computer-interaction and security communities to build an understanding of technical and social requirements for inclusive security.
  • Workshopbeitrag
    Take Your Security and Privacy Into Your Own Hands! Why Security and Privacy Assistants Should be Tangible
    (Mensch und Computer 2021 - Workshopband, 2021) Delgado Rodriguez, Sarah; Prange, Sarah; Alt, Florian
    In the era of ubiquitous computing, users security and privacy is at risk at almost all times. Security and privacy assistants support their users in becoming aware of these risks and taking the appropriate measures to protect their data. However, they often suffer from being too complex, not intuitive and non-engaging. Hence, in order to truly enable less tech-savvy or inexperienced persons to use security and privacy assistants, we argue that such mechanisms must become tangible in the future.
  • Workshopbeitrag
    Towards informed choices: A decision model for adaptive warnings in self-sovereign identity
    (Mensch und Computer 2023 - Workshopband, 2023) Ebert, Sarah; Krauß, Anna-Magdalena; Anke, Jürgen
    In today’s digital age, safeguarding personal information has become crucial due to widespread data exchange and processing. Self-Sovereign Identity (SSI) empowers individuals to manage their digital identities themselves. To protect their privacy, users should be enabled to make informed decisions when sharing their data. To facilitate this, a decision model is proposed in this paper, aiming todetermine the appropriate threat level for data requests in SSI applications. For that, we used the General Data Protection Regulation (GDPR) as basis to identify several influencing factors. These factors were grouped into partial models such as the trustworthiness of the requesting party, the legitimacy of the request, and the value of that data. The decision model combines the results from these partial decision models to assign one of the three threat levels: low, medium, or high. In the future, this model has the potential to be integrated into SSI applications, enabling automatic assessment of requests for data and thus empower users to make informed decisions about sharing their data.
  • Workshopbeitrag
    Using hash visualization for real-time user-governed password validation
    (Mensch und Computer 2019 - Workshopband, 2019) Fietkau, Julian; Balthasar, Mandy
    Building upon work by Perrig & Song [21], we propose a novel hash visualization algorithm and examine its usefulness for user-governed password validation in real time. In contrast to network-based password authentication and the best practices for security which have been developed with that paradigm in mind, we are concerned with use cases that require user-governed password validation in nonnetworked untrusted contexts, i.e. to allow a user to verify that they have typed their password correctly without ever storing a record of the correct password between sessions (not even a hash). To that end, we showcase a newly designed hash visualization algorithm named MosaicVisualHash and describe how hash visualization algorithms can be used to perform user-governed password validation. We also provide a set of design recommendations for systems where hash visualization for password validation is performed in real time, i.e. as the user is in the process of typing their password.
  • Zeitschriftenartikel
    VPID: Towards Vein Pattern Identification Using Thermal Imaging
    (i-com: Vol. 18, No. 3, 2019) Faltaous, Sarah; Liebers, Jonathan; Abdelrahman, Yomna; Alt, Florian; Schneegass, Stefan
    Biometric authentication received considerable attention lately. The vein pattern on the back of the hand is a unique biometric that can be measured through thermal imaging. Detecting this pattern provides an implicit approach that can authenticate users while interacting. In this paper, we present the Vein-Identification system, called VPID. It consists of a vein pattern recognition pipeline and an authentication part. We implemented six different vein-based authentication approaches by combining thermal imaging and computer vision algorithms. Through a study, we show that the approaches achieve a low false-acceptance rate (“FAR”) and a low false-rejection rate (“FRR”). Our findings show that the best approach is the Hausdorff distance-difference applied in combination with a Convolutional Neural Networks (CNN) classification of stacked images.