A User-Centered Model for Usable Security and Privacy

AbstractNew technologies are constantly becoming part of our everyday life. At the same time, designers and developers still often do not consider the implications of their design choices on security and privacy. For example, new technologies generate sensitive data, enable access to sensitive data, or can be used in malicious ways. This creates a need to fundamentally rethink the way in which we design new technologies. While some of the related opportunities and challenges have been recognized and are being addressed by the community, there is still a need for a more holistic understanding. In this editorial, we will address this by (1) providing a brief historical overview on the research field of ‘Usable Security and Privacy’; (2) deriving a number of current and future trends; and (3) briefly introducing the articles that are part of this special issue and describing how they relate to the current trends and what researchers and practitioners can learn from them.

Download Full-text

Privacy Enhancing Keyboard: Design, Implementation, and Usability Testing

Wireless Communications and Mobile Computing ◽

10.1155/2017/3928261 ◽

2017 ◽

Vol 2017 ◽

pp. 1-15 ◽

Cited By ~ 1

Author(s):

Zhen Ling ◽

Melanie Borgeest ◽

Chuta Sano ◽

Jazmyn Fuller ◽

Anthony Cuomo ◽

...

Keyword(s):

Critical Role ◽

Usability Testing ◽

Security And Privacy ◽

Context Aware ◽

Usable Security ◽

Two Stage ◽

Input Method ◽

Input Text ◽

Inference Attacks ◽

Google Play

To protect users from numerous password inference attacks, we invent a novel context aware privacy enhancing keyboard (PEK) for Android touch-based devices. Usually PEK would show a QWERTY keyboard when users input text like an email or a message. Nevertheless, whenever users enter a password in the input box on his or her touch-enabled device, a keyboard will be shown to them with the positions of the characters shuffled at random. PEK has been released on the Google Play since 2014. However, the number of installations has not lived up to our expectation. For the purpose of usable security and privacy, we designed a two-stage usability test and performed two rounds of iterative usability testing in 2016 and 2017 summer with continuous improvements of PEK. The observations from the usability testing are educational: (1) convenience plays a critical role when users select an input method; (2) people think those attacks that PEK prevents are remote from them.

Download Full-text

Designing and evaluating usable security and privacy technology

Proceedings of the 5th Symposium on Usable Privacy and Security - SOUPS '09 ◽

10.1145/1572532.1572554 ◽

2009 ◽

Cited By ~ 2

Author(s):

M. Angela Sasse ◽

Clare-Marie Karat ◽

Roy Maxion

Keyword(s):

Security And Privacy ◽

Usable Security

Download Full-text

Reflections on U-PriSM 2

International Journal of Mobile Human Computer Interaction ◽

10.4018/ijmhci.2014040106 ◽

2014 ◽

Vol 6 (2) ◽

pp. 73-78

Author(s):

Sonia Chiasson ◽

Heather Crawford ◽

Serge Egelman ◽

Pourang Irani

Keyword(s):

Mobile Devices ◽

User Interfaces ◽

Personal Information ◽

Third Party ◽

Security And Privacy ◽

Sensor Data ◽

Usable Security ◽

Security Risks ◽

Privacy And Security ◽

Novice Users

The Second Usable Privacy and Security for Mobile Devices Workshop (U-PriSM 2) was co-located with MobileHCI'13 in Munich, Germany. The U-PriSM 2 was an opportunity for researchers and practitioners to discuss research challenges and experiences around the usable privacy and security of mobile devices (smartphones and tablets). Security and privacy often involve having non-security experts, or even novice users, regularly making important decisions while their main focus is on other primary tasks. This is especially true for mobile devices where users can quickly and easily install apps, where user interfaces are minimal due to space constraints, and where users are often distracted by their environment. Likewise, mobile devices present unique privacy and security risks because they allow third-party applications access to personal information and sensor data. The amount and sensitivity of such personally identifying information is likely to increase as device functionality increases. The convergence of these factors means that improvements to security and privacy provisions on mobile devices are becoming increasingly important. Workshop participants had a chance to explore mobile device usage and the unique usable security and privacy challenges that arise, discuss proposed systems and ideas that address these needs, and work towards the development of design principles to inform future development in the area.

Download Full-text