HCI for Cybersecurity, Privacy and Trust

Despite being one of the most crucial parts of online transactions, the most used authentication system, the username and password system, has shown to be weaker than ever. With the increase of processing power within computers, offline password attacks such as dictionary attacks, rainbow tables, and hash tables have become more effective against divulging account information from stolen databases. This has led to alternative solutions being proposed, such as logging in with a social media account or password managers, which do not replace the password entirely. Graphical alternatives have previously proposed, but none of them have become widely used. In a previous paper we proposed our own alternative called “Grid Authentication”, which would allow users to authenticate using a sequence of clicks on a colored Grid, shown to be resistant against offline password attacks. Now we have implemented and tested Grid Authentication’s memorability and recorded user sentiment data. Participants logged in using a newly created password, an 8-character password randomly generated for them, as well as used Grid Authentication scheme for three days each, once per day. We found that overall, Grid Authentication’s memorability was like a user chosen password, and far superior to the randomly generated 8-character password. We also observed that user’s overall sentiment towards Grid Authentication increased significantly after three days of regular use. Despite this, while sentiment over the system was overall positive, users perceived that they remembered the password more easily, perhaps given hints as to why alternative authentication types have not become widely used.

Codes and passwords are the bane of user experiences: even small mistakes can delay desired activities, causing undue frustration. Work on codes has focused on security instead of people’s ability to enter them error-free. Difficulties observed in a security demonstration motivated this investigation of code transcription difficulty. A pilot study with 33 subjects and a follow-up study with 267 subjects from 24 countries measured performance and preference for codes of varying lengths, patterns, and character sets.We found that, for users of all languages, long codes with alternating consonant - vowel patterns were more accurately transcribed and are preferred over shorter numeric or alphabetic codes. Mixed-case and alphanumeric character sets both increased transcription errors.The proposed CVC6 code design composed of six Consonant-Vowel-Consonant trigrams is faster to enter, more secure, preferred by users, and more impervious to user error when compared to codes typically used for security purposes. An extension integrates error detection and correction, essentially eliminating typos.

Biometric authentication has become popular in modern society. It takes less time and effort for users when compared to conventional password authentication. Furthermore, biometric authentication was considered more secure than password authentication because it was more difficult to steal biometric information when compared to passwords. However, given the development of high-spec cameras and image recognition technology, the risk of the theft of biometric information, such as fingerprints, is increasing. Additionally, biometric authentication exhibits lower and less stable accuracy than that of password authentication. To solve the aforementioned issues, we propose two-factor authentication combining password-input and biometric authentication of the hand. We adopt Leap Motion to measure physical and behavioral features related to hands. Subsequently, a random forest classifier determines whether the hand features belongs to a genuine user. Our authentication system architecture completes the biometric authentication by using a limited amount of data obtained within a few seconds when a user enters a password. The advantage of the proposed method is that it prevents intrusion by biometric authentication even if a password is stolen. Our experimental results for 21 testers exhibit 94.98% authentication accuracy in a limited duration, 2.52 s on an average while inputting a password.

Concern over the decline in Japan’s manufacturing competitiveness has increased in recent years. In particular, falsification of inspection data is a social problem that could undermine Japan’s manufacturing industry, which is founded on a dedication to high quality. Falsification could be prevented by ensuring transparency of the inspection process by visualizing the process. End-to-end visualization facilitates early detection and prevention of various law infractions. In the workplace, visualization requires an efficient low-cost identity-verification method that ensures ease of visual confirmability for product traceability. We previously developed AI-forms, i.e., artificial-intelligence electronic forms, that provides a speech interface as a means of improving the standard work process in workplaces by making operations more efficient and visualizing processes. AI-forms improves production efficiency and visualizes the collected operation records by enhancing the readability and writability of records and handover operations that are not sufficiently supported by traditional electronic forms. To prevent falsification of inspections, it is necessary to use a widely deployed device and verification method in the workplace. We propose an identity-verification method for applying face recognition to AI-forms and developed a smartphone app for AI-forms. Preliminary feasibility testing involving 11 workers in an actual workplace confirmed that identity verification is possible when face recognition is carried out with frontal images of workers who are not wearing face masks. The face-recognition process completed within 0.4 s, enabling workers to seamlessly begin work with AI-forms. Recording both collation photos and worker names during identity verification also made it possible for a human to visually confirm a worker’s identity. Discussion with workers and supervisors after the feasibility tests provided findings for improving our face-recognition app for closer integration of AI-forms and our identity-verification method at arbitrary times.

In our digital world, we have become well acquainted with the login form—username shown in plaintext, password shown in asterisks or dots. This design dates back to the early days of terminal computing, and despite huge changes in nearly every other area, the humble login form remains largely untouched. When coupled with the ubiquity of smartphones, this means we often find ourselves entering complex passwords on a tiny touchscreen keyboard with little or no visual feedback on what is being typed. This paper explores how password masking on mobile devices affects the error rate for password entry. We created an app where users entered selected passwords into masked and unmasked password fields, measuring various metrics such as typing speed, error rate, and number of backspaces. We then did an exploratory analysis of the data. Our findings show that, perhaps unexpectedly, there is no significant difference between masked and unmasked passwords for any of these metrics.

Graphical authentication has been a proposed solution to the usability and memorability issues seen with traditional alphanumeric passwords. However, graphical authentication schemes are often criticized for their susceptibility to Over-the-Shoulder Attacks (OSAs). This research proposes and evaluates Explore-a-Nation (EaN), a unique hybrid authentication scheme that attempts to bridge the gap between graphical authentication passcodes and strong alphanumeric passwords. EaN takes advantage of the known security and efficiency associated with passwords along with the enhanced recognition benefit of graphical schemes. The EaN scheme provides users with a static image consisting of a map wherein an icon passcode path is hidden amongst other distractor icons. Following the icon path allows users to generate their strong password. This study compared our EaN prototype to alphanumeric password standards and to Use Your Illusion (UYI) across the dimensions of efficiency, accuracy, OSA resistance, and subjective usability. User login times for both EaN and UYI met the efficiency usability standards established by alphanumeric passwords. Results for UYI (99%) login accuracy were significantly better than EaN (91%). And, UYI obtained a significantly higher Subjective Usability Survey score than EaN, with both schemes exceeding our usability requirement. Notably, EaN was shown to be resistant to OSAs while UYI was not. We suggest EaN might prove to be an effective next-generation authentication scheme for both frequent and intermittent users.

With the ever growing networking capabilities and services offered to users, attack surfaces have been increasing exponentially, additionally, the intricacy of network architectures has increased the complexity of cyber-defenses, to this end, the use of deception has recently been trending both in academia and industry. Deception enables to create proactive defense systems, luring attackers in order to better defend the systems at hand. Current applications of deception, only rely on static, or low interactive environments. In this paper we present a platform that combines human-computer-interaction, analytics, gamification and deception to lure malicious users into selected traps while piquing their interests. Furthermore we analyse the interactive deceptive aspects of the platform through the addition of a narrative, further engaging malicious users into following a predefined path and deflecting attacks from key network systems.

Data breaches within an organization have many causes. Social engineering attacks, ransom-ware applications and harmful spam email messages are data breach catalysts that are the result of human error. Human error is the leading cause of data breach and is also one of the more difficult factors for an organization to mitigate. Many users are unable to see how their role is impacted by organizational security policy, and therefor see no benefit to abide the policy. When employees use company devices to perform personal tasks, or use personal devices to perform business tasks, lines of ownership can be blurred and important organizational data assets can be put at risk. Training and awareness programs are too often treated as a bandage to fix a wound inflicted by a breach after the fact. If employees were trained effectively, the breach might not have occurred in the first place. This project and accompanying research paper will explore the gamification of the security training and awareness program. By developing role-based game modules to teach secure behavior to all organizational users, incentivizing secure behavior with real rewards that matter to participants and applying the training throughout the year, it can be possible to reinvent security awareness and prevent future data breaches.

Cyber attacks are emerging as problems caused not only by technological aspects but also by human factors neglected when designing interactive systems. In this paper, we show how one of the most popular attacks on the Web, phishing, is very much related to UI aspects and how a wrong UI design determines a greater vulnerability of users. We performed a heuristic evaluation to assess the most recent applications such as browsers and mail clients that adopt warning messages as prevention of phishing attacks. The results highlighted that different aspects of UI should be better designed to limit phishing attacks. In addition, as a prevention of cyber attacks, we described an ongoing work of a questionnaire that aims to make users aware of the risks of cyber attacks.

The most costly cybersecurity incidents for organizations result from the failures of their third parties. This means that organizations should not only invest in their own protection and cybersecurity measures, but also pay attention to that of their business and operational partners. While economic impact and real extent of third parties cybersecurity risks is hard to quantify, decision makers inevitably compare their decisions with other entities in their network. This paper presents a theoretically derived model to analyze the impact of social preferences and other factors on the willingness to cooperate in third party ecosystems. We hypothesize that willingness to cooperate among the organizations in the context of cybersecurity increases following the experience of cybersecurity attacks and increased perceived cybersecurity risks. The effects are mediated by perceived cybersecurity value and moderated by social preferences. These hypotheses are tested using a variance-based structural equation modeling analysis based on feedback from a sample of Norwegian organizations. Our empirical results confirm the strong positive impact of social preferences and cybersecurity attack experience on the willingness to cooperate, and support the reciprocal behavior of cybersecurity decision makers. We further show that more perception of cybersecurity risk and value deter the decision makers to cooperate with other organizations.

With changes in interfaces resulting from the proliferation of IOT devices and new technologies such as self-driving vehicles, user reactions to browser messages may also change. This paper reviews the literature on user reactions to browser warnings, with emphasis on screen size and form factors. The literature indicates that browser warning message design, habituation, awareness of risk and screen size are aspects that effect user perception of risk. This article surveys the findings while noting challenges and proposed solutions to support effective provision of and user compliance with browser security warnings as well as important user study design considerations for future work – in particular, future work on the effect of screen size on user perception of browser warnings.

Several studies have been conducted to determine parenting strategies in the age of digital technology. However, we are not aware of any qualitative research regarding parents’ safety and privacy concerns about their children’s use of smart devices in the home. Given the rise in use of smart devices within the home in general, and among children in particular, we wanted to explore the privacy and safety concerns that parents have about their children’s device use, their experiences using devices with their children, children’s independent use, and restrictions parents place on device use. In this paper, we present findings from an exploratory study of 29 participants through three focus groups and 14 semi-structured interviews. Our study revealed that encouraging device usage may help build familial relationships and foster open communication between parents and children. We also discovered that parents feel it is their responsibility to keep their children from harm when they use smart devices, and that parents do not trust applications, devices, smart device manufacturers or Internet providers to do so. Our findings can help researchers better understand the different device usage scenarios, parents’ concerns about their kids’ device use, and parent-child relationships, which will help them design better tools that encourage parents and children to work together to develop device usage rules and better safety and privacy practices.

Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users often do not know how to make their online interactions secure, which demonstrates an educational need in this area. Gamification has grown in popularity in recent years and has been used to teach people about a range of subjects. This paper presents an exploratory study investigating the use of gamification techniques to educate average users about password security, with the aim of raising overall security awareness. To explore the impact of such techniques, a role-playing quiz application (RPG) was developed for the Android platform to educate users about password security. Results gained from the work highlighted that users enjoyed learning via the use of the password application, and felt they benefitted from the inclusion of gamification techniques. Future work seeks to expand the prototype into a full solution, covering a range of security awareness issues.

Enterprise Resource Planning (ERP) software system is widely used in enterprises as an advanced management system. In recent years, the information security problem of ERP software system has gradually attracted people’s attention. To solve the information security problem of the ERP software system, we first need to pay attention to the untrusted interactive behavior in the ERP software system. Enterprise network users generate a lot of interactive behavior in the process of using ERP system. Untrusted interactive behavior will cause huge damage to the enterprise if they are not identified. Based on this, this paper proposes a method based on Markov chain to identify untrusted interactive behavior of users in the ERP system, Firstly, a series of network user behavior characteristics are constructed based on the log records of ERP system. Then, the hidden Markov model is used to model the behavior of trusted users based on these behavior characteristics. Next, the forward algorithm is used to calculate the probability of a series of observation sequences of trusted users and untrusted users based on the hidden Markov model of trusted users. Finally, the untrusted users are identified by comparing the observation sequence probability set of trusted and untrusted users. The recognition rate of the model for trusted users is 92.64%, and the false positive rate for untrusted users is 0.76%. This result indicates that the model is effective for identifying untrusted interaction behavior.

Information systems support organizations to achieve strategic competitiveness over other organizations and assist senior management in the decision-making process. In addition, they help organizations in timely implementation of projects and effective risk management. A reliable and coherent Information System requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships. The framework is expected to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

Darknet Markets are a hotbed of illicit trade and are difficult for law enforcement to monitor and analyze. Topic Modeling has been a popular method to semantically analyze market listings, but lacks the ability to infer the information-rich visual semantics of images embedded within these listings. In this paper we present a relatively fast method using unsupervised and self-supervised machine learning methods to infer image semantics from large, unstructured multimedia corpora, and demonstrate how it may aid analysts in investigating the content of Darknet Markets.

Enterprises, including military, law enforcement, medical, financial, and commercial organizations, must often share large quantities of data, some potentially sensitive, with many other enterprises. A key issue, the mechanics of data sharing, involves how to precisely and unambiguously specify which data to share with which partner or group of partners. This issue can be addressed through a system of formal data sharing policy definitions and automated enforcement. Several challenges arise when specifying enterprise-level data sharing policies. A first challenge involves the scale and complexity of data types to be shared. An easily understood method is required to represent and visualize an enterprise’s data types and their relationships so that users can quickly, easily, and precisely specify which data types and relationships to share. A second challenge involves the scale and complexity of data sharing partners. Enterprises typically have many partners involved in different projects, and there are often complex hierarchies among groups of partners that must be considered and navigated to specify which partners or groups of partners to include in a data sharing policy. A third challenge is that defining policies formally, given the first two challenges of scale and complexity, requires complex, precise language, but these languages are difficult to use by non-specialists. More useable methods of policy specification are needed. Our approach was to develop a software wizard that walks users through a series of steps for defining a data sharing policy. A combination of innovative and well known methods is used to address these challenges of scale, complexity, and usability.

Web pages may contain various types of sensitive information exposed, such as user login information. Even after these pages have been corrected, the sensitive information, once exposed, can be found through the web history tools. These tools make snapshots of web pages, that is, capture the state of the pages in the most varied periods. Although these tools are widely used, it is not known which web history tool is the most accessed. A method to find out which web history tool is the most accessed is by means of classification using the web analytics technique. Therefore, in view of this scenario, the objective of this work was to classify web history tools through web analysis. The methodology used was the descriptive with quantitative approach. As for the technical procedures, this work is characterized as experimental to verify if the technique of web analysis is able to classify web history tools. The results show that the technique of web analysis produces indicators capable of classifying the web history tools by the total number of accesses received.

This study investigates the feasibility of a tool that allows digital forensics (DF) investigators to efficiently triage device datasets during the collection phase of an investigation. This tool utilises data visualisation techniques to display images found in near real-time to the end user. Findings indicate that participants were able to accurately identify contraband material whilst using this tool, however, classification accuracy dropped slightly with larger datasets. Combined with participant feedback, the results show that the proposed triage method is indeed feasible, and this tool provides a solid foundation for the continuation of further work.

Despite continued maturation since the latter half of the last century, cryptography still bears the vestigial traces of its roots as an arcane art. Cryptographers have abandoned any fondness for obfuscation and turned to the irrevocable properties of mathematics and prime numbers to ensure the privacy of those who would wield their tools. Notwithstanding its apparent modernity, the majority of recent cryptosystems have not enjoyed widespread adoption. Usage is limited primarily to the sophisticated elite who possess the time, interest, and inclination required to understand the behaviour of these systems, if not necessarily their inner workings.While we may find more apt metaphors for conveying the complex properties of ciphers and cryptosystems, the effort behind such ad-hoc approaches will always have to be adapted to suit new algorithms, and will have to contend with their ostensibly simpler plaintext counterparts. mastodon accountt new primitives can continue to be described in terms of progressively more elabortate boxes, locks, and keys, it is difficult to imagine an explanation sufficiently compelling to extend to all those who do not enjoy the luxury of privacy.Modern cryptographers have embraced Kerckhoffs’s principle, that: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge We will argue that this is insufficient, and that a second principle is necessary: A cryptosystem should be secure even if nothing about the system, except the plaintext system it replaces, is familiar to its operator In simpler language, assuming they seek a future in which everyone is able to control the spread of their personal information, those in the field of cryptographic development must create systems which are difficult to misuse.We will present CryptPad, an open-source, browser-based suite of collaborative editors which employs end-to-end-encryption to protect the contents of user documents from passive surveillance, including that of the server operators. It implements familiar façades (login and registration forms, document curation facilities, access control policy definition, and a variety of applications) using a small set of common cryptographic primitives.While the underlying mechanisms of the system are not especially sophisticated, their properties are sufficient to facilitate schemes matching existing user expectations as set by established plaintext platforms. Though we will refer to established systems as the initial results of this design philosophy throughout, our goal is to describe in concrete terms the methodology which continues to shape their development. We will outline the benefits of this paradigm of system design, describe the aspects of various cryptographic algorithms which challenge users and developers alike, and recount the results of our iterative user acceptance testing.We will demonstrate the value of serving an audience which is uninterested in the technical details of the platforms they use, exploring not just the abstract notion of the network effect, but detailing the types of social networks through which we have observed the adoption of the platform. By reframing issues of deployment in this manner, we hope to contribute towards the wider accessibility of cryptographic research beyond the purview of its core constituents. In order to move towards our envisioned future of ubiquitous cryptography, we must dissociate the means of securing information from the experience of doing so.

Security and usability are considered as conflicting goals. Despite the recognition that security and usability conflicts pose a serious challenge to achieve effective security, the review of the state of art identifies many gaps in today’s practices including, (1) failure of security specialists to address usability, as perceived and defined by the human computer interaction (HCI) community, (2) industry’s behavior is being more driven by bug fixing, rather than trying to examine and consider the context and the human experiences in which the bugs occurs, and (3) the lack of HCI skills required for conducting effective user studies. Furthermore, analysis of the existing literature identifies different perceptions concerning the relationship between security and usability. Some researchers have identified existence of trade-offs when it comes to the security and usability conflicts, however, others refer to the trade-offs as mere myths. A four staged process oriented framework to address the security and usability conflict is presented in this paper. The framework governs aspects from identification of the conflicts to elicitation of suitable trade-offs. To support re-use, the outcomes of employing the framework are documented in form of design patterns. A template to standardize documentation of the patterns is also presented along with one example of the usable security patterns.

Computer security incident response is a complex socio-technical environment that provides first line of defense against network intrusions, but struggles to obtain and keep qualified analysts at different levels of response. Practical approaches have focused on the larger skillsets and myriad supply channels for getting more qualified candidates. Research approaches to this problem space have been limited in scope and effectiveness, and may be partially or completely removed from actual security operations environments. As low-level incident response (IR) activities move towards automation, context-based research may provide valuable insights for developing hybrid systems that can both execute IR tasks and coordinate with human analysts. This paper presents insights originating from qualitative research with the analysts who currently perform IR functions, and discusses challenges in performing contextual inquiry in this setting. This article also acts as the first in a series of papers by the authors that translate these findings to hybrid system requirements.

There are a variety of cyber-security challenge tournaments held within the INFOSEC and Hacker communities, which among their benefits help to promote and identify emerging talent. Unfortunately, most of these competitions are rather narrow in reach, being of interest primarily to those enthusiasts who are already well versed in cyber security. To attract a broader pool of younger generation participants requires one to make such events more engaging and intellectually accessible. The way these tournaments are currently conducted and presented to live audiences is rather opaque, if not unintelligible to most who encounter them. This paper presents an ongoing effort to bridge the presentation gap necessary to make cyber security competitions more attractive and accessible to a broader audience. We present the design of a new but familiar model for capturing the interplay, individual achievements, and tactical drama that transpires during one form of cyber security competition. The main user interface and presentation paradigm in this research borrows from those of established e-sports, such as League of Legends and Overwatch. Our motivation is to elevate the current format of cyber security competition events to incorporate design and presentation elements that are informed by techniques that have evolved within the e-sports community. We apply the physics models and battlefield visualizations of virtual world gaming environments in a manner that captures the intellectual challenges, team achievements, and tactical gameplay that occur in a popular form of cyber security tournament, called the Capture The Flag (CTF) competition. Our goal is to make these events intellectually accessible to broader audiences, to engage a broader and more diverse talent pool of competitors, and to increase the awareness and interest in cyber security among the general public.

The importance and perception of privacy varies from one context to the other. However, everyone values his or her privacy to a certain extent. The subjectivity of that value, attitudes, and behaviors would depend on different entangling factors. It is important to understand the motivation that influences human behavior, whether to protect or share their information. In this paper, we aim at understanding the boundaries of privacy, factors influencing information sharing behavior including experiences (reciprocities of privacy), and efforts taken to protect one’s data.We collected data using quantitative (survey/quiz) and qualitative means (focus groups). In the survey/quiz, our results showed that intrusion experience and awareness have a significant correlation between sharing of data. Furthermore, our focus groups results yielded details on influencing factors for privacy reciprocities and tradeoffs. We discuss our results in terms of privacy incentives and factors influencing the sharing behavior of their information. Finally, we highlight the complexity of behavior where intrinsic and extrinsic motivations could clash and result in a dilemma such as the privacy paradox phenomenon.

Faced with an increasing automation of everyday life, users’ trust in autonomous technologies is a key factor for its successful adoption. Automation of processes, at home or in the transport sector, can offer great advantages (e.g., more comfort and safety), however, transferring control from a human to technology is also a serious challenge for users. Hence, in this study, we examined user diverse trust perceptions and evaluations in contextual comparison. An online questionnaire study was conducted (N = 129), focusing on trust in and the intention to use autonomous driving and smart home environments with regard to different user groups. Results reveal that trust was context sensitive: in particular gender and technical affinity influence users’ decision to (dis)trust autonomous technologies. Also, incentives for the usage differed depending on the context. Test environments were perceived as most important incentive for the context of autonomous driving, whereas users strongly appreciated energy efficiency referring to smart home. These results contribute to a deeper understanding of user needs towards the acceptance of autonomous technologies.

We have developed a secure data-providing system for an enriched-integrated service with feedback to providers featuring a verifiable attribute-based keyword search (VABKS). One potential application of the system is the Integrated Broadcast-Broadband (IBB) service, which acquires information related to broadcast programs via broadband networks. One of the services IBB provides is a recommendation service that delivers recommended information matching user preferences (such as TV programs) based on user viewing history. Another application is in mobile environments featuring smart-phone usage, where services based on user location can be suggested. In this study, we propose a secure system that adds the functions of privacy preservation and feedback to providers. Thereby the functions provide increased business benefit to users of the IBB service for mobile usage, and feedback property provides another benefit to the providers of IBB services.

Smart homes are increasingly becoming popular because they make living comfortable, enjoyable, and secure. People can remotely control various aspects of their smart home environments. However, smart home appliances can pose threats to privacy. The reason is that smart appliances collect and store sensitive information, and if hackers gain access to this information, user privacy may be breached. It is difficult for users to constantly monitor and determine which data is sensitive to them and which one is not. Also, a user’s identity can be leaked during sharing of information with different service providers such as health care providers and utility companies. In this paper we address one important privacy issue in smart homes, which is lack of users’ control over their desired privacy. We propose a privacy decision framework which considers this problem. In this framework, active learning (machine learning) technique is used to help users detect sensitive information according to their privacy preferences.

In pay-TV services, content is encrypted and transmitted to subscribers. Each subscriber has a security module that holds a decryption key(s) for the encrypted content. A set-top box or a smart card is often used as the security module. When a subscriber wants to obtain the same services outside the home, the subscriber has to bring the security module. However, even if the security module is a card, it is not easy to take it out because of the structure of TV sets and set-top boxes.As a way of improving current pay-TV services, Ogawa, Tamura, and Hanaoka (OTH17) proposed a system using an attribute-based encryption scheme (ABE). ABE is used to restrict the time and location at which a subscriber can obtain the service.However, OTH17 requires a third trusted party (TTP) for key and ciphertext generation; thus, the TTP knows the time and location of the subscriber. This means that the subscriber’s private information is disclosed to the party.Here, we propose a system that avoids disclosure of private data by adding a multi-party computation (MPC). In addition, MPC makes the TTP unnecessary.

As work becomes increasingly digital, companies store and process more personally identifiable information of their employees. This is typically beneficial for both employees and employers, who take advantage of simplified digital work processes and tools. The problem is that there is typically no opt-out option for employees, and employers can misuse collected data for productiveness tracking and other analyses that might be problematic with regard to privacy. Furthermore, employees oftentimes do not know (lack of transparency) and cannot influence (lack of self-determination) which personally identifiable information the employer collects and uses. As a result, many employees have a variety of privacy concerns. While various online services have recently successfully implemented so-called “privacy dashboards” for their users, comparable services are virtually unknown in the workplace. In this paper, we present employees’ needs and requirements with regard to transparency and self-determination in the company context. The elicitation was based on a requirements model we introduce. We conducted two workshops with participants from four research institutes and one company. The results were compared to the state of the practice and used to build models that serve as a baseline for company privacy dashboards.

Knowledge of personal data enjoys a long history of use in authentication. Given expanding personal data availability, authentication systems are at risk from sharing data online. This study explores the discoverability of the data – specifically, whether individuals tasked with finding the data were able to accurately identify it using public online sources. The location of successfully located data reveals patterns of data availability and demonstrates vulnerabilities of personal data, which inform current and future models of authentication from a human computer interaction (HCI) perspective. Data location suggests the control users exert of their personal data availability in the United States. The impact of personal control is vital to understanding privacy behaviors, human computer interaction around privacy and authentication, building usable authenticators, and providing meaningful advances in security and privacy.

Automation and autonomous systems are becoming increasingly pervasive in society, as are the software systems that control them. There is a need for safe and secure software systems. Automated code repair provides a promising solution. The present research investigates programmers’ perceptions of trustworthiness and trust in automated code repair, how those perceptions and intentions differed from code ostensibly repaired by a human, and the effects of repair transparency. The present research comprises two studies, each with a unique sample. The first sample included inexperienced developers (N = 24), and the second sample included experienced developers (N = 24). Participants were presented with five different pieces of code before and after being repaired by an automated code repair program, and were asked to rate the trustworthiness of the repairs and whether they would endorse using the code. Each study was a 2 × 2 between-subjects design with repeated measures. The first factor manipulated the purported source of the repairs (human vs automated code repair program). The second factor manipulated the transparency of the repairs (deleted vs commented out). Results suggest that inexperienced developers find automated code repair more trustworthy than repairs made by a human. Both experienced and inexperienced developers trusted the human repairer less after reviewing the repairs, but did not significantly differ in their intentions to trust the automated code repair program after reviewing the repairs.

Authentication based on mouse behavior is a guarantee for network information security. But the mouse behavior is affected by the user’s emotions. Therefore, this study aims to analyze the user’s mouse behavior characteristics to measure the identity trust of users under different emotions, and to verify whether there is a significant difference. To achieve this goal, an experiment was conducted. A total of 18 college students participated in this study. The results show that there are differences in the accuracy of authentication based on the user’s mouse sliding behavior in three different emotional states, but the difference is not significant. The average accuracy of authentication under neutral, positive and negative emotions were 83.6%, 80.3% and 81.9%, respectively. The results also show that although the user performs human-computer interaction under different emotions, it will not essentially affect user authentication. Therefore, it can conclude that measuring network user trust via mouse behavior characteristics under different emotions is credible.