skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: A Survey of User Experience in Usable Security and Privacy Research
Today people depend on technology, but often do not take the necessary steps to prioritize privacy and security. Researchers have been actively studying usable security and privacy to enable better response and management. A breadth of research focuses on improving the usability of tools for experts and organizations. Studies that look at non-expert users tend to analyze the experience for a device, software, or demographic. There is a lack of understanding of the security and privacy among average users, regardless of the technology, age, gender, or demographic. To address this shortcoming, we surveyed 47 publications in the usable security and privacy space. The work presented here uses qualitative text analysis to find major themes in user-focused security research. We found that a user’s misunderstanding of technology is central to risky decision-making. Our study highlights trends in the research community and remaining work. This paper contributes to this discussion by generalizing key themes across user experience in usable security and privacy.  more » « less
Award ID(s):
1828010
PAR ID:
10344394
Author(s) / Creator(s):
;
Date Published:
Journal Name:
4th International conference on HCI for Cybersecurity, Privacy, and Trust (HCI-CPT) 2022
Volume:
13333
Page Range / eLocation ID:
154–172
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, SOUPS 2021: USENIX Symposium on Usable Privacy and Security)
    Many studies of mobile security and privacy are, for simplicity, limited to either only Android users or only iOS users. However, it is not clear whether there are systematic differences in the privacy and security knowledge or preferences of users who select these two platforms. Understanding these differences could provide important context about the generalizability of research results. This paper reports on a survey (n=493) with a demographically diverse sample of U.S. Android and iOS users. We compare users of these platforms using validated privacy and security scales (IUIPC-8 and SA-6) as well as previously deployed attitudinal and knowledge questions from Pew Research Center. As a secondary analysis, we also investigate potential differences among users of different smart-speaker platforms, including Amazon Echo and Google Home. We find no significant differences in privacy attitudes of different platform users, but we do find that Android users have more technology knowledge than iOS users. In addition, we find evidence (via comparison with Pew data) that Prolific participants have more technology knowledge than the general U.S. population. 
    more » « less
  2. ; ; ; ; ; (, ACM)
    Plausible deniability in cryptography allows users to deny their participation in a particular communication or the contents of their messages, thereby ensuring privacy. Popular end-to-end encrypted messaging apps employ the Signal protocol, which incorporates message deniability. However, their current user interfaces only allow access to the blunt tool of message deletion. Denying a message requires users to claim that the counterpart in their conversation has the technical sophistication to forge a message when no usable message forgery tools are available. We evaluate a step towards bridging this gap in the form of a new transcript-editing feature implemented within the Signal app which allows each user to maintain an independent, locally-editable transcript of their conversation. We gave users hands-on experience with this app in the context of resolving a social dispute, and measured their ability to understand its implications both technically and ethically. Users find our interface intuitive and can reason about deniability, but are divided by which circumstances for which deniability is appropriate or desirable. We recommend users be given transparent access to choose when their conversations are deniable versus non-repudiable, instead of the status quo of somewhere-in-between. Our study introduces a novel approach by providing hands-on experience and evaluating its usability. This method offers insights into practical deniability implementation and lays the groundwork for future research. 
    more » « less
  3. ; ; ; ; ; ; ; ; (, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies)
    Wireless connectivity is becoming common in increasingly diverse personal devices, enabling various interoperation- and Internet-based applications and services. More and more interconnected devices are simultaneously operated by a single user with short-lived connections, making usable device authentication methods imperative to ensure both high security and seamless user experience. Unfortunately, current authentication methods that heavily require human involvement, in addition to form factor and mobility constraints, make this balance hard to achieve, often forcing users to choose between security and convenience. In this work, we present a novel over-the-air device authentication scheme named AEROKEY that achieves both high security and high usability. With virtually no hardware overhead, AEROKEY leverages ubiquitously observable ambient electromagnetic radiation to autonomously generate spatiotemporally unique secret that can be derived only by devices that are closely located to each other. Devices can make use of this unique secret to form the basis of a symmetric key, making the authentication procedure more practical, secure and usable with no active human involvement. We propose and implement essential techniques to overcome challenges in realizing AEROKEY on low-cost microcontroller units, such as poor time synchronization, lack of precision analog front-end, and inconsistent sampling rates. Our real-world experiments demonstrate reliable authentication as well as its robustness against various realistic adversaries with low equal-error rates of 3.4% or less and usable authentication time of as low as 24 s. 
    more » « less
  4. ; ; (, Lecture notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering)
    In smart grids, two-way communication between end-users and the grid allows frequent data exchange, which on one hand enhances users' experience, while on the other hand increase security and privacy risks. In this paper, we propose an efficient system to address security and privacy problems, in contrast to the data aggregation schemes with high cryptographic overheads. In the proposed system, users are grouped into local communities and trust-based blockchains are formed in each community to manage smart grid transactions, such as reporting aggregated meter reading, in a light-weight fashion. We show that the proposed system can meet the key security objectives with a detailed analysis. Also, experiments demonstrated that the proposed system is efficient and can provide satisfactory user experience, and the trust value design can easily distinguish benign users and bad actors. 
    more » « less
  5. ; ; (, Information and computer security)
    Furnell, Steven (Ed.)
    A huge amount of personal and sensitive data is shared on Facebook, which makes it a prime target for attackers. Adversaries can exploit third-party applications connected to a user’s Facebook profile (i.e., Facebook apps) to gain access to this personal information. Users’ lack of knowledge and the varying privacy policies of these apps make them further vulnerable to information leakage. However, little has been done to identify mismatches between users’ perceptions and the privacy policies of Facebook apps. We address this challenge in our work. We conducted a lab study with 31 participants, where we received data on how they share information in Facebook, their Facebook-related security and privacy practices, and their perceptions on the privacy aspects of 65 frequently-used Facebook apps in terms of data collection, sharing, and deletion. We then compared participants’ perceptions with the privacy policy of each reported app. Participants also reported their expectations about the types of information that should not be collected or shared by any Facebook app. Our analysis reveals significant mismatches between users’ privacy perceptions and reality (i.e., privacy policies of Facebook apps), where we identified over-optimism not only in users’ perceptions of information collection, but also on their self-efficacy in protecting their information in Facebook despite experiencing negative incidents in the past. To the best of our knowledge, this is the first study on the gap between users’ privacy perceptions around Facebook apps and the reality. The findings from this study offer directions for future research to address that gap through designing usable, effective, and personalized privacy notices to help users to make informed decisions about using Facebook apps. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email