An official website of the United States government
Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods.
more »
« less
This content will become publicly available on August 27, 2026
Document Encryption in Practice: A Comparative Framework and Evaluation
Document files with sensitive information are used across nearly every industry. In recent years, cyberattacks have resulted in millions of sensitive documents being exposed. Although document encryption methods exist, they are often flawed in terms of usability, security, or deployability. We present a structured framework for evaluating document encryption methods, adapting the usability-deployability-security ("UDS") model to the document encryption context. We apply this framework to compare current methods, performing a comprehensive evaluation of nine document protection methods, including password-based, passwordless, and cloud-based approaches. Our analysis across 15 design properties highlights the benefits and limitations of current methods. We propose strategies and design recommendations to address key limitations such as memory-wise effort, granular protection, and shareability.
more »
« less
- Award ID(s):
- 2336409
- PAR ID:
- 10657271
- Publisher / Repository:
- ACM
- Date Published:
- Page Range / eLocation ID:
- 1 to 4
- Subject(s) / Keyword(s):
- Document encryption, Secure document engineering, Security and usability.
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods.more » « less
-
Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods.more » « less
-
Despite the increasing attention and research effort, how to protect sensitive information from shoulder surfing attacks is still under studied. Existing methods for protecting sensitive textual content on users' screens from shoulder surfing attacks have various limitations, including ineffectiveness, insufficient protection of sensitive information, low usability, and high cognitive workload. To address those limitations, this paper proposes, develops, and evaluates a new solution called "detection and labeling" (D&L), which uses NLP techniques to automatically detect and label sensitive information in the textual content. The labeled and hidden sensitive information is then read to users through their headphones upon their clicking a label. Evaluation results demonstrate that D&L improves protection, enhances usability, reduces users’ cognitive workload, and allows faster browsing speed compared to the baseline methods.more » « less
-
Logic encryption is a powerful hardware protection technique that uses extra key inputs to lock a circuit from piracy or unauthorized use. The recent discovery of the SAT-based attack with Distinguishing Input Pattern (DIP) generation has rendered all traditional logic encryptions vulnerable, and thus the creation of new encryption methods. However, a critical question for any new encryption method is whether security against the DIP-generation attack means security against all other attacks. In this paper, a new high-level SAT-based attack called SigAttack has been discovered and thoroughly investigated. It is based on extracting a key-revealing signature in the encryption. A majority of all known SAT-resilient encryptions are shown to be vulnerable to SigAttack. By formulating the condition under which SigAttack is effective, the paper also provides guidance for the future logic encryption design.more » « less
