Privacy and Security Usable Security: How to Get It
Emerging Trends in Usable Security and Privacy
Florian Alt 
and Emanuel von Zezschwitz
From the journal i-com
Abstract
New technologies are constantly becoming part of our everyday life. At the same time, designers and developers still often do not consider the implications of their design choices on security and privacy. For example, new technologies generate sensitive data, enable access to sensitive data, or can be used in malicious ways. This creates a need to fundamentally rethink the way in which we design new technologies. While some of the related opportunities and challenges have been recognized and are being addressed by the community, there is still a need for a more holistic understanding. In this editorial, we will address this by (1) providing a brief historical overview on the research field of 'Usable Security and Privacy'; (2) deriving a number of current and future trends; and (3) briefly introducing the articles that are part of this special issue and describing how they relate to the current trends and what researchers and practitioners can learn from them.
[1] Abdelrahman, Y., Khamis, M., Schneegass, S., and Alt, F. Stay cool! understanding thermal attacks on mobile-based user authentication. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2017), CHI'17, ACM, pp. 3751–3763. Search in Google Scholar [2] Adams, A., Sasse, M. A., and Lunt, P. Making passwords secure and usable. In People and Computers XII. Springer, 1997, pp. 1–19. Search in Google Scholar [3] Alzubaidi, A., and Kalita, J. Authentication of smartphone users using behavioral biometrics. IEEE Communications Surveys Tutorials 18, 3 (thirdquarter 2016), 1998–2026. Search in Google Scholar [4] Buschek, D., De Luca, A., and Alt, F. Improving accuracy, applicability and usability of keystroke biometrics on mobile touchscreen devices. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (New York, NY, USA, 2015), CHI'15, ACM, pp. 1393–1402. Search in Google Scholar [5] Buschek, D., De Luca, A., and Alt, F. Evaluating the influence of targets and hand postures on touch-based behavioural biometrics. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2016), CHI'16, ACM, pp. 1349–1361. Search in Google Scholar [6] Fano, R. M., and Corbató, F. J. Time-sharing on computers. Scientific American 215, 3 (1966), 128–143. Search in Google Scholar [7] Florêncio, D., Herley, C., and Van Oorschot, P. C. Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. In 23rd USENIX Security Symposium (USENIX Security 14) (2014), pp. 575–590. Search in Google Scholar [8] Garfinkel, S., and Lipford, H. R. Usable security: History, themes, and challenges. Synthesis Lectures on Information Security, Privacy, and Trust 5, 2 (2014), 1–124. Search in Google Scholar [9] George, C., Khamis, M., von Zezschwitz, E., Burger, M., Schmidt, H., Alt, F., and Hussmann, H. Seamless and secure vr: Adapting and evaluating established authentication systems for virtual reality. NDSS. Search in Google Scholar [10] Harbach, M., von Zezschwitz, E., Fichtner, A., Luca, A. D., and Smith, M. It's a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In 10th Symposium On Usable Privacy and Security (SOUPS 2014) (Menlo Park, CA, July 2014), USENIX Association, pp. 213–230. Search in Google Scholar [11] Herley, C., Van Oorschot, P. C., and Patrick, A. S. Passwords: If we're so smart, why are we still using them? In International Conference on Financial Cryptography and Data Security (2009), Springer, pp. 230–237. Search in Google Scholar [12] Kuyoro, S., Ibikunle, F., and Awodele, O. Cloud computing security issues and challenges. International Journal of Computer Networks (IJCN) 3, 5 (2011), 247–255. Search in Google Scholar [13] Li, F., Rogers, L., Mathur, A., Malkin, N., and Chetty, M. Keepers of the machines: examining how system administrators manage software updates. In Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security (2019), USENIX Association, pp. 273–288. Search in Google Scholar [14] Muaaz, M., and Mayrhofer, R. Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing 16, 11 (Nov 2017), 3209–3221. Search in Google Scholar [15] Naiakshina, A., Danilova, A., Gerlitz, E., von Zezschwitz, E., and Smith, M. "if you want, i can store the encrypted password": A password-storage field study with freelance developers. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (2019), ACM. Search in Google Scholar [16] Prange, S., von Zezschwitz, E., and Alt, F. Vision: Exploring challenges and opportunities for usable authentication in the smart home. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (2019), IEEE, pp. 154–158. Search in Google Scholar [17] Saltzer, J. H., and Schroeder, M. D. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (1975), 1278–1308. Search in Google Scholar [18] Sasse, M. A., and Flechais, I. Usable security: Why do we need it? how do we get it? O'Reilly, 2005. Search in Google Scholar [19] Schneegass, S., Oualil, Y., and Bulling, A. Skullconduct: Biometric user identification on eyewear computers using bone conduction through the skull. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2016), CHI'16, ACM, pp. 1379–1384. Search in Google Scholar [20] Stobert, E., and Biddle, R. The password life cycle: user behaviour in managing passwords. In 10th Symposium On Usable Privacy and Security (SOUPS 2014) (2014), pp. 243–255. Search in Google ScholarReferences
Published Online: 2020-01-14
Published in Print: 2019-11-18
© 2019 Walter de Gruyter GmbH, Berlin/Boston
Privacy and Security Usable Security: How to Get It
Source: https://www.degruyter.com/document/doi/10.1515/icom-2019-0019/html