IT security has become relevant for a wide range of users and organizations, and a wide range of cryptographic primitives, protocols, and tools have been invented and rolled out. However, even systems that are secure from a technological standpoint can fail to provide the intended security when used incorrectly. Reasons include a mismatch between the user’s capabilities and the system’s requirements (e.g., memorability requirements for password-based authentication), software interfaces ill-adapted for users (e.g., certificate warnings with high false-positive rates), user’s perceptions of systems not matching reality (e.g., misconceptions about public-key cryptography), and more. It is necessary to bridge this gap and make software for IT Security usable in order to bring effective security to everybody.
The main focus of our research lies in the broader field of Usable Security and Privacy, located at the intersection of IT Security and Human Factors. Specific goals of our research include, for example:
- understand how users interact with security software,
- understand how the security and privacy of security software is perceived, and
- adapt security technologies to be better aligned with user’s capabilities and requirements
- invent new schemes that offer better security and usability for users.
Our group is part of the Horst Goertz Institute for IT Security (HGI), part of the Cluster of Excellence CaSa, and involved in the graduate schools SecHuman and NERD.
05.07.2021 – Theodor Schnitzler
Our group has a paper accepted at the Privacy Enhancing Technologies Symposium 2021 (PETS ’21). This publication is joint work with colleagues from New York University:
- Theodor Schnitzler, Shujaat Mirza, Markus Dürmuth, and Christina Pöpper SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data
23.06.2021 – Florian Farke
Our group has two accepted papers at the USENIX Security Symposium 2021 (SSYM ’20). The two publications are joint work with colleagues from The George Washington University, the University of Chicago, and the Max Planck Institute for Security and Privacy:
- Leona Lassak, Annika Hildebrandt, Maximilian Golla, and Blase Ur. „It’s Stored, Hopefully, on an Encrypted Server“: Mitigating Users‘ Misconceptions About FIDO2 Biometric WebAuthn
- Florian Farke, David Balash, Maximilian Golla, Markus Dürmuth, and Adam Aviv. Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google’s My Activity
22.06.2021 – Philipp Markert
Our group has two papers accepted at the Usenix Symposium on Usable Privacy and Security 2021 (SOUPS ’21). The two publications are joint work with colleagues from The George Washington University and the United States Navy:
- Daniel V. Bailey, Philipp Markert, and Adam J. Aviv. „I have no idea what they’re trying to accomplish“ Enthusiastic and Casual Signal Users’ Understanding of Signal PINs
- Collins W. Munyendo, Miles Grant, Philipp Markert, Timothy J. Forman, and Adam J. Aviv. Using a Blocklist to Improve the Security of User Selection of Android Patterns
02.04.2021 – Markus Duermuth
This summer term we offer three lectures and a seminar. Due to the pandemic, all teaching activities take place online, details can be found via the links below.
The Bachelor-Lecture Introduction to Usable Security and Privacy is offered jointly with Prof. Angela Sasse. The Master-Lecture Usable Security and Privacy is likely offered for the last time this semester; it is replaced by the above Bachelor Course.
The lecture IT-Sicherheit für Geistes- und Gesellschaftswissenschaften is offered jointly with Dr. Sven Schaege for a non-technical audience, for example in the „Optionalbereich“, and also as a PhD course for the SecHuman Graduate School.
Our Seminar is open for both Bachelor and Master Students: Bachelor-Seminar Usable Security and Privacy Research and Master-Seminar Usable Security and Privacy Research