Re­se­arch to­pics

A num­ber of se­cu­ri­ty me­cha­nis­ms are well un­ders­tood from a tech­ni­cal point of view, but when ap­p­lied in prac­tice fail due to human fac­tors. Our goal is to con­s­i­der se­cu­ri­ty me­cha­nis­ms spe­ci­fi­cal­ly spe­ci­fi­cal­ly into ac­count the human users that will use them. The fol­lowing pro­jects offer some over­view of spe­ci­fic pro­jects we are in­vol­ved. (For more de­tails see our pu­bli­ca­ti­ons page)

Usa­bi­li­ty of Risk-ba­sed Im­pli­cit Au­then­ti­ca­ti­on

In­ter­net ser­vices have rea­li­zed that pass­words will not be re­pla­ced in the near fu­ture. Thus, they came up with so­lu­ti­ons to rein­force pass­word-ba­sed au­then­ti­ca­ti­on, most­ly by con­s­i­de­ring ad­di­tio­nal fac­tors other than pass­words. Risk-ba­sed au­then­ti­ca­ti­on is used to pro­tect ac­counts if an un­re­co­gni­zed de­vice or an unusu­al sign-in lo­ca­ti­on is de­tec­ted. In such cases, the web­site will ask for ad­di­tio­nal ve­ri­fi­ca­ti­on and no­ti­fy the user via email.

Lon­gi­tu­di­nal Pri­va­cy Ma­nage­ment: Re­vo­ca­ti­on of On­line Data

Once data is pu­blis­hed on the In­ter­net, there is litt­le hope to suc­cess­ful­ly re­mo­ve it at a later point. This ne­ga­tive­ly af­fects a user’s pri­va­cy. We are look­ing at pos­si­bi­li­ties to re­me­dy this pro­blem, com­bi­ning dif­fe­rent views from a tech­no­lo­gi­cal, legal, and so­cio­lo­gi­cal per­spec­tive.

Usa­ble and Se­cu­re On­line Au­then­ti­ca­ti­on

Pass­words are still the most wi­de­ly used form of on­line au­then­ti­ca­ti­on, de­s­pi­te being de­cla­red „dead“ on a re­gu­lar basis. Our goal is to make pass­words more se­cu­re, wi­thout ma­king them har­der to use.

Au­then­ti­ca­ti­on on Mo­bi­le De­vices

Mo­bi­le de­vices offer a quite uni­que set of chal­len­ges for user au­then­ti­ca­ti­on: En­te­ring pass­words or other au­then­ti­ca­ti­on secrets on the small soft-key­boards is cum­ber­so­me at best, but touch­screens are well-sui­ted for gra­phi­cal pass­words. De­vices such as smart-pho­nes and smart-wat­ches offer a rich set of sen­sors, which can enable novel forms of user au­then­ti­ca­ti­on. In this line of work we are in­te­rested in un­der­stan­ding the se­cu­ri­ty and usa­bi­li­ty of the au­then­ti­ca­ti­on me­thods on mo­bi­le de­vices.