A number of security mechanisms are well understood from a technical point of view, but when applied in practice fail due to human factors. Our goal is to consider security mechanisms specifically specifically into account the human users that will use them. The following projects offer some overview of specific projects we are involved. (For more details see our publications page)
Usable and secure online authentication
Passwords are still the most widely used form of online authentication, despite being declared "dead" on a regular basis. Our goal is to make passwords more secure, without making them harder to use.
- [Who are you? A statistical approach to measuring user authenticity; NDSS 2016]
- [Adaptive password-strength meters from Markov models; CCS 2012]
Authentication on mobile devices
Mobile devices offer a quite unique set of challenges for user authentication: Entering passwords or other authentication secrets on the small soft-keyboards is cumbersome at best, but touchscreens are well-suited for graphical passwords. Devices such as smart-phones and smart-watches offer a rich set of sensors, which can enable novel forms of user authentication. In this line of work we are interested in understanding the security and usability of the authentication methods on mobile devices.
- [Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns; CCS 2013]
- [On User Choice for Android Unlock Patterns; EuroUSec 2016]
Privacy of self-published data: Revocation of online data
Once data is published on the Internet, there is little hope to successfully remove it at a later point. This negatively affects a user's privacy. We are looking at possibilities to remedy this problem, combining different views from a technological, legal, and sociological perspective.
- [Neuralyzer: Flexible Expiration Times for the Revocation of Online Data; CODASPY 2016]