IT security has become relevant for a wide range of users and organizations, and a wide range of cryptographic primitives, protocols, and tools have been invented and rolled out. However, even systems that are secure from a technological standpoint can fail to provide the intended security when used incorrectly. Reasons include a mismatch between the user’s capabilities and the system’s requirements (e.g., memorability requirements for password-based authentication), software interfaces ill-adapted for users (e.g., certificate warnings with high false-positive rates), user's perceptions of systems not matching reality (e.g., misconceptions about public-key cryptography), and more. It is necessary to bridge this gap and make software for IT Security usable in order to bring effective security to everybody.

The main focus of our research lies in the broader field of Usable Security and Privacy, located at the intersection of IT Security and Human Factors. Specific goals of our research include, for example:

  • understand how users interact with security software,
  • understand how the security and privacy of security software is perceived, and
  • adapt security technologies to be better aligned with user's capabilities and requirements
  • invent new schemes that offer better security and usability for users.

Our group is part of the Horst Goertz Institute for IT Security (HGI), part of the Cluster of Excellence CaSa, and involved in the graduate schools SecHuman and NERD.


Teaching summer term 2021

02.04.2021 - Markus Duermuth

This summer term we offer three lectures and a seminar. Due to the pandemic, all teaching activities take place online, details can be found via the links below.

The Bachelor-Lecture Introduction to Usable Security and Privacy is offered jointly with Prof. Angela Sasse. The Master-Lecture Usable Security and Privacy is likely offered for the last time this semester; it is replaced by the above Bachelor Course.

The lecture IT-Si­cher­heit für Geis­tes- und Ge­sell­schafts­wis­sen­schaf­ten is offered jointly with Dr. Sven Schaege for a non-technical audience, for example in the "Optionalbereich", and also as a PhD course for the SecHuman Graduate School.

Our Seminar is open for both Bachelor and Master Students: Bachelor-Se­mi­nar Usable Se­cu­ri­ty and Pri­va­cy Research and Mas­ter-Se­mi­nar Usable Se­cu­ri­ty and Pri­va­cy Research

Privacy Perceptions and Acceptance of Corona Apps

30.06.2020 - Theodor Schnitzler

We provide first results of our study exploring privacy perceptions and acceptance of Corona Apps in Germany. We explore how different factors affect users' willingness to use for different types of apps. Read the preprint (in German only) here .

Usenix Symposium on Usable Privacy and Security 2020 (SOUPS'20))

24.05.2020 - Florian Farke

RUB has three papers accepted at the Usenix Symposium on Usable Privacy and Security 2020 (SOUPS'20), and our group is involved in two of them:

Teaching in the Summer Term 2020

01.04.2020 - Philipp Markert

This summer term we offer the lecture Usa­ble Se­cu­ri­ty and Pri­va­cy for Master students and the lecture IT-Si­cher­heit für Geis­tes- und Ge­sell­schafts­wis­sen­schaf­ten. Both lectures will be held online. More information can be found in the respective courses on Moodle which are now open for enrollment.

We also offer the Bachelor-Seminar and Master-Seminar "Usa­ble Se­cu­ri­ty and Pri­va­cy Re­se­arch". Enrollment for this seminar is no longer possible. The Prac­tical Cour­se on Usa­ble Se­cu­ri­ty and Pri­va­cy will not be offered this semester.

This PIN Can Be Easily Guessed

11.03.2020 - Philipp Markert

Our latest work on the security of 4- and 6-digit PINs and the effect of blacklists is now available online at https://this-pin-can-be-easily-guessed.github.io/ (news coverage can be found in English [1], [2], [3] and German [4], [5], [6]). The results will be presented at this year's IEEE Symposium on Security and Privacy in San Francisco.

Complete article

> zum Nachrichtenarchiv