IT security has become relevant for a wide range of users and organizations, and a wide range of cryptographic primitives, protocols, and tools have been invented and rolled out. However, even systems that are secure from a technological standpoint can fail to provide the intended security when used incorrectly. Reasons include a mismatch between the user’s capabilities and the system’s requirements (e.g., memorability requirements for password-based authentication), software interfaces ill-adapted for users (e.g., certificate warnings with high false-positive rates), user's perceptions of systems not matching reality (e.g., misconceptions about public-key cryptography), and more. It is necessary to bridge this gap and make software for IT Security usable in order to bring effective security to everybody.
The main focus of our research lies in the broader field of Usable Security and Privacy, located at the intersection of IT Security and Human Factors. Specific goals of our research include, for example:
- understand how users interact with security software,
- understand how the security and privacy of security software is perceived, and
- adapt security technologies to be better aligned with user's capabilities and requirements
- invent new schemes that offer better security and usability for users.
Our group is part of the Horst Goertz Institute for IT Security (HGI), part of the Cluster of Excellence CaSa, and involved in the graduate schools SecHuman and NERD.
02.04.2021 - Markus Duermuth
This summer term we offer three lectures and a seminar. Due to the pandemic, all teaching activities take place online, details can be found via the links below.
The Bachelor-Lecture Introduction to Usable Security and Privacy is offered jointly with Prof. Angela Sasse. The Master-Lecture Usable Security and Privacy is likely offered for the last time this semester; it is replaced by the above Bachelor Course.
The lecture IT-Sicherheit für Geistes- und Gesellschaftswissenschaften is offered jointly with Dr. Sven Schaege for a non-technical audience, for example in the "Optionalbereich", and also as a PhD course for the SecHuman Graduate School.
Our Seminar is open for both Bachelor and Master Students: Bachelor-Seminar Usable Security and Privacy Research and Master-Seminar Usable Security and Privacy Research
30.06.2020 - Theodor Schnitzler
We provide first results of our study exploring privacy perceptions and acceptance of Corona Apps in Germany. We explore how different factors affect users' willingness to use for different types of apps. Read the preprint (in German only) here .
24.05.2020 - Florian Farke
RUB has three papers accepted at the Usenix Symposium on Usable Privacy and Security 2020 (SOUPS'20), and our group is involved in two of them:
- Florian Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth. “You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company
- Raina Samuel, Philipp Markert, Adam J. Aviv, Iulian Neamtiu. Knock, Knock. Who’s There? On the Security of LG’s Knock Codes
01.04.2020 - Philipp Markert
This summer term we offer the lecture Usable Security and Privacy for Master students and the lecture IT-Sicherheit für Geistes- und Gesellschaftswissenschaften. Both lectures will be held online. More information can be found in the respective courses on Moodle which are now open for enrollment.
We also offer the Bachelor-Seminar and Master-Seminar "Usable Security and Privacy Research". Enrollment for this seminar is no longer possible. The Practical Course on Usable Security and Privacy will not be offered this semester.
11.03.2020 - Philipp Markert
Our latest work on the security of 4- and 6-digit PINs and the effect of blacklists is now available online at https://this-pin-can-be-easily-guessed.github.io/ (news coverage can be found in English , ,  and German , , ). The results will be presented at this year's IEEE Symposium on Security and Privacy in San Francisco.Complete article