Security Systems

会議の名前
CHI 2024
Is a Trustmark and QR Code Enough? The Effect of IoT Security and Privacy Label Information Complexity on Consumer Comprehension and Behavior
要旨

The U.S. Government is developing a package label to help consumers access reliable security and privacy information about Internet of Things (IoT) devices when making purchase decisions. The label will include the U.S. Cyber Trust Mark, a QR code to scan for more details, and potentially additional information. To examine how label information complexity and educational interventions affect comprehension of security and privacy attributes and label QR code use, we conducted an online survey with 518 IoT purchasers. We examined participants' comprehension and preferences for three labels of varying complexities, with and without an educational intervention. Participants favored and correctly utilized the two higher-complexity labels, showing a special interest in the privacy-relevant content. Furthermore, while the educational intervention improved understanding of the QR code’s purpose, it had a modest effect on QR scanning behavior. We highlight clear design and policy directions for creating and deploying IoT security and privacy labels.

著者
Claire C. Chen
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Dillon Shu
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Hamsini Ravishankar
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Xinran Li
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Yuvraj Agarwal
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Lorrie Faith. Cranor
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
論文URL

https://doi.org/10.1145/3613904.3642011

動画
I see an IC: A Mixed-Methods Approach to Study Human Problem-Solving Processes in Hardware Reverse Engineering
要旨

Trust in digital systems depends on secure hardware, often assured through Hardware Reverse Engineering (HRE). This work develops methods for investigating human problem-solving processes in HRE, an underexplored yet critical aspect. Since reverse engineers rely heavily on visual information, eye tracking holds promise for studying their cognitive processes. To gain further insights, we additionally employ verbal thought protocols during and immediately after HRE tasks: Concurrent and Retrospective Think Aloud. We evaluate the combination of eye tracking and Think Aloud with 41 participants in an HRE simulation. Eye tracking accurately identifies fixations on individual circuit elements and highlights critical components. Based on two use cases, we demonstrate that eye tracking and TA can complement each other to improve data quality. Our methodological insights can inform future studies in HRE, a specific setting of human-computer interaction, and in other problem-solving settings involving misleading or missing information.

著者
René Walendy
Ruhr University Bochum, Bochum, Germany
Markus Weber
Ruhr University Bochum, Bochum, Germany
Jingjie Li
University of Edinburgh, Edinburgh, United Kingdom
Steffen Becker
Ruhr University Bochum, Bochum, Germany
Carina Wiesen
Ruhr University Bochum, Bochum, Germany
Malte Elson
University of Bern, Bern, Switzerland
Younghyun Kim
University of Wisconsin-Madison, Madison, Wisconsin, United States
Kassem Fawaz
University of Wisconsin-Madison, Madison, Wisconsin, United States
Nikol Rummel
Ruhr University Bochum, Bochum, Germany
Christof Paar
Max Planck Institute for Security and Privacy, Bochum, Germany
論文URL

https://doi.org/10.1145/3613904.3642837

動画
Mental Models, Expectations and Implications of Client-Side Scanning: An Interview Study with Experts
要旨

Client-Side Scanning (CSS) is discussed as a potential solution to contain the dissemination of child sexual abuse material (CSAM). A significant challenge associated with this debate is that stakeholders have different interpretations of the capabilities and frontiers of the concept and its varying implementations. In this paper, we explore stakeholders' understandings of the technology and the expectations and potential implications in the context of CSAM by conducting and analyzing 28 semi-structured interviews with a diverse sample of experts. We identified mental models of CSS and the expected challenges. Our results show that CSS is often a preferred solution in the child sexual abuse debate due to the lack of an alternative. Our findings illustrate the importance of further interdisciplinary discussions to define and comprehend the impact of CSS usage on society, particularly vulnerable groups such as children.

著者
Divyanshu Bhardwaj
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Carolyn Guthoff
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Adrian Dabrowski
CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
Sascha Fahl
CISPA Helmholtz Center for Information Security, Hannover, Germany
Katharina Krombholz
Saarland Informatics Campus, Saarbrücken, Germany
論文URL

https://doi.org/10.1145/3613904.3642310

動画
VeriSMS: A Message Verification System for Inclusive Patient Outreach against Phishing Attacks
要旨

Patient outreach enables timely communication between patients and healthcare providers but is vulnerable to phishing/spoofing attacks. In this paper, we work with a U.S.-based healthcare provider to design an inclusive method to address this threat. We present VeriSMS which allows patients to call a voice agent to verify whether the received (sensitive) messages are indeed sent by their healthcare provider. We design the system to be inclusive: it is accessible to patients who only have access to SMS and phone call capabilities. We perform a two-part user study to refine the system design (N=15) and confirm users can correctly understand the system and use it to identify spoofed/phishing messages (N=35). A key insight from our study is to not exclusively optimize for strong security but to tailor the designs based on user habits. Our result confirms the effectiveness and usability of VeriSMS and its ability to significantly increase adversaries' costs.

著者
Chenkai Wang
University of Illinois at Urbana-Champaign, Urbana, Illinois, United States
Zhuofan Jia
University of Illinois at Urbana-Champaign, Urbana, Illinois, United States
Hadjer Benkraouda
University of Illinois at Urbana-Champaign, Urbana, Illinois, United States
Cody Zevnik
OSF Healthcare, Peoria, Illinois, United States
Nicholas Heuermann
OSF Healthcare, Peoria, Illinois, United States
Roopa Foulger
OSF Healthcare, Peoria, Illinois, United States
Jonathan A.. Handler
OSF Healthcare, Peoria, Illinois, United States
Gang Wang
University of Illinois at Urbana-Champaign, Urbana, Illinois, United States
論文URL

https://doi.org/10.1145/3613904.3642027

動画
SkullID: Through-Skull Sound Conduction based Authentication for Smartglasses
要旨

This paper investigates the use of through-skull sound conduction to authenticate smartglass users. We mount a surface transducer on the right mastoid process to play cue signals and capture skull-transformed audio responses through contact microphones on various skull locations. We use the resultant bio-acoustic information as classification features. In an initial single-session study (N=25), we achieved mean Equal Error Rates (EERs) of 5.68% and 7.95% with microphones on the brow and left mastoid process. Combining the two signals substantially improves performance (to 2.35% EER). A subsequent multi-session study (N=30) demonstrates EERs are maintained over three recalls and, additionally, shows robustness to donning variations and background noise (achieving 2.72% EER). In a follow-up usability study over one week, participants report high levels of usability (as expressed by SUS scores) and that only modest workload is required to authenticate. Finally, a security analysis demonstrates the system's robustness to spoofing and imitation attacks.

著者
Hyejin Shin
Samsung Research, Seoul, Korea, Republic of
Jun Ho Huh
Samsung Research, Seoul, Korea, Republic of
Bum Jun Kwon
Samsung Research, Seoul, Korea, Republic of
Iljoo Kim
Samsung Research, Seoul, Korea, Republic of
Eunyong Cheon
UNIST, Ulsan, Korea, Republic of
HongMin Kim
UNIST, Ulsan, Korea, Republic of
Choong-Hoon Lee
Samsung Research, Seoul, Korea, Republic of
Ian Oakley
UNIST, Ulsan, Korea, Republic of
論文URL

https://doi.org/10.1145/3613904.3642506

動画