Human Aspects

Household Internet-of-Things (IoT) devices are intended to collect information in the home and to communicate with each other, to create powerful new applications that support our day-to-day activities. Existing research suggests that users have a difficult time selecting their privacy settings on such devices. The goal of this project is to investigate how, why and when privacy decisions of household IoT users are suboptimal, and to use the insights from this research to create and test a simple single user interface that integrates privacy settings across all devices within a household.

User errors or delays while performing security-critical tasks can lead to undesirable or even disastrous consequences. The impact of both accidental and intentional distractions on users in such situations has received little investigation. In particular, it is unclear whether and how sensory stimuli (e.g., sound or light) influence users' behavior and trigger mistakes. Better understanding of the effects of such distractions can lead to increased user awareness and countermeasures.

The Public Key Infrastructure (PKI), along with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, are responsible for securing Internet transactions such as banking, email, and e-commerce; they provide users with the ability to verify with whom they are communicating online, and enable encryption of those communications. While the use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation.

To date, the application of quantitative security and privacy metrics metrics has seen its greatest successes when exploring the worst-case properties of a system. That is, given a powerful adversary, to what extent does the system preserve some relevant set of properties? While such analyses allow experts to build systems that are resistant to strong attackers, many deployed systems were not designed in this manner. In fact, there is growing evidence that users' privacy is routinely compromised as a byproduct of using social, participatory, and distributed applications.

In phishing, an attacker tries to steal sensitive information, e.g., bank/credit card account numbers, login information, etc., from Internet users. The US society and economy are increasingly dependent on the Internet and the web, which is plagued by phishing. One popular phishing method is to create a site that mimics a good site and then attract users to it via email, which is by far the most popular medium to entice unsuspecting users to the phishing site.