Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Usable privacy for digital transactions: Exploring the usability aspects of three privacy enhancing mechanisms
Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Avdelningen för informatik och projektledning. Karlstads universitet, Fakulteten för ekonomi, kommunikation och IT, Centrum för HumanIT. (HumanIT, PriSec)
2012 (Engelska)Licentiatavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

The amount of personal identifiable information that people distribute over different online services has grown rapidly and considerably over the last decades. This has led to increased probabilities for identity theft, profiling and linkability attacks, which can in turn not only result in a threat to people’s personal dignity, finances, and many other aspects of their lives, but also to societies in general. Methods and tools for securing people’s online activities and protecting their privacy on the Internet, so called Privacy Enhancing Technologies (PETs), are being designed and developed. However, these technologies are often seen by ordinary users as complicated and disruptive of their primary tasks.

 

In this licentiate thesis, I investigate the usability aspects of three main privacy and security enhancing mechanisms. These mechanisms have the goal of helping and encouraging users to protect their privacy on the Internet as they engage in some of the steps necessary to complete a digital transaction. The three mechanisms, which have been investigated within the scope of different research projects, comprise of (1) graphical visualizations of service providers’ privacy policies and user-friendly management and matching of users’ privacy preferences “on the fly”, (2) methods for helping users create appropriate mental models of the data minimization property of anonymous credentials, and (3) employing touch-screen biometrics as a method to authenticate users into mobile devices and verify their identities during a digital transaction.

 

Results from these investigations suggest that these mechanisms can make digital transactions privacy-friendly and secure while at the same time delivering convenience and usability for ordinary users.

Ort, förlag, år, upplaga, sidor
Karlstad: Karlstads universitet, 2012. , 57 s.
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2012:45
Nyckelord [en]
Privacy-Enhancing Technologies, usability, usable privacy, mental models, mobile devices, security, digital transactions, e-commerce, User Interfaces
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik Människa-datorinteraktion (interaktionsdesign) Datavetenskap (datalogi)
Forskningsämne
Informatik
Identifikatorer
URN: urn:nbn:se:kau:diva-14832ISBN: 978-91-7063-452-9 (tryckt)OAI: oai:DiVA.org:kau-14832DiVA: diva2:553100
Handledare
Tillgänglig från: 2012-11-14 Skapad: 2012-09-18 Senast uppdaterad: 2012-11-16Bibliografiskt granskad
Delarbeten
1. HCI for Policy Display and Administration
Öppna denna publikation i ny flik eller fönster >>HCI for Policy Display and Administration
2011 (Engelska)Ingår i: Privacy and Identity Management for Life / [ed] Jan Camenish, Simone Fischer-Hübner and Kai Rannenberg, Berlin: Springer Berlin/Heidelberg, 2011, 1, 261-277 s.Kapitel i bok, del av antologi (Refereegranskat)
Abstract [en]

The PrimeLife Policy Language (PPL) has the objective of helping end users make the data handling practices of data controllers more transparent, allowing them to make well-informed decisions about the release of personal data in exchange for services. In this chapter, we present our work on user interfaces for the PPL policy engine, which aims at displaying the core elements of a data controller's privacy policy in an easily understandable way as well as displaying how far it corresponds with the user's privacy preferences. We also show how privacy preference management can be simplified for end users.

Ort, förlag, år, upplaga, sidor
Berlin: Springer Berlin/Heidelberg, 2011 Upplaga: 1
Nyckelord
PrimeLife, PPL, Privacy Policy, HCI
Nationell ämneskategori
Datorsystem
Forskningsämne
Datavetenskap; Informatik
Identifikatorer
urn:nbn:se:kau:diva-12719 (URN)10.1007/978-3-642-20317-6_14 (DOI)000293925500014 ()978-3-642-20317-6 (ISBN)
Projekt
PrimeLife
Tillgänglig från: 2012-04-02 Skapad: 2012-04-02 Senast uppdaterad: 2016-08-09Bibliografiskt granskad
2. Towards Usable Privacy Enhancing Technologies: Lessons Learned from the PrimeLife Project
Öppna denna publikation i ny flik eller fönster >>Towards Usable Privacy Enhancing Technologies: Lessons Learned from the PrimeLife Project
Visa övriga...
2011 (Engelska)Rapport (Övrigt vetenskapligt)
Abstract [en]

In this deliverable, we present lessons learnt from the PrimeLife HCI (Human Computer Interaction) Activity by discussing typical HCI challenges and fallacies that we experienced during the PrimeLife project. We also provide guidance on how these issues can be addressed in order to develop usable privacy-enhancing technology solutions.

Ort, förlag, år, upplaga, sidor
PrimeLife, 2011. 55 s.
Serie
PrimeLife Deliverable, D4.1.6
Nationell ämneskategori
Psykologi Datavetenskap (datalogi)
Forskningsämne
Psykologi; Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-10764 (URN)
Projekt
PrimeLife
Tillgänglig från: 2012-02-08 Skapad: 2012-02-08 Senast uppdaterad: 2012-11-14Bibliografiskt granskad
3. Evoking Comprehensive Mental Models of Anonymous Credentials
Öppna denna publikation i ny flik eller fönster >>Evoking Comprehensive Mental Models of Anonymous Credentials
2012 (Engelska)Ingår i: Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security / [ed] Camenisch J., Kesdogan, D., Berlin: Springer Berlin/Heidelberg, 2012, Vol. 7039, 1-14 s.Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Anonymous credentials are a fundamental technology for preserving end users' privacy by enforcing data minimization for online applications. However, the design of user-friendly interfaces that convey their privacy benefits to users is still a major challenge. Users are still unfamiliar with the new and rather complex concept of anonymous credentials, since no obvious real-world analogies exists that can help them create the correct mental models. In this paper we explore different ways in which suitable mental models of the data minimization property of anonymous credentials can be evoked on end users. To achieve this, we investigate three different approaches in the context of an e-shopping scenario: a card-based approach, an attribute-based approach and an adapted card-based approach. Results show that the adapted card-based approach is a good approach towards evoking the right mental models for anonymous credential applications. However, better design paradigms are still needed to make users understand that attributes can be used to satisfy conditions without revealing the value of the attributes themselves.

Ort, förlag, år, upplaga, sidor
Berlin: Springer Berlin/Heidelberg, 2012
Serie
LNCS, ISSN 0302-9743 ; 7039
Nationell ämneskategori
Datorsystem
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-12118 (URN)10.1007/978-3-642-27585-2_1 (DOI)000306351500001 ()978-3-642-27584-5 (ISBN)
Konferens
IFIP WG 11.4 international conference on Open Problems in Network Security, Lucerne
Tillgänglig från: 2012-03-09 Skapad: 2012-03-09 Senast uppdaterad: 2016-08-10Bibliografiskt granskad
4. Exploring Touch-Screen Biometrics for User Identification on Smart Phones
Öppna denna publikation i ny flik eller fönster >>Exploring Touch-Screen Biometrics for User Identification on Smart Phones
2011 (Engelska)Ingår i: Privacy and Identity Managementfor Life: Proceedings of the 7th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6 International Summer School 2011 / [ed] an Camenisch, Bruno Crispo, Simone Fischer-Hübner, Ronald Leenes, and Giovanni Russello, Springer, 2011, 130-143 s.Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

The use of mobile smart devices for storing sensitive informationand accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users' biometric information is handled outside their control.

Ort, förlag, år, upplaga, sidor
Springer, 2011
Serie
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; Vol. 375
Nyckelord
Mobile user experience, biometrics, smart mobile devices, mobile identity management, mobile authentication, privacy, lock patterns
Nationell ämneskategori
Datavetenskap (datalogi) Människa-datorinteraktion (interaktionsdesign) Annan data- och informationsvetenskap
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-14830 (URN)10.1007/978-3-642-31668-5_10 (DOI)978-3-642-31667-8 (ISBN)978-3-642-31668-5 (ISBN)
Konferens
International Summer School 2011, Trento Italy
Projekt
U-PrIM (Usable Privacy-enhancing Identity Management for smart applications)
Tillgänglig från: 2012-09-19 Skapad: 2012-09-18 Senast uppdaterad: 2016-11-22Bibliografiskt granskad
5. Understanding the user experience of secure mobile online transactions in realistic contexts of use
Öppna denna publikation i ny flik eller fönster >>Understanding the user experience of secure mobile online transactions in realistic contexts of use
Visa övriga...
2012 (Engelska)Ingår i: Symposium on Usable Privacy and Security (SOUPS) 2012, Washington D.C.,USA: ACM Digital Library, 2012, 8- s.Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Possible attacks on mobile smart devices demand higher security for applications handling payments or sensitive information. The introduction of a tamper-proof area on future generations of mobile devices, called Trusted Execution Environment (TEE), is being implemented. Before devices with embedded TEEs can be deployed to the public, investigations on usability aspects of Trusted User Interfaces (TUI) are needed. This article describes the process we have followed at gathering requirements, prototyping and testing suitable designs for TUIs in combination with a touch-screen biometric system. At the end, we present relevant findings of a pilot study that we have conducted using an Experience Sampling Method (ESM) as part of our ongoing work.

Ort, förlag, år, upplaga, sidor
Washington D.C.,USA: ACM Digital Library, 2012
Nyckelord
Usable Security, Secure Mobile UIs, Trusted Executing Environment, Biometrics, Experience Sampling Method
Nationell ämneskategori
Människa-datorinteraktion (interaktionsdesign) Datavetenskap (datalogi) Systemvetenskap, informationssystem och informatik
Forskningsämne
Datavetenskap; Informatik
Identifikatorer
urn:nbn:se:kau:diva-14831 (URN)
Konferens
Workshop on Usable Privacy & Security for Mobile Devices (U-PriSM), Symposium On Usable Privacy and Security (SOUPS), July 11-12 2012 Washington
Tillgänglig från: 2012-09-19 Skapad: 2012-09-18 Senast uppdaterad: 2017-08-15Bibliografiskt granskad

Open Access i DiVA

2012_45_Angulo(1587 kB)2322 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 1587 kBChecksumma SHA-512
f0498866f1e3640af413389925d7e31ec49cdbf81ba12340e1106a1437c66cebbfa21ab7c85de17ce8e14eb5d7337846bf546648371c40c3055574b7c3e8c506
Typ fulltextMimetyp application/pdf

Sök vidare i DiVA

Av författaren/redaktören
Angulo, Julio
Av organisationen
Avdelningen för informatik och projektledningCentrum för HumanIT
Systemvetenskap, informationssystem och informatikMänniska-datorinteraktion (interaktionsdesign)Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 2322 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

Totalt: 763 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf