Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Usable privacy for digital transactions: Exploring the usability aspects of three privacy enhancing mechanisms
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Information Systems and Project Management. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. (HumanIT, PriSec)ORCID iD: 0000-0002-0101-2498
2012 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The amount of personal identifiable information that people distribute over different online services has grown rapidly and considerably over the last decades. This has led to increased probabilities for identity theft, profiling and linkability attacks, which can in turn not only result in a threat to people’s personal dignity, finances, and many other aspects of their lives, but also to societies in general. Methods and tools for securing people’s online activities and protecting their privacy on the Internet, so called Privacy Enhancing Technologies (PETs), are being designed and developed. However, these technologies are often seen by ordinary users as complicated and disruptive of their primary tasks.

 

In this licentiate thesis, I investigate the usability aspects of three main privacy and security enhancing mechanisms. These mechanisms have the goal of helping and encouraging users to protect their privacy on the Internet as they engage in some of the steps necessary to complete a digital transaction. The three mechanisms, which have been investigated within the scope of different research projects, comprise of (1) graphical visualizations of service providers’ privacy policies and user-friendly management and matching of users’ privacy preferences “on the fly”, (2) methods for helping users create appropriate mental models of the data minimization property of anonymous credentials, and (3) employing touch-screen biometrics as a method to authenticate users into mobile devices and verify their identities during a digital transaction.

 

Results from these investigations suggest that these mechanisms can make digital transactions privacy-friendly and secure while at the same time delivering convenience and usability for ordinary users.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2012. , 57 p.
Series
Karlstad University Studies, ISSN 1403-8099 ; 2012:45
Keyword [en]
Privacy-Enhancing Technologies, usability, usable privacy, mental models, mobile devices, security, digital transactions, e-commerce, User Interfaces
National Category
Information Systems Human Computer Interaction Computer Sciences
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:kau:diva-14832ISBN: 978-91-7063-452-9 (print)OAI: oai:DiVA.org:kau-14832DiVA: diva2:553100
Supervisors
Available from: 2012-11-14 Created: 2012-09-18 Last updated: 2018-01-12Bibliographically approved
List of papers
1. HCI for Policy Display and Administration
Open this publication in new window or tab >>HCI for Policy Display and Administration
2011 (English)In: Privacy and Identity Management for Life / [ed] Jan Camenish, Simone Fischer-Hübner and Kai Rannenberg, Berlin: Springer Berlin/Heidelberg, 2011, 1, 261-277 p.Chapter in book (Refereed)
Abstract [en]

The PrimeLife Policy Language (PPL) has the objective of helping end users make the data handling practices of data controllers more transparent, allowing them to make well-informed decisions about the release of personal data in exchange for services. In this chapter, we present our work on user interfaces for the PPL policy engine, which aims at displaying the core elements of a data controller's privacy policy in an easily understandable way as well as displaying how far it corresponds with the user's privacy preferences. We also show how privacy preference management can be simplified for end users.

Place, publisher, year, edition, pages
Berlin: Springer Berlin/Heidelberg, 2011 Edition: 1
Keyword
PrimeLife, PPL, Privacy Policy, HCI
National Category
Computer Systems
Research subject
Computer Science; Information Systems
Identifiers
urn:nbn:se:kau:diva-12719 (URN)10.1007/978-3-642-20317-6_14 (DOI)000293925500014 ()978-3-642-20317-6 (ISBN)
Projects
PrimeLife
Available from: 2012-04-02 Created: 2012-04-02 Last updated: 2017-12-06Bibliographically approved
2. Towards Usable Privacy Enhancing Technologies: Lessons Learned from the PrimeLife Project
Open this publication in new window or tab >>Towards Usable Privacy Enhancing Technologies: Lessons Learned from the PrimeLife Project
Show others...
2011 (English)Report (Other academic)
Abstract [en]

In this deliverable, we present lessons learnt from the PrimeLife HCI (Human Computer Interaction) Activity by discussing typical HCI challenges and fallacies that we experienced during the PrimeLife project. We also provide guidance on how these issues can be addressed in order to develop usable privacy-enhancing technology solutions.

Place, publisher, year, edition, pages
PrimeLife, 2011. 55 p.
Series
PrimeLife Deliverable, D4.1.6
National Category
Psychology Computer Sciences
Research subject
Psychology; Computer Science
Identifiers
urn:nbn:se:kau:diva-10764 (URN)
Projects
PrimeLife
Available from: 2012-02-08 Created: 2012-02-08 Last updated: 2018-01-12Bibliographically approved
3. Evoking Comprehensive Mental Models of Anonymous Credentials
Open this publication in new window or tab >>Evoking Comprehensive Mental Models of Anonymous Credentials
2012 (English)In: Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security / [ed] Camenisch J., Kesdogan, D., Berlin: Springer Berlin/Heidelberg, 2012, Vol. 7039, 1-14 p.Conference paper, Published paper (Refereed)
Abstract [en]

Anonymous credentials are a fundamental technology for preserving end users' privacy by enforcing data minimization for online applications. However, the design of user-friendly interfaces that convey their privacy benefits to users is still a major challenge. Users are still unfamiliar with the new and rather complex concept of anonymous credentials, since no obvious real-world analogies exists that can help them create the correct mental models. In this paper we explore different ways in which suitable mental models of the data minimization property of anonymous credentials can be evoked on end users. To achieve this, we investigate three different approaches in the context of an e-shopping scenario: a card-based approach, an attribute-based approach and an adapted card-based approach. Results show that the adapted card-based approach is a good approach towards evoking the right mental models for anonymous credential applications. However, better design paradigms are still needed to make users understand that attributes can be used to satisfy conditions without revealing the value of the attributes themselves.

Place, publisher, year, edition, pages
Berlin: Springer Berlin/Heidelberg, 2012
Series
LNCS, ISSN 0302-9743 ; 7039
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-12118 (URN)10.1007/978-3-642-27585-2_1 (DOI)000306351500001 ()978-3-642-27584-5 (ISBN)
Conference
IFIP WG 11.4 international conference on Open Problems in Network Security, Lucerne
Available from: 2012-03-09 Created: 2012-03-09 Last updated: 2017-12-06Bibliographically approved
4. Exploring Touch-Screen Biometrics for User Identification on Smart Phones
Open this publication in new window or tab >>Exploring Touch-Screen Biometrics for User Identification on Smart Phones
2011 (English)In: Privacy and Identity Managementfor Life: Proceedings of the 7th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6 International Summer School 2011 / [ed] an Camenisch, Bruno Crispo, Simone Fischer-Hübner, Ronald Leenes, and Giovanni Russello, Springer, 2011, 130-143 p.Conference paper, Published paper (Refereed)
Abstract [en]

The use of mobile smart devices for storing sensitive informationand accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users' biometric information is handled outside their control.

Place, publisher, year, edition, pages
Springer, 2011
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; Vol. 375
Keyword
Mobile user experience, biometrics, smart mobile devices, mobile identity management, mobile authentication, privacy, lock patterns
National Category
Computer Sciences Human Computer Interaction Other Computer and Information Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-14830 (URN)10.1007/978-3-642-31668-5_10 (DOI)978-3-642-31667-8 (ISBN)978-3-642-31668-5 (ISBN)
Conference
International Summer School 2011, Trento Italy
Projects
U-PrIM (Usable Privacy-enhancing Identity Management for smart applications)
Available from: 2012-09-19 Created: 2012-09-18 Last updated: 2018-01-12Bibliographically approved
5. Understanding the user experience of secure mobile online transactions in realistic contexts of use
Open this publication in new window or tab >>Understanding the user experience of secure mobile online transactions in realistic contexts of use
Show others...
2012 (English)In: Symposium on Usable Privacy and Security (SOUPS) 2012, Washington D.C.,USA: ACM Digital Library, 2012, 8- p.Conference paper, Published paper (Refereed)
Abstract [en]

Possible attacks on mobile smart devices demand higher security for applications handling payments or sensitive information. The introduction of a tamper-proof area on future generations of mobile devices, called Trusted Execution Environment (TEE), is being implemented. Before devices with embedded TEEs can be deployed to the public, investigations on usability aspects of Trusted User Interfaces (TUI) are needed. This article describes the process we have followed at gathering requirements, prototyping and testing suitable designs for TUIs in combination with a touch-screen biometric system. At the end, we present relevant findings of a pilot study that we have conducted using an Experience Sampling Method (ESM) as part of our ongoing work.

Place, publisher, year, edition, pages
Washington D.C.,USA: ACM Digital Library, 2012
Keyword
Usable Security, Secure Mobile UIs, Trusted Executing Environment, Biometrics, Experience Sampling Method
National Category
Human Computer Interaction Computer Sciences Information Systems
Research subject
Computer Science; Information Systems
Identifiers
urn:nbn:se:kau:diva-14831 (URN)
Conference
Workshop on Usable Privacy & Security for Mobile Devices (U-PriSM), Symposium On Usable Privacy and Security (SOUPS), July 11-12 2012 Washington
Available from: 2012-09-19 Created: 2012-09-18 Last updated: 2018-01-12Bibliographically approved

Open Access in DiVA

2012_45_Angulo(1587 kB)2356 downloads
File information
File name FULLTEXT01.pdfFile size 1587 kBChecksum SHA-512
f0498866f1e3640af413389925d7e31ec49cdbf81ba12340e1106a1437c66cebbfa21ab7c85de17ce8e14eb5d7337846bf546648371c40c3055574b7c3e8c506
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Angulo, Julio
By organisation
Department of Information Systems and Project ManagementCentre for HumanIT
Information SystemsHuman Computer InteractionComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 2356 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 779 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf