Katharina Krombholz, SBA Research
From 11.45 until 13.15
At CNB/F/110 (Lunch) + CNB/F/100.9 (Seminar), ETH Zurich
Universitätstrasse 6, 8092 Zurich
End-users often struggle with security systems that are too difficult to use and not designed to fulfil the users' needs. In the current age, disruptive technologies are proliferating rapidly and a plethora of devices is interconnected and exchanges data. This always-online paradigm poses significant challenges to users as the underlying information-sharing models are difficult to understand. Hence, managing security and privacy has become increasingly complex for users and they are susceptible to a variety of attacks or accidentally disclose sensitive information without being aware of it. This complexity is more and more acknowledged and research has started to address human aspects of information security.
This talk presents recent findings in the areas of user authentication and cryptographic applications such as Bitcoin and TLS. I will present an improved knowledge-based authentication scheme for mobile devices that lets users select higher entropy PINs. Then, I will present a large-scale study with Bitcoin users on their experiences with security, privacy and anonymity. Furthermore, I will talk about a recent work with administrators on the usability of deploying HTTPS. The talk will be concluded with lessons learned from previous research and an exploration of future topics and challenges.