Security and Privacy Aspects of Human-Computer-Interactions
Permanent URI for this collection
Browse
Recent Submissions
Item Insights into Digital Identity Dynamics through Personal Digital Twins(2025-01-07) Hölzmer, Pol; Frank, Muriel; Sedlmeir, Johannes; Koschuch, ManuelThe digital transformation has resulted in a web of complex systems, creating a tangled mesh of context-specific digital identities for users to manage. Despite the prevalence of privacy risks, users often remain unaware of the extent to which their personal data is used by identity providers and relying parties. Drawing on design science and network analysis techniques, this paper introduces a hierarchical node architecture and data flow model to highlight the interconnectedness of partial digital identities and provides a tool to support the assessment and evaluation process. We used the developed methods to evaluate the digital footprint of ten participants, gaining insights into digital identity dynamics.Item Would You Preserve Your Privacy or Enhance it? How to Best Frame Privacy Interventions for Older and Younger Users(2025-01-07) Ghaiumy Anaraky, Reza; Bulgurcu, Burcu; Byrne, Kaileigh; Li, Yao; Cho, Hichang; Knijnenburg, BartIn this paper, we examine the role of personalized communication in promoting the effective use of privacy measures for different age groups. Research has shown that due to differences in cognitive processing, older and younger adults respond differently to rationally identical presentations of the same message (i.e., the framing effect). Therefore, messages that are designed to nudge users towards more privacy protective behaviors should be tailored according to the age of the user groups. We conducted a controlled experiment where we presented a privacy and security technology with a gain framing of “Privacy Enhancing Technology” vs. a loss framing of “Privacy Preserving Technology.” Our results show that older adults are more motivated to protect themselves by a loss-framed message than a gain-framed message, while younger adults’ responsiveness to either a gain- or loss-framed message depends on their level of privacy concern. The findings highlight the importance of personalized communication in promoting privacy and security measures among different age groups.Item Preventing Phishing Attacks with Browser-Based URL Detection(2025-01-07) Misiek, Miłosz; Hyla, TomaszOne way to protect users from clicking on a malicious URL is to continuously check all URLs displayed on the website and notify them when a suspicious URL is detected. This paper presents a browser plug-in to detect malicious web addresses facilitating phishing attacks. The plug-in leverages a machine-learning model, specifically the Extreme Gradient Boosting decision tree model. The results indicate high performance in accurately identifying malicious URLs. Although the XGBoost model does not achieve the highest possible accuracy, it offers an exceptional balance between various performance metrics. It provides practical benefits in terms of computational efficiency and interpretability. These features make it a solid foundation for further development and potential implementation in phishing detection systems on social networking sites. The plug-in identifies and flags all external URLs on a given page, providing users with information regarding the potential maliciousness of a URL.Item Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow(2025-01-07) Huo, Timothy; Araújo, Ana; Imanaka, Jake; Peruma, Anthony; Kazman, RickThe widespread use of smartphones and tablets has made society heavily reliant on mobile applications (apps) for accessing various resources and services. These apps often handle sensitive personal, financial, and health data, making app security a critical concern for developers. While there is extensive research on software security topics like malware and vulnerabilities, less is known about the practical security challenges mobile app developers face and the guidance they seek. In this study, we mine Stack Overflow for questions on mobile app security, which we analyze using quantitative and qualitative techniques. The findings reveal that Stack Overflow is a major resource for developers seeking help with mobile app security, especially for Android apps, and identifies seven main categories of security questions: Secured Communications, Database, App Distribution Service, Encryption, Permissions, File-Specific, and General Security. Insights from this research can inform the development of tools, techniques, and resources by the research and vendor community to better support developers in securing their mobile apps.Item Introduction to the Minitrack on Security and Privacy Aspects of Human-Computer-Interactions(2025-01-07) Weber, Kristin; Rosenthal, Paul; MüLler, Nicholas