Author Archives:

Serving on USENIX Security ’24 PC

Happy to help USENIX Security ’24 by serving on its technical program committee (PC). As its call for papers describes “The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. … All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security.”

Continue reading

Netflix Implements Our Recommendations to Support Profile Transfer

I’m pleased to see that Netflix has implemented one of the design improvements that the study led by my former PhD student Dr. Borke Obada-Obieh recommended. Back in 2020, we have published study results at CHI ’20, the top HCI venue. Just before the conference (and weeks before the COVID-19 pandemic) Borke and I presented the study at Netflix headquarters. This is what we wrote in our paper:

Continue reading

What Affected the Adoption of Information Tracking Solutions During COVID-19 Pandemic

Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. While prior work has heavily explored the factors affecting people’s willingness to adopt contact tracing solutions, numerous countries have implemented other information tracking solutions that use more and more sensitive data.

Continue reading

On Security and Privacy of Massive Telecommuting

With a remote workforce and everyone working digitally, the threat landscape increases. A team of my research group, led by PhD candidate Borke Obada-Obieh, performed the first qualitative study on employee security and privacy concerns when telecommuting.

Continue reading

What Makes Security-Related Code Examples Different?

Reuse of code examples (CEs) in software engineering can impact code security. Azadeh Mokhberi, a PhD student in my research group, led an interview study to investigate developers’ habits, challenges, and strategies in the life cycle of using security-related code examples (SRCEs), with a focus on exploring the differences between security- and non-security-related CEs.

Continue reading

Why People (Don’t) Adopt Cryptocurrencies

Over the last years, crypto-assets have gained significant interest from private investors, academia, and industry. While the user population and their motivations, perceptions, and behaviors have been studied, non-adopters and factors influencing their decision have been left unexplored.

Continue reading

Discovering Personas of Crypto-Asset Users

cryptocurrencies: Too fast too furious? Crypto assets lure investors - The  Economic Times

Crypto-assets are unique in tying financial wealth to the secrecy of private keys. Prior empirical work has attempted to study end-user security from both technical and organizational perspectives. However, the link between individual’s risk perceptions and security behavior was often obscured by the heterogeneity of the subjects in small samples. In a collaboration with the researchers from University of Innsbruck, Artemij Voskobojnikov, a PhD candidate in my research group, has conducted a survey of 395 crypto-asset users to discover three distinct types of such users.

Continue reading

Why Mobile Crypto-Wallets Are Hard to Use

Over the past years, the cryptocurrency domain has grown substantially. The corresponding user base has also changed significantly and is no longer only made up of cypherpunks and computer experts as was the case in the early days of Bitcoin. Managing these cryptocurrencies, however, has been found to be challenging for the users and it remains largely unknown what features of current wallets contribute to the poor UX, why, and to what extent. Artemij Voskobojnikov, PhD candidate in my research group, has led a collaboration with Freie Universität Berlin researchers that investigated this exact question.

Continue reading

On Smartphone Users’ Difficulty with Understanding Implicit Authentication

Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. It relies on behavioral traits (e.g., gait patterns) for user identification, instead of biometric data or knowledge of a passcode. However, it is not yet known whether users can understand the semantics of this technology well enough to use it properly.

Continue reading

Is Implicit Authentication on Smartphones Really Popular?

Get to know Google Smart Lock for Android | Avast

Implicit authentication (IA) on smartphones leverages behavioral and contextual data to identify users without requiring explicit input, and thus can alleviate the burden of smartphone unlocking. In a collaboration with Samsung Research, Masoud Mehrabi Koushki,, a PhD candidate in my research group, has led an exploration of how would smartphone users perceive a commercialized IA scheme in a realistic setting?

Continue reading