Security in HCI

Florian Alt & Albrecht Schmidt slides Wed, 14.03.2018

Prof. Alt and Prof. Schmidt started the session by motivating the need to consider security in HCI applications. They highlighted how security is often ignored in HCI research since the focus is to build prototypes rather than actual products. However,  an understanding of security aspects beyond usable security is an essential part of every project.

Activity 1: Speed dating – Understanding user experience

We started with a group activity in which each pair discussed some questions related to security. Prof. Alt started by asking “why we encrypt Whatsapp but not email“. We discussed that the fact that PGP is not straightforward makes people resilient to using it. Prof. Alt clarified that with the human being the weakest link in the security of a system, it is important to make sure that adopting the security measures is usable. Prof. Schmidt highlighted that as HCI experts are in a good position to address this issue since they are trained to find compromises.

Activity 2: Design phishing attacks to get the reviewers of your paper

The following exercise focused on phishing attacks.  We worked in groups of four for 15 minutes to design an attack to identify the reviewers of a paper under review. We were encouraged to incorporate social engineering in designing the attack.  The idea was to be in an attacker’s shoes and try to think from their perspective.

Prof. Alt concluded by some best practices for modelling the attackers, determining the attacker’s motivation, skills, and how all of these aspects impact the best practices to overcome the attack and fix the vulnerabilities.