Konstantin Beznosov

This dissertation reports on users' understanding, concerns, and strategies regarding private information sharing through technology use.We chose three technology use cases in which users share private information with diverse sharees in exchange for the use of specific technologies.} To study users' perceptions of sharing private information with other users of the same device, we conducted semi-interviews with 26 participants who had at least one shared smart speaker in their household. To investigate people's opinions on sharing private information with governmental agencies, we conducted semi-structured interviews with 44 participants to determine their opinions about various information-tracking solutions used during the recent pandemic. We collected 539 online comments about Chrome's compromised credential notification and recruited 22 participants who had received notifications to explore people's opinions about sharing their private information with a commercial company (i.e., Google). We analyzed our collected data using thematic analysis and grounded theory.We identified various concerns and challenges that participants had regarding sharing private information through technology use. We discovered that participants' privacy concerns were related to the information required to use the technologies and the data practices of each technology (e.g., data collection, data usage, data retention, and data sharing with third parties). Furthermore, we found that participants' misunderstanding of how their private information was being used may have resulted in them having privacy concerns. Moreover, participants adopted ineffective strategies to mitigate their concerns. Finally, we learned that trust played a crucial role in users' perceptions of sharing private information with various sharees.We discussed the insights from our findings and made suggestions to improve users' experiences. We suggested helping users develop an adequate understanding of how their information is shared through the technology to help them better use technology and address their privacy concerns. We recommended that technology providers deliver more effective risk management to mitigate users' concerns, for example, by providing users with more control over their shared data. By providing data transparency, technology providers may build and maintain user trust.

View record

This dissertation reports on the security and privacy challenges of using technology in personal, professional, and involuntary relationships.We investigated these challenges by conducting semi-structured interviews and focus groups with participants. To study challenges in personal relationships, we recruited 25 participants who stopped sharing at least one online account in the 12 months preceding the study. We recruited 24 participants working from home in the three weeks preceding the study for challenges related to professional relationships and technology use. To investigate involuntary relationships, we recruited 35 sexual assault survivors, support workers, or both. We analyzed our findings using thematic analysis and grounded theory. Further, to understand technology’s various characteristics that facilitate abuse and lead to security and privacy concerns, we conducted a literature review of 224 research papers using involuntary relationships as a case study.We identified various security, and privacy challenges in using technology in relationships. For instance, in ending the sharing of online accounts, participants reported that angry ex-partners impersonated them and hijacked their accounts. Further, in telecommuting, participants sacrificed their privacy and security to maintain their jobs and professional relationships. Our literature review results also show that technology’s inherent characteristics facilitate abuse: covertness, anonymity, evolution, boundlessness, publicness, reproducibility, accessibility, indispensability, malleability, and opaqueness. We find these characteristics facilitate and amplify the identified security and privacy challenges of using technology in relationships. We discuss the insights from our findings, namely that power imbalance is a prominent problem in technological use in relationships. We also provide a design rubric that developers can use when developing technologies to predict users’ security and privacy challenges and recommendations on how some challenges can be addressed. We are optimistic that the insights derived from our thesis could lead to the design of technological solutions that could address users’ security and privacy challenges when using technology in various types of relationships.

View record

The incumbent physical security system on smartphones is known to dissatisfy users. It comprises explicit authentication (e.g., passcode), which imposes high time and cognitive overhead, and all-or-nothing authorization, which limits flexibility. Consequently, an estimated 20% of users have decided to forgo physical security entirely. In response, alternative solutions have been proposed by researchers. These include implicit authentication (IA) solutions, which harnesses behavioural data for user identification, and finer-grain (e.g., app-level) authorization solutions, which are more accurate. However, several important aspects of these alternatives are understudied. Firstly, it is unclear how widely users would adopt IA, and whether they can understand its semantics well enough to avoid dangerous security errors when using it. Secondly, it is unknown how well can the proposed authorization schemes balance usability with security. These unknowns bring into question whether the alternatives can, in fact, improve the user experience (UX) or, conversely, disservice users by providing a false sense of security. This dissertation contributes insights from several studies that aim at bridging these knowledge gaps. Regarding IA, we took Smart Lock (SL)—currently the most-widely-available solution—as a case. We conducted cognitive walkthroughs, think-aloud sessions, and online surveys to understand how users perceive and understand SL. Regarding authorization, we conducted a longitudinal diary study to obtain a detailed view on users’ needs and how well existing solutions meet them. Results show that SL is not widely adopted, which correlates to its perceived lack of usefulness and security. Regarding semantics, we found users often confused about IA’s capabilities and the nature of the data it harnesses. To avoid these issues, we provide UX design recommendations for better communication of the value and intricacies of IA. Regarding authorization, we found app-level schemes to outperform other solutions; hence we argue for wider deployment of them. However, we also found that users’ needs vary significantly based on individual preferences and the functionality being protected; hence we argue for adaptable granularity in authorization. Overall, our studies demonstrate the inadequacy of the incumbent system, show how current deployment of alternatives potentially disserves users, and provide recommendations for improved deployment in the future.

View record

The crypto-asset domain has grown substantially over the past years, both in terms of overall market capitalization, available crypto-assets, and the number of users. While the underlying protocols are well-studied, little attention has been paid to the user behaviors.This dissertation presents the results of mixed-methods research that investigated the motivations, behaviors, and user experience challenges of both users and non-users of crypto-assets. We found that crypto-asset usage is nuanced and is influenced by factors, such as the asset at hand, the amount invested, and the level of expertise of the respective user. This heterogeneity in behaviors was also confirmed through a cluster analysis. Through this analysis, we identified three distinct types of crypto-asset users, which we labeled as cypherpunks, hodlers, and rookies. While both cypherpunks and hodlers had high perceived self-efficacy (i.e., the ability to use crypto-assets and tools), they differed in their risk perceptions, with hodlers believing to be more vulnerable to potential risks, such as software wallet vulnerabilities. The rookies started to use crypto-assets recently and, unsurprisingly, had a lower self-efficacy when compared to the other two. They also owned fewer crypto-assets and used custodial wallets more often. We also identified factors influencing the adoption intention and behavior and found self-efficacy to be a major deterrent. Besides the perceived high complexity of crypto-assets and, in turn, the perceived inability to use them, non-users also cited the high risks and lack of regulatory support as a reason for non-involvement.Lastly, we investigated user experience complaints about the top five mobile crypto-wallets, i.e., mobile apps that allow users to manage their cryptographic keys for crypto-assets. We discovered that these wallets have severe usability issues. While some of these issues (e.g., crashes and freezes) are commonly encountered in mobile apps in general, others are domain-specific, such as inadequate fee and key import settings. We found that such issues led to dangerous errors and offer design recommendations in order to reduce such risks. Our findings further the understanding of the crypto-asset users and non-users and can improve the user experience by informing the design of more effective and user-friendly key management.

View record

With almost two billion users worldwide, smartphones are used for almost everything – booking a hotel, ordering a cup of coffee, or paying in a shop. However, small size and high mobility makes these devices prone to theft and loss. In this work we aim to broaden our understanding of how smartphone users and application developers protect sensitive data on smartphones.To understand how well users are protecting their data in smartphones, we conductedseveral studies. The results revealed that 50% of the subjects locked theirsmartphone with an unlocking secret and 95% of them chose unlocking secretsthat could be guessed within minutes.To understand how well application developers protect sensitive data in smartphones,we analyzed 132K Android applications. We focused on identifying misuseof cryptography in applications and libraries. The study results revealed thatdevelopers often misuse cryptographic API. In fact, 9 out of 10 Android applicationscontained code that used a symmetric cipher with a static encryption key.Further, source attribution revealed that libraries are the main consumer of cryptographyand the major contributor of misuse cases. Finally, an in-depth analysisof the top libraries highlighted the need for improvement in the way we define anddetect misuse of cryptography.Based on these results we designed and evaluated a system for encryptionkeys management that uses wearable devices as an additional source of entropy.Evaluation results showed that the proposal introduces insignificant overhead inpower consumption and latency.

View record

Despite corporate cyber intrusions attracting all the attention, privacy breaches that we, as ordinary users, should be worried about occur every day without any scrutiny. Smartphones, a household item, have inadvertently become a major enabler of privacy breaches. Smartphone platforms use permission systems to regulate access to sensitive resources. These permission systems, however, lack the ability to understand users' privacy expectations leaving a significant gap between how permission models behave and how users would want the platform to protect their sensitive data.This dissertation provides an in-depth analysis of how users make privacy decisions in the context of Smartphones and how platforms can accommodate user's privacy requirements systematically. We first performed a 36-person field study to quantify how often applications access protected resources when users are not expecting it. We found that when the application requesting the permission is running invisibly to the user, they are more likely to deny applications access to protected resources. At least 80% of our participants would have preferred to prevent at least one permission request. To explore the feasibility of predicting user's privacy decisions based on their past decisions, we performed a longitudinal 131-person field study. Based on the data, we built a classifier to make privacy decisions on the user's behalf by detecting when the context has changed and inferring privacy preferences based on the user's past decisions. We showed that our approach can accurately predict users' privacy decisions 96.8% of the time, which is an 80% reduction in error rate compared to current systems.Based on these findings, we developed a custom Android version with a contextually aware permission model. The new model guards resources based on user's past decisions under similar contextual circumstances. We performed a 38-person field study to measure the efficiency and usability of the new permission model. Based on exit interviews and 5M data points, we found thatthe new system is effective in reducing the potential violations by 75%. Despite being significantly more restrictive over the default permission systems, participants did not find the new model to cause any usability issues in terms of application functionality.

View record

The open nature of the Web, online social networks (OSNs) in particular, makes it possible to design socialbots—automationsoftware that controls fake accounts in a target OSN, and has the ability to perform basic activities similar to those of real users. In the wrong hands, socialbots can be used to infiltrate online communities, build up trust over time, and then engage in various malicious activities.This dissertation presents an in-depth security analysis of malicious socialbots on the Web, OSNs in particular. The analysis focuses on two main goals: (1) to characterize and analyze the vulnerability of OSNs to cyber attacks by malicious socialbots, social infiltration in particular, and (2) to design and evaluate a countermeasure to efficiently and effectively defend against socialbots.To achieve these goals, we first studied social infiltration as an organized campaign operated by a socialbot network (SbN)—a group of programmable socialbots that are coordinated by an attacker in a botnet-like fashion. We implemented a prototypical SbN consisting of 100 socialbots and operated it on Facebook for 8 weeks. Among various findings, we observed that some users are more likely to become victims than others, depending on factors related to their social structure. Moreover, we found that traditional OSN defenses are not effective at identifying automated fake accounts or their social infiltration campaigns.Based on these findings, we designed Íntegro—an infiltration-resilient defense system that helps OSNs detect automated fake accounts via a user ranking scheme. In particular, Íntegro relies on a novel approach that leverages victim classification for robust graph-based fake account detection, with provable security guarantees. We implemented Íntegro on top of widely-used, open-source distributed systems, in which it scaled nearly linearly. We evaluated Íntegro against SybilRank—the state-of-the-art in graph-based fake account detection—using real-world datasets and a large-scale, production-class deployment at Tuenti, the largest OSN in Spain with more than 15 million users. We showed that Íntegro significantly outperforms SybilRank in ranking quality, allowing Tuenti to detect at least 10 times more fake accounts than their current abuse detection system.

View record

IT security management (ITSM) technologies are important components of IT security in organizations. But there has been little research on how ITSM technologies should incorporate human and social issues into their design. Identity and Access Management (IAM) systems, as an important category of ITSM, share such a gap with other ITSM technologies. The overreaching goal of this research is to narrow the gap between IAM technologies and social context. In the first phase, we developed a set of usability guidelines, and heuristics for design and usability evaluation of ITSM tools. We gathered recommendations related to ITSM tools from the literature, and categorized them into a set of 19 high-level guidelines that can be used by ITSM tool designers. We then used a methodical approach to create seven heuristics for usability evaluation of ITSM tools and named them ITSM heuristics. With a between-subjects study, we compared the usage of the ITSM and Nielsen's heuristics for evaluation of a commercial IAM system. The results confirmed the effectiveness of ITSM heuristics, as participants who used the ITSM heuristics found more problems categorized as severe than those who used Nielsen's. In the second phase, we conducted a field-study of 19 security practitioners to understand how they do IAM and identify the challenges they face. We used a grounded theory approach to collect and analyze data and developed a model of IAM activities and challenges. Built on the model, we proposed a list of recommendations for improving technology or practice. In the third phase, we narrowed down our focus to a specific IAM related activity, access review. We expanded our understanding of access review by further analysis of the interviews, and by conducting a survey of 49 security practitioners. Then, we used a usability engineering process to design AuthzMap, a novel user-interface for reviewing access policies in organizations. We conducted a user study with 430 participants to compare the use of AuthzMap with two existing access review systems. The results show AuthzMap improved the efficiency in five of the seven tested tasks, and improved accuracy in one of them.

View record

OpenID and OAuth are open and lightweight web single sign-on (SSO) protocols that have been adopted by high-profile identity providers (IdPs), such as Facebook, Google, Microsoft, and Yahoo, and millions of relying party (RP) websites. However, the average users' perceptions of web SSO and the systems' security guarantee are still poorly understood. Aimed at filling these knowledge gaps, we conducted several studies to further the understanding and improvements of the usability and security of these two mainstream web SSO solutions. First, through several in-lab user studies, we investigated users' perceptions and concerns when using web SSO for authentication. We found that our participants had several misconceptions and concerns that impeded their adoption. This ranged from their inadequate mental models of web SSO, to their concerns about personal data exposure, and a reduction in their perceived web SSO value due to the employment of password management practices. Informed by our findings, we offered a web SSO technology acceptance model, and suggested design improvements. Second, we performed a systematic analysis of the OpenID 2.0 protocol using both formal model checking and an empirical evaluation of 132 popular RP websites. The formal analysis identified three weaknesses in the protocol, and based on the attack traces from the model checking engine, six exploits and a semi-automated vulnerability assessment tool were designed to evaluate how prevalent those weaknesses are in the real-world implementations. Two practical countermeasures were proposed and evaluated to strengthen the uncovered weaknesses in the protocol. Third, we examined the OAuth 2.0 implementations of three major IdPs and 96 popular RP websites. By analyzing browser-relayed messages during SSO, our study uncovered several vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph on IdPs, and impersonate the victim on RP websites. We investigated the fundamental causes of these vulnerabilities, and proposed several simple and practical design improvements that can be adopted gradually by individual sites. In addition, we proposed and evaluated an approach for websites to prevent SQL injection attacks, and a user-centric access-control scheme that leverage the OpenID and OAuth protocols.

View record

Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy enforcement point intercepts application requests, obtains authorization decisions from a remote policy decision point, and enforces those decisions. This model enables sharing the decision point as an authorization service across multiple applications. But, with many requests and resources, using a remote shared decision point leads to increased latency and presents the risk of introducing a bottleneck and/or a single point of failure. This dissertation presents three approaches to addressing these problems.The first approach introduces and evaluates the mechanisms for authorization recycling in role-based access control systems. The algorithms that support these mechanisms allow a local secondary decision point to not only reuse previously-cached decisions but also infer new and correct decisions based on two simple rules, thereby masking possible failures of the central authorization service and reducing the network delays. Our evaluation results suggest that authorization recycling improves the availability and performance of distributed access control solutions.The second approach explores a cooperative authorization recycling system, where each secondary decision point shares its ability to make decisions with others through a discovery service. Our system does not require cooperating secondary decision points to trust each other. To maintain cache consistency at multiple secondary decision points, we propose alternative mechanisms for propagating update messages. Our evaluation results suggest that cooperation further improves the availability and performance of authorization infrastructures.The third approach examines the use of a publish-subscribe channel for delivering authorization requests and responses between policy decision points and enforcement points. By removing enforcement points' dependence on a particular decision point, this approach helps improve system availability, which is confirmed by our analytical analysis, and reduce system administration/development overhead. We also propose several subscription schemes for different deployment environments and study them using a prototype system.We finally show that combining these three approaches can further improve the authorization system availability and performance, for example, by achieving a unified cooperation framework and using speculative authorizations.

View record