Foreword
HCI International 2022 Thematic Areas and Affiliated Conferences
List of Conference Proceedings Volumes Appearing Before the Conference
Preface
4th International Conference on HCI for Cybersecurity, Privacy and Trust (HCI-CPT 2022)
HCI International 2023
Contents
User Privacy and Data Protection
Intermediate Help with Using Digital Devices and Online Accounts: Understanding the Needs, Expectations, and Vulnerabilities of Young Adults
1 Introduction
2 Related Work
3 Methodology
3.1 Procedure
3.2 Analysis
4 Results
4.1 Intermediate Help: Contexts and Reasons
4.2 Intermediate Help: Sharing Authentication Secrets
4.3 Intermediate Help: Challenges and Concerns
5 Discussion
5.1 Multiple Modes of Communication
5.2 Tutorials: Usability, Efficacy, and Inclusiveness
5.3 Ergonomic Design
6 Limitations and Conclusion
References
Improving Consumer Data Privacy Protection and Trust in the Context of the Digital Platform
1 Introduction
2 Research Background and Hypotheses Development
3 Research Design and Methodology
4 Results
4.1 Measurement Model
4.2 Structural Model
5 Discussion
6 Conclusion
References
Secure Interoperation of Blockchain and IPFS Through Client Application Enabled by CP-ABE
1 Introduction
2 Related Work
3 Interoperation of Blockchain and IPFS Through Client Application
3.1 System Architecture
3.2 Protocols for IIAAC
4 Experiments and Discussions
4.1 Experiment Overview
4.2 Experiment Results
5 Conclusion
References
Mental Models of the Internet and Its Online Risks: Children and Their Parent(s)
1 Introduction
2 Related Work
2.1 Internet Mental Models
2.2 Privacy and Security Perceptions of Internet Related Actions/Devices
3 Methodology
3.1 Ethics
3.2 Recruitment
3.3 Study Design and Procedure
3.4 Data Analysis
4 Findings
4.1 Internet - Mental Models
4.2 Online Risks - Mental Models
4.3 Child-Parent Pairs
5 Discussion of Findings
6 Limitations
7 Conclusion and Future Work
A Appendix
A.1 Pre-study Questionnaire
A.2 Pictures for Scenarios
References
Privacy and Customer's Education: NLP for Information Resources Suggestions and Expert Finder Systems
1 Introduction
2 Idea
3 Manual Data Collection
4 Company Privacy Policies
4.1 Raw Crawl
4.2 Search Engine
4.3 Policy Classifier
4.4 Manual Evaluation
4.5 Results
5 Question Answering
5.1 Law Stack Exchange
5.2 Reddit
5.3 Results
5.4 Unsupervised ML Evaluation
5.5 Potential Bias
6 LexGLUE
7 Expert Finder
8 Conclusion
References
Improving Rank-N Identification Rate of Palmprint Identification Using Permutation-Based Indexing
1 Introduction
2 Related Works on Pivot-Based Indexing Methods
2.1 Matching Score Vector for Biometric Identification
2.2 Permutation-Based Indexing
3 Proposed Methods
3.1 Challenges Identified Within Previous Studies with Approaches for Improvement
3.2 PCA-Based Pivot Orthogonalization
3.3 Index-Based Template Selection
4 Experiments
4.1 Experimental Patterns
4.2 Experimental Steps
4.3 Experimental Environment
4.4 Dataset and Preprocessing
4.5 Matching Score-based Template/Query Selection
4.6 PCA-Based Pivot Orthogonalization
4.7 Index-Based Template Selection
5 Results
5.1 Experiments on Rank-N Identification Rate
5.2 Experiments on the Identification Accuracy and Required Time
6 Conclusion
References
Securing Software Defining Network from Emerging DDoS Attack
1 First Introduction
1.1 Problem Statements
1.2 Our Proposal
1.3 Contribution
2 Related Work
2.1 Themes on Software-Defined Networking Concept and Architecture
2.2 Theme on SDN Security
2.3 Theme on Cloud
2.4 Theme on Cloud Security
2.5 Security Threats and Attacks on Cloud
2.6 Distribute Denial of Service (DDOS)
2.7 DDOS Attack Over Time
3 Methodology
3.1 Document Analysis
3.2 Interview and Focus Group Discussion
3.3 Empirical Study
3.4 Data Analysis
3.5 Tools Used
3.6 Proposed Methodology
4 Result and Discussion
5 Conclusion and Recommendation
6 Future Work
References
Trustworthiness and User Experience in Cybersecurity
User Experience, Knowledge, Perceptions, and Behaviors Associated with Internet of Things (IoT) Device Information Privacy
1 Introduction
2 Methods
2.1 Participants and Sample
2.2 Survey Instrument
2.3 Procedure
2.4 Data Analysis
3 Results
3.1 User Experience
3.2 User Knowledge
3.3 User Perceptions
3.4 User Behaviors
4 Discussion
4.1 User Experience
4.2 User Knowledge
4.3 User Perceptions
4.4 User Behaviors
4.5 Recommendations
4.6 Limitations and Future Research
5 Conclusion
References
From Cybersecurity Hygiene to Cyber Well-Being
1 Introduction
2 Interpretations of Cyber Hygiene
3 Exploring End-Usersâ Cybersecurity Understanding and Behaviors
4 Towards Establishing Cyber Well-Being
5 Conclusion
References
Lessons Learned and Suitability of Focus Groups in Security Information Workers Research
1 Introduction
2 Background
2.1 Focus Groups
2.2 Focus Groups in Security Information Workers Research
3 Study Methodology
3.1 Study Overview
3.2 Focus Group Design
3.3 Data Collection
3.4 Data Analysis
3.5 Informing a Survey
4 General Lessons Learned
4.1 Differences from Interviews
4.2 Virtual Focus Groups
5 Suitability for Studying Security Information Workers
5.1 Benefits
5.2 Disadvantages and Challenges
5.3 Mitigating Concerns
6 Conclusion
References
A Survey of User Experience in Usable Security and Privacy Research
1 Introduction
2 Related Work
2.1 Usable Security and Privacy Work
3 Methods
4 Limitations
5 Results
5.1 User Experience
5.2 Trends
5.3 Future Work and Challenges
6 Discussion
6.1 RQ1 [User Experience and Risk]: What User Behaviors put Users More at Risk, and What Do Users Believe Places them Most at Risk?
6.2 RQ2 [Trends and Challenges]: What are Emerging Trends and Challenges to the Field?
7 Conclusion
References
Are HTTPS Configurations Still a Challenge?: Validating Theories of Administrators' Difficulties with TLS Configurations
1 Introduction
2 Background and Related Work
3 Methodology
3.1 Small-Scale Study
3.2 Quantitative Study Design
3.3 Ethical Considerations
4 Results
4.1 General TLS/HTTPS Knowledge
4.2 Configuration and Maintenance
4.3 Trust
5 Discussion
5.1 Knowledge of Certificates and Keys
5.2 Trust
5.3 Let's Encrypt and Certificate Validation
5.4 HTTPS Challenges
5.5 Administrator vs. Student Sample
6 Limitations
7 Conclusion
References
Towards the Improvement of UI/UX of a Human-AI Adversarial Authorship System
1 Introduction
2 Related Work
3 Further Development of AuthorCAAT
3.1 Limitations
4 Examining the Usability of AuthorCAAT
5 Designing JohariMAA
6 Conclusion
References
Multi-faceted Authentication Methods and Tools
Bu-Dash: A Universal and Dynamic Graphical Password Scheme
1 Introduction
2 Related Work
3 Proposed Scheme
4 Methodology
5 Results
5.1 Password Space
5.2 Survey'' Group
5.3Pilot'' Group
5.4 ``Aux'' Group
6 Discussion
7 Conclusion
References
A Preliminary Investigation of Authentication of Choice in Health-Related Mobile Applications
1 Introduction
2 Related Work
2.1 Traditional Authentication Methods
2.2 Multiple Factor Authentication
2.3 Authentication of Choice
2.4 Security and Usability of Mobile Health Applications
3 Methods
3.1 Participants
3.2 HealthCog Application
3.3 Procedure
4 Results
4.1 Login Time
4.2 Authentication Method Chosen for AoC
4.3 Preferred Authentication Process
5 Discussions and Conclusions
References
On-Demand Biometric Authentication for System-User Management
1 Introduction
2 Assumed Authentication System
3 Authentication of System User
3.1 One-time-only Authentication
3.2 Continuous Authentication
4 Periodical and Non-periodical Authentication
4.1 Periodical Authentication
4.2 Nonperiodical Authentication
4.3 Action-Related Authentication
5 On-demand Authentication
5.1 Type I
5.2 Type II
5.3 Reduction of Processing Load
5.4 Detection of Start/Break/End-of-work Times
5.5 Working During Break Period
6 Processing of On-demand Authentication
6.1 Type I
6.2 Type II
7 Conclusions
References
PushID: A Pressure Control Interaction-Based Behavioral Biometric Authentication System for Smartwatches
1 Introduction
2 Related Work
2.1 Behavioral Biometrics in Smartwatches
2.2 Pressure Input-Based Authentication
3 PushID System Design
3.1 Threat Model
3.2 PushID Interface
3.3 System Overview
4 Data Collection Study
4.1 Participants
4.2 Procedure
4.3 Measures
5 Results and Discussion
6 Conclusion
References
A Hand Gesture-Based Authentication Method that Makes Forgery Difficult
1 Introduction
2 Related Work
3 Preliminaries
3.1 Japanese Fingerspelling Alphabets
3.2 Leap Motion Controller
3.3 Dynamic Time Warping
4 Proposed Method
5 Implementation
5.1 Template Registration
5.2 Authentication
6 Experiment
6.1 Procedure
6.2 Results
7 Discussion
8 Conclusions and Future Work
References
VibroAuth: Authentication with Haptics Based Non-visual, Rearranged Keypads to Mitigate Shoulder Surfing Attacks
1 Introduction
2 Related Work
2.1 Alternative Authentication Methods
2.2 Haptics Based Approaches
3 Threat Model
4 VibroAuth Mechanism
4.1 Keypad Design
4.2 Presenting Rearranged Keypad Layouts
4.3 Haptic Patterns
4.4 Authentication Method
4.5 Implementation
5 Study 1: Evaluating Keypad Layout Shifting Methods
5.1 Method
5.2 Results of Study 1
5.3 Discussion of Study 1
6 Study 2: Security Study
6.1 Method
6.2 Results and Discussion of Study 2
7 Discussion, Limitations and Future Work
7.1 Potential Usage Scenarios
7.2 Limitations and Future Works
References
HCI in Cyber Defense and Protection
The Pitfalls of Evaluating Cyber Defense Techniques by an Anonymous Population
1 Introduction
2 Review of Literature
2.1 Recruitment
2.2 Assessing Knowledge, Skills, and Abilities
2.3 Web-Based Deception
3 Method
3.1 Testbed Specifications and Design
3.2 Participants
3.3 Experiment Design
4 Results and Analyses
4.1 Quantitative Analysis
4.2 Qualitative Analysis
5 Discussion
5.1 Lack of Validated Measures
5.2 Security Students vs Security Professionals
5.3 Data and Naivety of Crowdworkers
5.4 Maliciousness
5.5 Inviting Outsiders
6 Conclusion and Future Work
References
The Dimensionality of the Cyber Warrior
1 The Cyber Domain
1.1 Distinctions in Cyber Operations and Cyber Operators
2 Cyber Operations in the Military
3 Traits and Skills of the Successful Cyber Warrior
4 Assessment of Cyber Skills Aptitude
5 Traits and Skills that Have not yet Been Assessed
6 Assessments that May Be Useful
7 Conclusions and Future Directions
References
Exploring Rationality of Self Awareness in Social Networking for Logical Modeling of Unintentional Insiders
1 Introduction
2 Background
2.1 Social Explanation and Rational Choice Theory
2.2 Isabelle Insider Framework
3 Social Networks and Privacy Awareness
3.1 Requirements Analysis and Design of Social Awareness Tool
3.2 Testing and Evaluation
3.3 Key Findings and RCT Interpretation of Privacy Awareness
4 Modeling Unaware Social Network Users and Unintentional Insiders in Isabelle
4.1 Infrastructures, Policies, Actors in Isabelle
4.2 Modelling the Human Actor and Psychological Disposition
4.3 Privacy by Labeling Data and State Transition
4.4 Representing Human Factors and Insiders
4.5 Integrating Unaware with Malicious Insiders
4.6 Attack: Eve Can Get Data
5 Conclusions
5.1 Related Work on Awareness
5.2 Related Work on Isabelle Insider and Infrastructure Framework
5.3 Discussion and Outlook
References
Shaping Attacker Behavior: Evaluation of an Enhanced Cyber Maneuver Framework
1 Introduction
1.1 Cyber Maneuvers
2 Cyber Maneuver Frameworks
3 Enhanced Cyber Maneuver Framework
3.1 Categories of Maneuvers and Maneuver Actions
4 Testing Cyber Maneuvers
4.1 Pilot Study
5 Discussion
5.1 Limitations
5.2 Future Work
6 Conclusion
References
Studies on Usable Security in Intelligent Environments
A User Study to Evaluate a Web-Based Prototype for Smart Home Internet of Things Device Management
1 Introduction
2 Related Work
3 Design of an IoT Device Management System
3.1 Account Login
3.2 Device Categories Page
3.3 IoT Device Management Page
3.4 System Architecture
4 Methods
4.1 Study Overview
4.2 Study Procedure
4.3 Privacy and Convenience Constructs
4.4 Data Analysis Approach
4.5 The Prototype Usability Evaluation
4.6 Participant Recruitment and Demographics
5 Results
5.1 Privacy over Convenience (RQ1)
5.2 Differences in Privacy Control, Privacy Preferences, and Convenience Preferences (RQ2)
5.3 Participants' Evaluation of the Website Usability (RQ3)
6 Discussion
6.1 Smart Home IoT Trade-Offs Between Privacy and Convenience
6.2 Implications for the Design of Smart Home IoT Device Management Systems
6.3 Limitations and Future Work
7 Conclusion
A Appendix A
B Appendix B
References
What Makes IoT Secure? A Maturity Analysis of Industrial Product Manufacturersâ Approaches to IoT Security
1 Introduction
2 Related Work
3 Background: Studying IoT Security from a Maturity Perspective
3.1 Scoping Maturity: Developing a Theory of Change
4 Interviews: Exploring IoT Security in Practice
4.1 Semi-structured Interviews
4.2 Informants
4.3 Research Ethics
4.4 Coding and Analysis: Identifying Necessary Conditions
5 Results
5.1 Necessary Conditions for IoT Security Maturity
5.2 Maturity Analysis and Four Approaches to IoT Security
5.3 Challenges with IoT Security
6 Conclusion and Further Research
References
Users, Smart Homes, and Digital Assistants: Impact of Technology Experience and Adoption
1 Introduction
2 Background
2.1 Effect of Technology Experience
2.2 Comparison of Adopters and Non-adopters
2.3 Research Gap
3 Methodology
3.1 Recruitment
3.2 Participants
3.3 Survey
4 Results
4.1 Understanding of Data Collection
4.2 Addressing RQ1: Effect of Experience
4.3 Addressing RQ2: Difference Between Adopters and Non-adopters of Smart Home Devices
4.4 Post-hoc Analysis
5 Discussion
5.1 Answering RQ1
5.2 Answering RQ2
5.3 Relationship to Previous Work
5.4 Limitations
6 Conclusion
A Survey Questions
A.1 Understanding of Definitions
A.2 Demographics
A.3 Understanding of Data Collection
A.4 Perceived Protection of Data
A.5 Use of Protective Strategies
A.6 Technology Experience
A.7 Security and Privacy Concerns
References
Privacy in the Smart Household: Towards a Risk Assessment Model for Domestic IoT
1 Introduction
2 State of the Art
3 Methods
3.1 Initial Development
3.2 Testing and Improvements
4 Results
4.1 Guidelines
5 Discussion
6 Conclusion and Future Work
References
The Impact of the Covid-19 Pandemic on Cybersecurity
Demarcating the Privacy Issues of Aarogya Setu App in Covid-19 Pandemic in India: An Exploration into Contact Tracing Mobile Applications from Elaboration Likelihood Model
1 Introduction
2 Background of the Study
2.1 Indiaâs Aarogya Setu App
3 Literature Review
3.1 Perceived Risk with Mobile Userâs Permissions
3.2 Perceived Risk with Mobile Userâs Information Justification
3.3 Perceived Risks with Mobile App Popularity
3.4 Elaboration Likelihood Model (ELM)
4 Conceptual Framework
5 Research Implications and Conclusion
References
The Importance of Strengthening Legal Concepts in Overcoming Cybercrime During the Covid-19 Pandemic in Indonesia
1 Introduction
2 Literature Review
2.1 The Phenomenon of Cybercrime During the Covid-19 Pandemic
2.2 Legal Concepts in Cybercrime
3 Research Methods
4 Result and Discussions
4.1 The Phenomenon of Cybercrime During the Covid-19 Pandemic in Indonesia
4.2 The Importance of Strengthening Legal Concepts in Overcoming Cybercrime During the Covid-19 Pandemic in Indonesia
5 Conclusions
References
Exploration of Privacy, Ethical and Regulatory Concerns Related to COVID-19 Vaccine Passport Implementation
1 Introduction
2 Background
3 Review of Theoretical Models Underpinning Vaccine Passport Implementation
3.1 Implementing a Data Governance and Ethical Data Management Framework
3.2 Application of Health Belief Model in Vaccine Passport Implementation
4 Methodology
5 Key Opportunities and Challenges Associated with Vaccine Passport Implementation
6 Findings
7 Conclusion and Policy Implications
References
Attitudes Towards the Use of COVID-19 Apps and Its Associated Factors
1 Introduction
2 Literature Review
3 Method
4 Results
4.1 Privacy Concerns
4.2 Willingness
4.3 Attitudes Towards Privacy Protections
5 Discussion
6 Limitations and Future Works
References
Correction to: The Dimensionality of the Cyber Warrior
Correction to: Chapter âThe Dimensionality of the Cyber Warriorâ in: A. Moallem (Ed.): HCI for Cybersecurity, Privacy and Trust, LNCS 13333, https://doi.org/10.1007/978-3-031-05563-8_21
Author Index