The Praktikum Security, Usability and Society will cover topics both of usable security and privacy programming, and how to conduct user studies. To reserve a place, please, register on the WiWi portal and send an email with your chosen topic, plus a back-up one, to mattia.mossano@kit.edu . Topics are assigned first-come-first-served until all of them are filled. Topics in italics have already been assigned.

There are two rounds to apply:

Summer round closes on 16.07.2023. Assignment will be done by 17.07.2023 and confirmation must be received by 21.07.2023.
Autumn round opens 11.09.2023 and closes on 08.10.2023. Assignment will be done by 09.10.2023 and confirmation must be received by 13.10.2023.

Important dates:

Kick-off: 05.10.2023, 09:00 AM CET in Big Blue Button - Link

Report & code feedback deadline: 01.03.2024, 23:59 CET
Feedback on Report & code: 08.03.2024, 23:59 CET
Final report + code deadline: 15.03.2024, 23:59 CET

Presentation draft deadline: 15.03.2024, 23:59 CET
Feedback on presentation draft: 19.03.2024, 23:59 CET
Final presentation deadline: 22.03.2024, 23:59 CET

Presentation day: 29.03.2024, 09:00 CET

Topics:

Privacy Friendly apps

In this subject, students complete an app (or an extension of an app) among our Privacy-Friendly Apps. Please click the following link to know more about them: https://secuso.aifb.kit.edu/english/105.php . Students are provided with a point list of goals, containing both basic features mandatory to pass the course and more advanced ones that heighten the final grade.

Title: Notes 2.0
Number of students: 1 Bachelor
Description: Update und Vorbereitung zur Veröffentlichung der Notes 2.0-App.

Designing Security User studies

These topics are related to how to set up and conduct user studies of various types. Online studies, interviews and lab studies are possible. At the end of the semester, the students present a report / paper and a talk in which they present their methodologies and the results of small pre-studies.

Title: Designing User Studies for Evaluating Biometric Authentication Systems
Number of students: 1 Bachelor or Master level
Description: The proposed topic focuses on designing and implementing a user study methodology to evaluate the usability and user perception of biometric authentication systems. Biometric authentication involves using unique physiological or behavioral characteristics, such as fingerprints, facial recognition, or voice patterns, to verify a user's identity. The goal of this research is to understand the factors that affect the effectiveness and acceptance of biometric authentication and provide insights for designing user-friendly and secure biometric authentication systems.

Title: How useful are security advice given by ChatGPT?
Number of students: 1-2 Bachelor level
Description: ChatGPT is nowadays used for multiple reasons. One of them is to obtain advice on security decision, asking the program how to be best defend oneself. However, what are these advice based on? And more importantly, is the quality of the advice in line with the best practices or are they misleading? The goal of this topic is to design an expert study where various advice given by ChatGPT on security topics (e.g., password policies, phishing, etc.) are compared against the advice of experts. The results then need to be analysed and classified to determine the quality of ChatGPT advice.

Run Usable Security Studies and Results Analysis

These topics are related to run and analyse the results of user-studies. Online studies, interviews and lab studies are all possible, depending on the topic. At the end of the semester, the students present a report / paper with the analyses conducted and a talk in which they present the results.

Title: Phishing through homographic attacks in messengers and social networks
Number of students: 1-2 Bachelor or Master level
Description: The task will be to test three types of attacks in messengers and social networks that work in some email clients. First is the link mismatch attack, where the link text differs from the actual link target. Second is an attack in which the actual link target is disguised by URL encoding [https://en.wikipedia.org/wiki/URL_encoding], and finally homographic attacks which uses Internationalized Domain Names [https://en.wikipedia.org/wiki/IDN_homograph_attack], in which Latin characters are replaced by characters of a different alphabet in the domain name. The attacks are predefined, so no knowledge of phishing techniques is required.

Title: Usability Study of Mobile Authentication for Elderly Users with Rheumatoid Arthritis (English only)
Number of students: 1 Bachelor or Master level
Description: Authentication is an ever important topic, especially in the mobile context. However, it becomes even more relevant when considering accessibility to it. Nowadays, a common authentication method is using a PIN. Yet, given the low hand mobility of users affected by rheumatoid arthritis, sometimes using PINs can be difficult. In this topic, the student will conduct several sessions of an already designed lab study with various participants using arthritis simulation gloves to evaluate three PIN-pad interfaces aimed at making authentication more accessible. The study will also investigate the preferences of users regarding PIN-pad interfaces through drawings and proposals of changes. The student will then analyse the results through inferential statistics. Depending on the quality of the outcome, the results will then be published in a paper and the student will be added to the authors list.

This event counts towards the KASTEL certificate. Further information on how to obtain the certificate can be found on the SECUSO website (https://secuso.aifb.kit.edu/Studium_und_Lehre.php) .