Below you will find focus areas in the research field "Human-Centered Security and Privacy" for which we offer Bachelor's and Master's theses. For a specific topic and any questions about these focus areas, please contact the relevant person.

Public Security User Interfaces

The rapid development of digital technologies and the increasing threat of cybersecurity have led to a growing need for innovative security solutions in public spaces. One example of user interfaces that can improve security behavior are so-called Public Security User Interfaces. These are interfaces positioned in shared, non-personal areas that offer information or interactions on security-related topics. These interfaces play an important role in providing security information, improving situational awareness, and promoting secure behavior. The main goal of this research is to investigate the design, implementation, and impact of user interfaces that enhance security behavior, in order to facilitate the transition from cybersecurity awareness to habitual secure behavior.

The theses in this area deal with topics such as:

• Behavior analysis of user interaction with Public Security User Interfaces
• Personalization strategies to support secure behavior
• Selection of content and dynamic adaptation to the target group and contextual factors

Recommended knowledge and interests

• Knowledge in human-centered design
• Experience in conducting user studies
• Interest in conducting a thorough literature review
• Independent thinking and creative problem solving
• Optional: Interest in public display research

Contact

Interested students are asked to submit their CV, academic transcript, and intended start date.

Doruntina Murtezaj

Social Engineering

Cybercrime currently causes a global economic loss amounting to several trillion euros. According to expert analyses, up to 90% of these damages are a direct or indirect result of attacks in which the human element is at the center. Attackers exploit authority, fear, curiosity, or helpfulness with the goal of manipulating their victims to obtain sensitive data. Examples include phone calls to obtain user login credentials, emails containing malware attachments to gain access to protected networks, or deep fakes used to impersonate someone's identity.

Theses in this area address a variety of questions:

• How do people behave during social engineering attacks?
• How can social engineering attacks be detected?
• Which contextual factors facilitate social engineering attacks?
• How can user interfaces be developed to protect against social engineering attacks?

Recommended knowledge and interests

• Interest in human-centered attacks
• Knowledge of qualitative and/or quantitative research methods
• Interest in conducting a thorough literature review
• Independent thinking and creative problem solving

Contact

Interested students are asked to submit their CV, academic transcript, and intended start date.

Felix Dietz

Security and Privacy in Mixed Reality

Mixed reality devices are quickly finding their way into users’ daily lives, particularly in the form of head-mounted displays. Users can immerse themselves in virtual worlds or enrich the virtual world with physical content, supporting a wide range of applications in the areas of entertainment, work, education, and well-being. While these technologies support an ever-increasing number of features in the aforementioned areas, they also present challenges and create opportunities for security and privacy.

Theses in this area essentially deal with topics in the context of two general questions: (1) How can mixed reality solve existing challenges in terms of privacy and security? (2) What challenges in terms of privacy and security arise in the context of mixed reality, and how can these be addressed?

Recommended knowledge and interests

• Interest in VR/AR technology
• Knowledge of qualitative and/or quantitative research methods
• Interest in conducting a thorough literature review
• Willingness to learn, e.g., Unity

Readings | Literature

• Ethics Emerging: the Story of Privacy and Security Perceptions in Virtual Reality
  https://www.usenix.org/system/files/conference/soups2018/soups2018-adams.pdf
• Exploring the Unprecedented Privacy Risks of the Metaverse
  https://arxiv.org/pdf/2207.13176.pdf

Contact

Interested students are asked to submit their CV, academic transcript, and intended start date.

Verena Winterhalter

Viktorija Paneva

On-Body Security and Privacy Interfaces

The rapid integration of wearable sensors and head-mounted displays (HMDs) makes on-body computing increasingly relevant for security and privacy research. In this area, we focus on biometric authentication, privacy-preserving wearables, physiological sensing, and secure interaction paradigms for augmented reality (AR) and virtual reality (VR). Possible topics include the development of novel authentication methods for wearable devices, privacy-preserving approaches to continuous physiological monitoring, secure interaction concepts in AR and VR environments, and adaptive security/privacy mechanisms that enhance user trust and system reliability. By addressing current challenges and future opportunities, we aim to develop resilient, privacy-conscious, and user-friendly on-body systems that prioritize both security and seamless interaction experiences.

Recommended knowledge and interests

• Interest in wearables / hardware prototyping
• Knowledge of qualitative and/or quantitative research methods
• Interest in conducting a thorough literature review
• Willingness to learn (e.g., Unity)

Contact

Interested students are asked to submit their CV, academic transcript, and intended start date.

Oliver Hein

Tangible Security and Privacy User Interfaces

In the age of ubiquitous computing, users' IT security and privacy are at risk almost anytime. IT security and privacy assistants help users become aware of these risks and take appropriate measures to protect their data. However, these systems are often too complex, unintuitive, and not visually appealing. In order to enable even less technologically savvy or inexperienced individuals to use IT security and privacy assistants, such mechanisms must become tangible, i.e., physically manipulable and touchable by humans.

Recommended knowledge and interests

• Interest in Usable Security
• Knowledge in the field of Human-Computer Interaction and qualitative and/or quantitative research methods
• Independent thinking and creative problem solving
• For some projects: Interest in Fabrication (e.g., 3D modeling/printing, electronics, soldering)

Readings | Literature

• Take Your Security and Privacy Into Your Own Hands! Why Security and Privacy Assistants Should be Tangible https://dl.gi.de/handle/20.500.12116/37360
• Making Privacy Graspable: Can we Nudge Users to use Privacy Enhancing Techniques? https://arxiv.org/abs/1911.07701
• Privacy Itch and Scratch: On Body Privacy Warnings and Controls https://dl.acm.org/doi/10.1145/2851581.2892475
• Privacy Care: A Tangible Interaction Framework for Privacy Management https://dl.acm.org/doi/10.1145/3430506

Contact

Interested students are asked to submit their CV, academic transcript, and intended start date.

Sarah Delgado Rodriguez

Behavioral Biometrics

The use of biometric mechanisms—i.e., authentication based on unique features of a user's physiology or behavior—is a convenient and fast alternative to classical token- or knowledge-based authentication. Popular examples include fingerprint, facial recognition, or typing behavior biometrics. However, these systems typically rely on machine learning algorithms, making their decisions both difficult for the user to comprehend and subject to manipulation.

In this research area, we investigate novel approaches that enable users to understand and influence the results of biometric (black-box) systems, and develop new approaches with a focus on the user.

The following questions are particularly interesting:

• How can users explore and understand influences on the decision-making process of biometric systems?
• How can user interfaces for biometric systems be designed to more clearly communicate the robustness and accuracy of predictions?
• How can users influence how they are recognized, i.e., by changing their behavior?
• How can users be encouraged to exhibit more distinctive behavior?
• How can biometric authentication be embedded in natural interaction?

Concrete research approaches include, among others, investigating (real) user behavior (e.g., through observations, interviews, surveys) and designing, implementing, and evaluating novel security and privacy concepts.

Recommended knowledge and interests

• General interest in biometrics, authentication, and machine learning
• Knowledge of qualitative and/or quantitative research methods
• Solid programming skills (e.g., Python or Android)

Readings | Literature

• Comparing passwords, tokens, and biometrics for user authentication http://www.nikacp.com/images/10.1.1.200.3888.pdf
• An introduction to biometric recognition https://www.cse.msu.edu/~rossarun/pubs/RossBioIntro_CSVT2004.pdf
• Touch me once and I know it’s you! Implicit Authentication based on Touch Screen Patterns https://www.medien.ifi.lmu.de/pubdb/publications/pub/deluca2012chi/deluca2012chi.pdf

Example Thesis

Reauthentication Concepts for Biometric Authentication Systems on Mobile Devices

Contact

Interested students are asked to submit their CV, academic transcript, and intended start date.

Lukas Mecke