We are excited to announce that we have received two NSF grants supporting our research.
[Read More]The User-centric Security and Engineering Research Lab
Welcome to the home page for the User-centric Security and Engineering Research (USER) lab at the University of Tennessee, Knoxville (UTK). The USER lab sits at the intersection of cybersecurity, privacy, and usability research. We measure and evaluate the effectiveness of existing security solutions, explore mental models and perceptions related to cybersecurity and privacy, and build novel security technologies to improve the lives of users the world around. In contrast to most security research labs, our research group integrates HCI methods to ensure that we properly understand the needs of users and that the technologies we build meet real-world needs and are used correctly. Our research group's work has been published at top cybersecurity (IEEE S&P, USENIX Security, ACM CCS, NDSS) and top HCI (CHI, UIST, UbiComp) venues.
Research
Authentication
Users need robust authentication to secure their online accounts. We research two-factor authentication (e.g., Duo, YubiKey) and password managers, working to improve their security, utility, and usability.
IoT Security
Insecure IoT devices are everywhere. In our research, we investigate how to secure arbitrary IoT devices without needing to modify those devices.
Measurement
Measurements help establish how to best solve problems. We conduct a range of measurement and user studies, helping provide a deeper understanding of technical and sociotechnical phenomenon.
Phishing
We aim to better understand the phishing attacks and design more usable and secure anti-phishing defense mechanisms.
Secure Development
We aim to help developers create more secure, robust, and reliable software.
Usable Encryption
Users deserve to control their online data's security and privacy. In our group, we seek to build systems that all non-experts to use cryptography to protect their data.
Other Research
We also have research that doesn't fit cleanly into other categories. This includes work on Blockchain and secure software development.
Recent News
We are excited to announce that we have a paper accepted at CHI ‘22. “It Basically Started Using Me:” An Observational Study of Password Manager Usage. In this paper, we find that many users simultaneously use both a browser-based and a third-party manager, using each as a backup for the other, with this new paradigm having intriguing usability and security implications. Users also eschew generated passwords because these passwords are challenging to enter and remember when the manager is unavailable, necessitating new generators that create easy-to-enter and remember passwords. Additionally, the credential audits provided by most managers overwhelm users, limiting their utility and indicating a need for more proactive and streamlined notification systems. We also discuss mobile usage, adoption and promotion, and other related topics.
We just had two excellent presentations on our research given at ACSAC 2021! You can view these talks on their respective pages. First, The Emperor’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android. This paper examines the security of password autofill frameworks built into Android and iOS, finding significant issues with each. Second, Systematization of Password Manager Use Cases and Design Paradigms. This paper systematizes how users leverage password managers and how password managers are implemented to support those use cases. This is a critical paper for anyone looking to design user studies of password managers.