Event

The Praktikum Security, Usability and Society will cover topics both of usable security and privacy programming, and how to conduct user studies. To reserve a place, please, register on the WiWi portal and send an email with your chosen topic, plus a back-up one, to mattia.mossano@kit.edu . Topics are assigned first-come-first-served until all of them are filled. Topics in italics have already been assigned.

Application deadline    12.04.2024
Assignment                   15.04.2024
Confirmation deadline 19.04.2024

Important dates:

Kick-off:                                               17.04.2024, 09:00 AM CET in Big Blue Button - Link

Report & code feedback deadline:  26.07.2024, 23:59 CET
Feedback on Report & code:            16.08.2024, 23:59 CET
Final report + code deadline:            01.09.2024, 23:59 CET

Presentation draft deadline:             06.09.2024, 23:59 CET
Feedback on presentation draft:     13.09.2024, 23:59 CET
Final presentation deadline:             17.09.2024, 23:59 CET

Presentation day:                               18.09.2024, 09:00 CET

Topics:

Privacy Friendly Apps

In this area, students complete an app (or an extension of an app) among our Privacy-Friendly Apps. Please click the following link to know more about them:  https://secuso.aifb.kit.edu/english/105.php . Students are provided with a point list of goals, containing both basic features mandatory to pass the course and more advanced ones that heighten the final grade.

Title: NoPhish App
Number of students: 2 Ba/Ma
Description: The NoPhish app was one of the first measures from the NoPhish concept. The app has been around for a long time and has not been updated since then. Accordingly, the task of the project is to make the app functional for the current Android version. The app is also to be optimised so that updates, e.g. new chapters, can be added easily.

Programming Usable Security Intervention

In this subject, students develop a part of coding, an extension, or another programming task dealing with various usable security interventions, e.g. as an extension like TORPEDO (  https://secuso.aifb.kit.edu/english/TORPEDO.php  ) or PassSec + (  https://secuso.aifb.kit.edu/english/PassSecPlus.php  ). Just as before, students are provided with a point list of goals, containing both basic features mandatory to pass the course and more advanced ones that heighten the final grade.

Title: Hacking TORPEDO
Number of students: 1-2 Ba/Ma
Description: TORPEDO has existed for many years both as a Thunderbird add-on and as a web extension. TORPEDO is intended to help address various forms of phishing attacks and thereby protect the user, e.g. against various manipulations of the domain or additional tooltips. However, no targeted attacks on TORPEDO have yet been found. The aim of the work is to subject TORPEDO to a stress test and also to develop attacks that specifically target the implementation of TORPEDO.

Run Usable Security Studies and Results Analysis

These topics are related to run and analyse the results of user-studies. Online studies, interviews and lab studies are all possible, depending on the topic. At the end of the semester, the students present a report / paper with the analyses conducted and a talk in which they present the results.

Title: Visualization of Eye Gaze Patterns during Authetication Tasks
Number of students: 1 Ba/Ma
Description: In this project, students will analyze and visualize eye gaze data collected during two specific authentication tasks: the Dot Task and the Slider Task. The primary objective is to represent subjects' eye movements visually, enhancing the understanding of gaze patterns during the authentication process. *Dot Task Visualization:* For the Dot Task, participants were instructed to focus on a sequence of dots displayed on a screen. The dataset includes the positions of these dots and the corresponding gaze locations of the subjects. The student's task is to create a dynamic visualization that not only represents these positions accurately but also illustrates the sequence in which the dots were focused on by the subjects. *Slider Task Visualization:* The Slider Task involved presenting participants with a series of images, for which both the images' locations on the screen and the subjects' gaze locations are recorded. The challenge is to develop a heatmap visualization based on this data, effectively demonstrating the concentration and dispersion of gaze points across different images.

Title: Compare BSI Phishing Game with the NoPhish Game
Number of students: 1 Ba
Description: The NoPhish app, one of the first implementations of the NoPhish concept, is a form of serious game. The BSI has also developed a game in the field of phishing. Both "games" use different approaches to impart knowledge from the same context. The aim is to evaluate the two games in terms of similarities and differences.

Title: Phishing Advice from Organizations (English Only)
Number of students: 1 Ba
Description: Many companies distribute information on how to recognise phishing via various channels such as e-mails, e.g. Amazon or Telekom. The question arises as to how helpful these tips are in reality. Are they too specific to the context of the company or so abstractly formulated that they are of no real help to users? The aim of the work is to collect various hints and then compare them with the hints of the NoPhish concept in order to find differences and similarities between the hints and the concept.

Title: Chatbots for Literature Reviews
Number of students: 1 Ba
Description: Chatbots are becoming increasingly popular and are already being used in various areas. But in what form can these bots be used for science? The variety of chatbots also raises the question of whether there are chatbots that are better suited to a scientific context. The aim is to identify a selection of chatbots and evaluate them in terms of their effectiveness for future literature research. To this end, the results of the chatbots will be compared with the ACM database in order to check their effectiveness for finding literature for a specific period of time.

Title: Phishing through homographic attacks in messengers and social networks
Number of students: 1-2 Ba/Ma
Description: The task will be to test three types of attacks in messengers and social networks that work in some email clients. First is the link  mismatch attack, where the link text differs from the actual link target. Second is an attack in which the actual link target is disguised by URL encoding [https://en.wikipedia.org/wiki/URL_encoding], and finally homographic attacks which uses Internationalized Domain Names [https://en.wikipedia.org/wiki/IDN_homograph_attack], in which Latin characters are replaced by characters of a different alphabet in the domain name. The attacks are predefined, so no knowledge of phishing techniques is required.

Title: Usability Study of Mobile Authentication for Elderly Users with Rheumatoid Arthritis (English only)
Number of students: 1 Ba/Ma
Description: Authentication is an ever important topic, especially in the mobile context. However, it becomes even more relevant when considering accessibility to it. Nowadays, a common authentication method is using a PIN. Yet, given the low hand mobility of users affected by rheumatoid arthritis, sometimes using PINs can be difficult. In this topic, the student will conduct several sessions of an already designed lab study with various participants using arthritis simulation gloves to evaluate three PIN-pad interfaces aimed at making authentication more accessible. The study will also investigate the preferences of users regarding PIN-pad interfaces through drawings and proposals of changes. The student will then analyse the results through inferential statistics. Depending on the quality of the outcome, the results will then be published in a paper and the student will be added to the authors list.

This event counts towards the KASTEL certificate. Further information on how to obtain the certificate can be found on the SECUSO website (https://secuso.aifb.kit.edu/Studium_und_Lehre.php) .