Researcher: Lorrie Cranor
Research Area: Privacy Protection
Cross Cutting Thrusts: Usable Privacy and Security
We plan to systematically study the effectiveness of cyber trust indicators and develop approaches to making these indicators most effective. We will develop evaluation methodologies based on security and human factors criteria, ground in both systems security and warnings science. We plan to use the results of our studies to develop design patterns that will be applicable to a variety of cyber trust scenarios. We propose to focus our work on four relatively narrow areas, selected to represent a variety of current challenges related to web commerce.
1) Evaluate approaches to providing privacy notices to users through icons linked to automatically-generated privacy reports (based on our previous work with Privacy Bird and Privacy Finder.)
2) Evaluate approaches to warning end users about suspected but unconfirmed threats such as phishing attacks and develop a set of design patterns for maximizing the effectiveness of such warnings.
3) Evaluate approaches to using warning and notice indicators in conjunction with the SSL-protocol to inform web users about the authenticity of web sites and whether transmitted data is being encrypted.
4) Evaluate approaches to using stale indicators in mutual authentication protocols (for example, web sites displaying secret images on a user's login screen) and determine the effectiveness of these approaches.