Marco Ghiglieri

SecLab: An Innovative Approach to Learn and Understand Current Security and Privacy Issues

Security and privacy are crucial for all IT systems and services. The diversity of applications places high demands on the knowledge and experience of software developers and IT professionals. Besides programming skills, security and privacy aspects are required as well and must be considered during development. If developers have not been trained in these topics, it is especially difficult for them to prevent problematic security issues such as vulnerabilities. In this work we present an interactive e-learning platform focusing on solving real-world cybersecurity tasks in a sandboxed web environment. With our platform students can learn and understand how security vulnerabilities can be exploited in different scenarios. The platform has been evaluated in four university IT security courses with around 1100 participants over three years.

PriMSED - Privacy-friendly measurement of Smart Entertainment Devices

Smart Entertainment Devices (SEDs) are a subclass of Consumer Electronics (CE) devices and can be found in almost every household. SEDs have interfaces to communicate with other parties, e.g., other SEDs in the local network, third parties in the Internet or vendors. Examples of SEDs are Smart TVs, Bluray players, gaming consoles and many more. It becomes more important for vendors and third parties to get detailed information how, and in which environment, devices are used. Vendors could process such data so that the improvement process of SEDs or products related to SEDs can be optimized. Advertisement companies, for example, can use the data to personalize the content delivered to SEDs in order to improve their revenues. In the context of TVs, audience measurement systems are used to determine how many people are watching a specific TV program. Those systems are not able to collect environment information, e.g., in which configuration a SED is used, how many devices are deployed in a household or which devices are used in parallel. Furthermore, consumers cannot see which data is gathered by the audience measurement systems and then transferred to the companies. In this work, we show a concept and a prototype implementation how SEDs can be measured including environment information. We discuss technical requirements needed for accurate measurement and an approach to present the data in an understandable way to consumers. They have the possibility to limit the data shared with third parties or the vendors. Moreover, we give some methods to prevent privacy issues while sharing data with other parties. Finally, we provide an outlook how our concept and implementation can be further improved.

LEARNING TO RECOGNIZE MISSING E-MAIL ATTACHMENTS

Forgotten attachments of E-mail messages are a common and obnoxious problem. Several E-mail readers provide plug-ins that attempt to tackle this problem by trying to guess whether a message needs an attachment and warn the user in case she or he does not attach a file to such a message. However, these approaches essentially only work with a fixed list of keywords, which trigger such a warning whenever they occur in a message. In this article, we try conventional machine learning techniques, which have been previously shown to work well for related problems such as spam mail filtering, on this new problem. Our results show that they work very well, clearly outperforming simple keyword-based approaches. The software is available as plug-in for the Thunderbird E-mail reader.

Human Factors in Security

Das Kapitel gibt eine Einfuhrung in das Thema „Human Factors in Security“ mit Fokus auf den Endanwender. Dabei wird zunachst das Problem allgemein eingefuhrt und an den konkreten Beispielen „E-Mail-Verschlusselung“, „HTTPS-Verbindungen im Internet“ sowie „Passworter“ beschrieben und diskutiert. Anschliesend werden allgemeine Losungsansatze basierend auf „Human Centered Security by Design“ vorgestellt, sowie einige methodische Beispiele genannt. Besondere Herausforderungen im Vergleich zu „Human Centered Design“ werden vorgestellt und einige Beispiele aus der Praxis im Bereich „Human Centered Security by Design“ vorgestellt und diskutiert.

Exploring Consumers’ Attitudes of Smart TV Related Privacy Risks

A number of privacy risks are inherent in the Smart TV ecosystem. It is likely that many consumers are unaware of these privacy risks. Alternatively, they might be aware but consider the privacy risks acceptable. In order to explore this, we carried out an online survey with 200 participants to determine whether consumers were aware of Smart TV related privacy risks. The responses revealed a meagre level of awareness. We also explored consumers’ attitudes towards specific Smart TV related privacy risks.