| Speaker Affiliation | Rheinische Friedrich-Wilhelms-Universität Bonn |
| Start | 02.03.2015, 11:30 Uhr |
| Location | TU Braunschweig, Informatikzentrum, Mühlenpfordtstraße 23, 1. OG, Hörsaal M 160 |
| Invited by | Prof. Dr. Rüdiger Kapitza |
| Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the secure system or even migrate to a less secure but more user-friendly system. Problems with usability have been a major contributing factor in many recent high-profile security failures. The research domain of usable security and privacy addresses these problems. However, the main focus of researchers in this field has been on the “non-expert” end-user, neglecting the system’s side of the problem. After situating this issue in the context of current research, I will present my work on usable system security. The examples used will include TLS, passwords and secure messaging to illustrate how system security must take the human factor into account if improvements are to be made. I will show how identifying and resolving TLS usability problems, which affect millions of devices, have allowed me, together with my team, to first gain access to and then protect credentials for amongst others: American Express, Diners Club, Paypal, various banks and email providers, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, and IBM Sametime servers. I will also describe how API usability problems led all Android password managers to leak the very passwords they were supposed to protect; and how cryptographic protocol design affects the usability of secure messengers. Finally, I will present a roadmap of how to push the frontiers of systems security and establish the centre of usable systems security research at the TU-Braunschweig. Bio: Matthew Smith is a Professor for Usable Security and Privacy at the Rheinische Friedrich-Wilhelms-Universität Bonn, Germany. He completed his studies of Computer Science & Electrical Engineering at the University of Siegen, Germany, with distinction. Subsequently he was a full time researcher at the Philipps Universität Marburg, Germany, where he completed his PhD in 2008, also with distinction. In 2009, he was awarded the PhD Prize for outstanding innovation by the Gesellschaft zur Förderung des Forschungstransfers (GFFT e.V.). From 2009 to 2013 he was a Professor at the Leibniz Universität Hannover. His research is focused on human factors of security and privacy mechanisms with a wide range of application areas, including TLS and network security, authentication, mobile and app security and, most recently, usable security for developers and administrators. His work has been published at top-tier conferences including IEEE S&P, ACM CCS, NDSS, PETS and ACM SIGCHI, as well as specialist conferences such as SOUPS and USEC. He has served on the program committees of IEEE S&P, ACM CCS, SOUPS, USEC and ACM SIGCHI and has held chair positions at ACM CCS, NDSS, WWW, SOUPS, USEC and IEEE Big Data. | |