The design of cryptographic protocols can have a large impact on the human end user experience. Protocol designs can influence what actions end users can (or cannot) take, how well end users will understand a security system, and the nature of the interactions between people.
| Group Key Establishment | ||
| Paper | ||
|
Kuo, Cynthia, Ahren Studer, and Adrian Perrig. "Mind Your Manners: Socially Appropriate Wireless Key Establishment for Groups." To appear at the First ACM Conference on Wireless Network Security (WiSec '08), Alexandria, VA, March 31 - April 2, 2008. |
||
Pairwise Key Establishment |
||
| Paper | Poster | Presentation |
| Kuo, Cynthia, Jesse Walker, and Adrian Perrig. "Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup." Usable Security (USEC'07), Lowlands, Tobago, February 15 - 16, 2007. |
 |
 |
A typical phishing scam begins with an urgent message (often via email) from a consumer's "trusted" financial institution. The victim clicks on the link in the message and enters her personal information into an imposter website, known as a phishing site. Unfortunately, phishing messages and phishing sites are difficult (for humans) to distinguish from legitimate messages and web sites. Firefox Phishing Protection and Phoolproof Phishing Prevention automate the detection of phishing sites.
| Firefox Phishing Protection | ||
| Mozilla Website | Book Chapter | |
 |
Kuo, Cynthia, Bryan Parno, and Adrian Perrig. "Browser Enhancements for Preventing Phishing Attacks." In Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, ed. Markus Jakobsson and Steve Myers, Wiley-Interscience, 2007. |
|
Phoolproof Phishing Prevention |
||
| Paper | Poster | Bryan's Presentation |
| Parno, Bryan, Cynthia Kuo, and Adrian Perrig. "Phoolproof Phishing Prevention." In Proceedings of the 10th International Conference on Financial Cryptography and Data Security (FC’06), Anguilla, British West Indies, February 27 - March 2, 2006. |
|
|
Deploying cryptographic keys in a secure manner to sensor nodes is a prerequisite for secure sensor network operation. If the cryptographic keys are compromised during key setup, attackers can access the data transmitted — even if secure data communication protocols are used.
| Message-In-a-Bottle | ||
| Paper | Poster | Mark's Presentation |
| Kuo, Cynthia, Mark Luk, Rohit Negi, and Adrian Perrig. "Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes." In Proceedings of the ACM Conference on Embedded Networked Sensor System (SenSys 2007), Sydney, Australia, November 6 - 9, 2007. |
 |
 |
Observing human reactions to security technologies is the first step to improving them.
| Phrase Selection for Mnemonic Phrase-based Passwords | ||
| Paper | Presentation | |
| Kuo, Cynthia, Sasha Romanosky, and Lorrie Cranor. "Human Selection of Mnemonic Phrase-based Passwords." In Proceedings of the Symposium on Usable Privacy and Security (SOUPS 2006), Pittsburgh, PA, July 12 - 14, 2006. |
 |
|
Development of Wizard for 802.11 Network Configuration |
||
| Poster | Book Chapter | Presentation |
 |
Kuo, Cynthia, Adrian Perrig, and Jesse Walker. "Security Configuration for Non-experts: A Case Study in Wireless Network Configuration." To appear in Social and Human Elements of Information Security: Emerging Trends and Countermeasures, ed. Manish Gupta and Raj Sharman, Idea Group, 2008. |
 |
Adapting User Study Methods for Security |
||
| Magazine Article | Presentation | |
| Kuo, Cynthia, Adrian Perrig, and Jesse Walker. "Designing an Evaluation Method for Security User Interfaces: Lessons from Studying Secure Wireless Network Configuration." ACM <interactions> 13, issue 3 (May + June 2006): 28-31. |
 |
|
