Skip to content

Latest commit

 

History

History
113 lines (77 loc) · 6.43 KB

project.md

File metadata and controls

113 lines (77 loc) · 6.43 KB
Raw

Project

Description

You are required to complete a semester long project working in groups of two or three on topics related to usability security and privacy. While it is not necessarily required, it is expected that all projects have a user study that can either be qualitative or quantitative.

Preferences

While the decision of groups and projects is at the discretion of the instructor, you must submit a preference sheet that includes your preferred group members and your preferred topic. For topics, you should provide a rank order of three topics. Listing of group members will not be considered rank orders.

If you would like to work on a topic not listed below, you may propose a new topic to the instructor.

Proposals

Although a topic is assigned to you, you must still complete a proposal. Your proposal should include the following information:

  1. What research questions/hypothesis do you plan to address?
  2. What methods will you use in your investigate?
  3. What is your recruitment plan and target demographic?
  4. What is a timeline for your work?
  5. What are the ethical considerations?
  6. What is your analysis plan for any data you collect?

Following submission of your proposal, your group will schedule meetings with the instructor to get feedback and provide updates.

Ethics Review

As part of your project, you will be required to complete an IRB application based on the IRB submission forms at GW. As this project is for the purposes of education, not generalizable knowledge, we do not need IRB approval. However, we expect you to uphold the same standards as an IRB approved research. This includes:

  1. Treating all participants ethically and fairly
  2. Providing confidentiality linking personal information of participants to data.
  3. Informing participants that they are participating in a research project for a class.
  4. If deception was used, providing post-procedure information to participants.

Status Updates

You are required to provide one status update for your project. This should include all the same material as the proposal, but with substantive updates on work completed and any changes that occurred since submission.

Presentations

You will make two presentations about your project in class. The first is a "Lightening Talk" which will be a short 5 minute talk introducing the topic and your methods. This will enable all class members to learn about the work of everyone else.

The second presentation will be your final project presentation, which will be 15 minutes in length with 5 minutes of questions. These presentations should be inline with conference/workshop style presentations and provide some depth of the methods, analysis, and conclusions.

Project Schedule

  • 9/25: Preferences are due
  • 9/29: Project Proposals are due
  • 10/2-3:Proposal Feedback meetings (to be scheduled with the instructor)
  • 10/6: Ethics Documents (see slack)
  • 11/5: Project Status Updates due
  • 11/6-8: Status update meetings (to be schedule with the instructor)
  • 11/12: Lightning Talks (in class) -- present 5 minute descriptions of your work
  • 12/3: Project Presentations
  • 12/8: Final Project Reports

Grading

  • Final Report: 50%
  • Final Presentation: 20%
  • Lightening Talk: 5%
  • Ethics Document: 10%
  • Proposal: 10%
  • Status Update: 5%

Project Topics

Below is a non-exhaustive list of topics and some general research questions that you can use to build a proposal. You may also propose your own topics. Note that you will need to develop your own more specific research question and methods of investigation for your research.

  • Biometric Authentication

    • As more and more devices use biometrics, how does this new convenient method of authentication impact older, knowledge based methods of authentication?
    • Do people choose weaker PINs/Passwords if they have a biometric? What are people's opinions comparing biometrics with knowledge based authentication?

  • Digital Secret Sharing

    • Users want/need to share secrets online, such as a password or PII. If so tasked, how would they do it? Would they use email or text message or something else?
    • What are the threat models and security understanding of users when they share secrets online?

  • Security of Signal/Whatsapp/SMS

    • More and more users are using texting applications that provide end-to-end encryption. Do users user all these features? How do they understand the security provided?
    • Can two users properly establish secure channels using these apps?

  • Sharing of Venmo payments

    • What kinds of social payment sharing is acceptable and how do people make these choices?
    • What if you made people go back and look at their Venmo sharing history, what do they think? Is there anything they would want to make private?

  • Voice Assistants

    • Creepy or necessary? How do people understand and use voice assistant technology?
    • Voice assistants often record conversations even when users are not aware, but you can go a look at these recordings. How do people feel about these un-aware recordings?

  • Two Factor Authentication

    • It's clearly better, but what might stop users from using it?
    • If there is two-factor, do people end up making worse choices elsewhere because

  • Developer studies

    • Why do programmers write bad code? What if you asked a class of users to implement a security protocol, like password authentication, what goes wrong?

  • Privacy Policies

    • How well do users understand privacy policies online? For example, what if users were forced to read the Facebook or Google privacy policy? What would they understand? Would it make them change their behavior?
    • How well do users understand the GDPR and the standards?

  • Password Managers

    • Passwords are hard, password managers make it easier, but people don't use them as much as they should or use them incorrectly. Why? What are their thoughts and habits?
    • What if we asked users who weren't previously using a password manager to set one up? What do they do? How does it affect them?

  • Mobile Devices

    • It's smaller, more compact, and different interactions. This can affect security by changing the usability of the browser, for example, entering passwords. What kinds of interactions are affected by this interface? How can we measure them?
    • Creating passwords on mobile devices should be harder can we measure some of the interactions that affect that? For example, keyboard layout?