Linsner, Sebastian ; Demuth, Kilian ; Surminski, Sebastian ; Davi, Lucas ; Reuter, Christian (2024)
Building trust in remote attestation through transparency – a qualitative user study on observable attestation.
In: Behaviour & Information Technology, 2024
doi: 10.1080/0144929X.2024.2374889
Artikel, Bibliographie
Kurzbeschreibung (Abstract)
Internet of Things (IoT) devices have become increasingly important within the smart home domain, making the security of the devices a critical aspect. The majority of IoT devices are black-box systems running closed and pre-installed firmware. This raises concerns about the trustworthiness of these devices, especially considering that some of them are shipped with a microphone or a camera. Remote attestation aims at validating the trustworthiness of these devices by verifying the integrity of the software. However, users cannot validate whether the attestation has actually taken place and has not been manipulated by an attacker, raising the need for HCI research on trust and understandability. We conducted a qualitative study with 35 participants, investigating trust in the attestation process and whether this trust can be improved by additional explanations in the application. We developed an application that allows users to attest a smart speaker using their smartphone over an audio channel to identify the attested device and observe the attestation process. In order to observe the differences between the applications with and without explanations, we performed A/B testing. We discovered that trust increases when additional explanations of the technical process are provided, improving the understanding of the attestation process.
| Typ des Eintrags: | Artikel |
|---|---|
| Erschienen: | 2024 |
| Autor(en): | Linsner, Sebastian ; Demuth, Kilian ; Surminski, Sebastian ; Davi, Lucas ; Reuter, Christian |
| Art des Eintrags: | Bibliographie |
| Titel: | Building trust in remote attestation through transparency – a qualitative user study on observable attestation |
| Sprache: | Englisch |
| Publikationsjahr: | 11 Juli 2024 |
| Ort: | https://www.tandfonline.com/journals/tbit20 |
| Verlag: | Taylor & Francis |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | Behaviour & Information Technology |
| Jahrgang/Volume einer Zeitschrift: | 2024 |
| Kollation: | 21 Seiten |
| DOI: | 10.1080/0144929X.2024.2374889 |
| Kurzbeschreibung (Abstract): | Internet of Things (IoT) devices have become increasingly important within the smart home domain, making the security of the devices a critical aspect. The majority of IoT devices are black-box systems running closed and pre-installed firmware. This raises concerns about the trustworthiness of these devices, especially considering that some of them are shipped with a microphone or a camera. Remote attestation aims at validating the trustworthiness of these devices by verifying the integrity of the software. However, users cannot validate whether the attestation has actually taken place and has not been manipulated by an attacker, raising the need for HCI research on trust and understandability. We conducted a qualitative study with 35 participants, investigating trust in the attestation process and whether this trust can be improved by additional explanations in the application. We developed an application that allows users to attest a smart speaker using their smartphone over an audio channel to identify the attested device and observe the attestation process. In order to observe the differences between the applications with and without explanations, we performed A/B testing. We discovered that trust increases when additional explanations of the technical process are provided, improving the understanding of the attestation process. |
| Freie Schlagworte: | Usable security, remote attestation, user study, IoT, trust, security and privacy, usability in security and privacy, human-centered computing, empirical studies in HCI,S2, E7 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Kryptographie und Komplexitätstheorie 20 Fachbereich Informatik > Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche DFG-Graduiertenkollegs DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 29 Okt 2024 13:00 |
| Letzte Änderung: | 29 Okt 2024 13:00 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum