The 5th European Workshop on Usable Security
June 15, 2020 September 7, 2020 - Genova, Italy Online

June 19 updates: As previously announced, the 2020 IEEE European Symposium on Security and Privacy (EuroS&P) and all co-located workshops, including EuroUSEC 2020, have been rescheduled to September 7-11, 2020, with EuroUSEC being held on September 7th. While originally scheduled to take place in Genova, Italy, it was recently announced that EuroS&P and all associated workshops will be held entirely online on the scheduled days.

This year saw a record number of 44 unique submissions across the two submission deadlines offered. A total of 18 papers (6 submitted to the first deadline and 12 submitted to the second) have been accepted. As the authors submit their final versions in the coming days, we will update this website to contain PDFs of all accepted papers and a timeline/full schedule of the workshop day. Registration for EuroUSEC will be handled as part of the EuroS&P registration process (we are a pre-conference workshop). At the time we are writing this, the online registration system has not yet opened.

COVID-19 Update (May 17): As previously announced, the 2020 IEEE European Symposium on Security and Privacy and all co-located workshops, including EuroUSEC 2020, have been rescheduled to September 7-11, 2020 in Genova, Italy. Due to the global pandemic and the workshop being rescheduled, we are continuing to offer a second submission deadline that requires mandatory paper registration by June 2nd, 2020, with paper submission by June 5th, 2020. The submission system is now open for the June deadline. For reference, 6 of the 19 submissions to our first deadline were accepted.

As with the organizers of most events, we are closely monitoring the evolution of the pandemic. While the event is still scheduled to be held in person in September as of now, we are also making contingency plans. If the event is indeed held in person, we will offer the opportunity for remote presentations and remote attendance. That is, anyone who does not feel comfortable attending in person will be able to attend virtually. If it becomes clear that it is infeasible to hold an event in person, we would decide to hold a synchronous remote workshop on the scheduled day, though we have not yet made such a decision.


March 17th update: We have confirmed that papers accepted through our supplemental deadline in June will also be published through IEEE. We have received 19 submissions to the first deadline, and we are looking forward to receiving additional submissions to the supplemental deadline.


The 2020 IEEE European Symposium on Security and Privacy (including EuroUSEC 2020 and all other co-located workshops) is being rescheduled to September 7-11, 2020 in Genova, Italy. IEEE has been monitoring the developing COVID-19. The safety and well-being of IEEE European Symposium on Security and Privacy 2020 conference participants is our priority. After studying and evaluating the announcements, guidance, and news released by relevant national departments, we are rescheduling the conference dates from June 16-18, 2020 in Genova, Italy to September 7-11, 2020 in Genova, Italy. We thank you for your understanding.


March 12th update: We know that the worldwide COVID-19 situation is causing stress and disruption for many of you. We have decided to announce that we will be offering a second submission deadline for EuroUSEC 2020 on June 5th, 2020. Papers submitted to the first deadline (March 16th) will continue to receive decisions and publication on the originally announced schedule. This second deadline is a supplemental deadline for authors whose plans to submit to the original deadline have been disrupted. Papers accepted to the first deadline will continue to be published through IEEE. Since we have not yet received confirmation from IEEE or the EuroS&P chairs that the later publication schedule is permissible, we cannot guarantee that papers accepted through the second deadline will also be published through IEEE. If they do not grant our request, we will find a publisher of comparable stature (i.e., one whose publications are indexed by a major academic portal) to publish the additional proceedings. In all cases, we will publish preprints (with authors' permission) on this website.



The European Workshop on Usable Security (EuroUSEC) serves as a European forum for research and discussion in the area of human factors in security and privacy. EuroUSEC 2020 will be co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020) and will be held in Genova, Italy online on June 15, 2020 September 7, 2020.

EuroUSEC solicits previously unpublished work offering novel research contributions or clearly articulated research visions in any aspect of human-centered security and privacy. The aim of this workshop is to bring together an interdisciplinary group of researchers and practitioners in human-computer interaction, security, and privacy. Participants are researchers, practitioners, and students from domains including computer science, engineering, psychology, the social sciences, and economics.



Program (September 7th, 2020)

The program will feature presentations of 18 papers accepted to EuroUSEC 2020 (out of 44 unique submissions), in addition to a participatory activity in small groups. This combination supports the workshop's spirit of having meaningful, forward-looking discussions among workshop attendees. The program will be single-track. To best balance the schedules of authors from around the world, we have chosen to start at 14:30 CEST (Central European Summer Time). This start time corresponds to 13:30 BST (British Summer Time), 17:30 PKT (Pakistan Standard Time), 8:30am EDT (US Eastern), 7:30am CDT (US Central), and 5:30am PDT (US Pacific). As much as possible, we have intentionally scheduled presentations from European authors earlier in the workshop and presentations from North American authors later. Note that the workshop is being held on Labor Day in the US, which is an unfortunate consequence of all EuroS&P events being shifted from the dates we originally chose.

14:30 – 14:40 CEST
Opening Remarks
Blase and Peter will provide short opening remarks about the workshop's history, this year's logistics, and the goals for the day.

14:40 – 15:25 CEST
Paper Session: Privacy and Data Protection
14:40 – 14:55
A Cross-Platform Evaluation of User Online Privacy [PDF]
Maryam Mehrnezhad (Newcastle University)
14:55 – 15:10
Data Sharing in Mobile Apps — User Privacy Expectations in Europe [PDF]
Nils Quermann (Ruhr-Universitat Bochum), Martin Degeling (Ruhr-Universitat Bochum)
15:10 – 15:25
GDPR Reality Check – Claiming and Investigating Personally Identifiable Data from Companies [PDF]
Fatemeh Alizadeh (University of Siegen); Timo Jakobi (University of Siegen); Alexander Boden (Fraunhofer Institute for Applied Information Technology); Gunnar Stevens (University of Siegen); Jens Boldt (University of Siegen)

15:25 – 15:30 CEST
Coffee Break (caffè normale)

15:30 – 16:15 CEST
Paper Session: Advice and Education
15:30 – 15:45
Analysis of Publicly Available Anti-Phishing Webpages: Contradicting Information, Lack of Concrete Advice and Very Narrow Attack Vector [PDF]
Mattia Mossano (Karlsruhe Institute of Technology), Kami Vaniea (University of Edinburgh), Lukas Aldag (Karlsruhe Institute of Technology), Reyhan Duzgun (Karlsruhe Institute of Technology), Peter Mayer (Karlsruhe Institute of Technology), Melanie Volkamer (Karlsruhe Institute of Technology)
15:45 – 16:00
Investigating Teenagers' Ability to Detect Phishing Messages [PDF]
James Nicholson (Northumbria University), Yousra Javed (National University of Sciences and Technology), Matt Dixon (Northumbria University), Lyne Coventry (Northumbria University), Opeyemi Dele Ajayi (Northumbria University), Philip Anderson (Northumbria University)
16:00 – 16:15
Do Women in Conservative Societies (Not) Follow Smartphone Security Advice? A Case Study of Saudi Arabia and Pakistan [PDF]
Elham Al Qahtani (UNC Charlotte), Yousra Javed (National University of Sciences & Technology), Heather Lipford (UNC Charlotte), Mohamed Shehab (UNC Charlotte)

16:15 – 16:25 CEST
Coffee Break (caffè doppio)

16:25 – 17:15 CEST
Participatory Group Activity
Workshop attendees who are willing to participate will be assigned to small-group breakout rooms. Each group will engage in participatory ideation about the future of usable security and privacy within a particular focus area.

17:15 – 18:05 CEST
Paper Session: Visions of the Future
17:15 – 17:25
Vision: I Don't Want to Use My Phone! A Cognitive Walkthrough for YubiKeys [PDF]
Claudia Bischoff (University of Bonn); Eva Gerlitz (Fraunhofer FKIE); Matthew Smith (University of Bonn / Fraunhofer FKIE)
17:25 – 17:35
Vision: Investigating Web API Developer Experience in Relation to Terms of Service and Privacy Policies [PDF]
Aidah Ichario (Heriot-Watt University), Manuel Maarek (Heriot-Watt University)
17:35 – 17:45
Vision: Shred If Insecure – Persuasive Message Design as a Lesson and Alternative to Previous Approaches to Usable Secure Email Interfaces [PDF]
Jan Tolsdorf (TH Köln - University of Applied Sciences); Luigi Lo Iacono (Hochschule Bonn-Rhein-Sieg)
17:45 – 17:55
Vision: What If They All Die? Crypto Requirements For Key People [PDF]
Chan Nam Ngo (University of Trento); Daniele Friolo (Sapienza University of Rome); Fabio Massacci (University of Trento); Daniele Venturi (Sapienza University of Rome); Ettore Battaiola (Cassa Centrale Banca)
17:55 – 18:05
Vision: Why Johnny Can't Configure Smart Home? A Behavioural Framework for Smart Home Privacy Configuration [PDF]
Joseph Shams (King's College London), Nalin A. G. Arachchilage (La Trobe University), Jose M. Such (King's College London)

18:05 – 18:40 CEST
Meal Break

18:40 – 19:40 CEST
Paper Session: Usable Crypto and Fintech
18:40 – 18:55
Simulating the Effects of Social Presence on Trust, Privacy Concerns & Usage Intentions in Automated Bots for Finance [PDF]
Magdalene Ng (Newcastle University), Kovila P.L. Coopamootoo (Newcastle University), Ehsan Toreini (Newcastle University), Mhairi Aitken (Newcastle University), Karen Elliot (Newcastle University), Aad van Moorsel (Newcastle University)
18:55 – 19:10
Cash, Cards or Cryptocurrencies? A Study of Payment Culture in Four Countries [PDF]
Karoline Busse (University of Bonn), Mohammad Tahaei (University of Edinburgh), Katharina Krombholz (CISPA Helmholtz Center for Information Security), Emanuel von Zezschwitz (University of Bonn), Matthew Smith (University of Bonn/Fraunhofer FKIE), Jing Tian (Zhejiang University), Wenyuan Xu (Zhejiang University)
19:10 – 19:25
Improving Non-Experts' Understanding of End-to-End Encryption: An Exploratory Study [PDF]
Wei Bai (University of Maryland), Michael Pearson (University of Maryland), Patrick Gage Kelley (Google), Michelle L. Mazurek (University of Maryland)
19:25 – 19:40
Making Encryption Feel Secure: Investigating how Descriptions of Encryption Impact Perceived Security [PDF]
Verena Distler (University of Luxembourg); Carine Lallemand (University of Luxembourg / Eindhoven University of Technology); Vincent Koenig (University of Luxembourg)

19:40 – 19:45 CEST
Coffee Break (caffè normale)

19:45 – 20:30 CEST
Paper Session: Perceptions and Experiences
19:45 – 20:00
End User and Expert Perceptions of Threats and Potential Countermeasures [PDF]
Simon Anell (CISPA Helmholtz Center for Information Security), Lea Grober (CISPA Helmholtz Center for Information Security), Katharina Krombholz (CISPA Helmholtz Center for Information Security)
20:00 – 20:15
"Security Should Be There By Default": Investigating How Journalists Perceive and Respond to Risks From the Internet of Things [PDF]
Anjuli R. K. Shere (University of Oxford); Jason R. C. Nurse (University of Kent); Ivan Flechais (University of Oxford)
20:15 – 20:30
Tech Pains: Characterizations of Lived Cybersecurity Experiences [PDF]
Huixin Tian (Indiana University Bloomington), Chris Kanich (University of Illinois, Chicago), Jason Polakis (University of Illinois, Chicago), Sameer Patil (Indiana University Bloomington)

20:30 – 21:00 CEST
Closing
We will reflect on the day's workshop, discuss the future directions of the workshop, and say farewell.

 



Registration

The workshop is co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020). Due to the current pandemic, the workshop will be held virtually on the Zoom platform. We ask that EuroUSEC attendees follow a three-step registration process:

  • Step 1: As EuroUSEC 2020 is co-located with EuroS&P 2020, there is a combined registration process. The registration cost of € 61 grants access not just to EuroUSEC, but also to the EuroS&P main conference and other post-conference workshops. Please register here. Note, however, that at least one author per EuroUSEC 2020 paper must register in the "Workshop Author" category with the higher fee of € 189. The EuroS&P main conference organizers will provide the relevant Zoom link at some point after you register.
  • Step 2: Because the official EuroS&P registration process does not ask registrants to indicate intentions about workshop attendance and because we require additional information, we have also created an informal registration survey specific to the EuroUSEC 2020 workshop. This survey lets us gauge the expected attendance, pre-assign discussion groups, and learn who's presenting each paper.
  • Step 3: Upon informal registration (Step 2), you will receive an invitation link to our Slack instance, which you can only join with the invitation link. When you join, please head over to the "introductions" channel and say hello to everyone!
Please follow all three steps to help everyone fully engage in the workshop.

 



Workshop Logistics

The workshop itself will be held on Zoom (the link is provided from the EuroS&P organizers after you register). You will be muted upon entry; please stay muted except when speaking. To facilitate interaction, we will be discussing papers primarily on our Slack instance. To make the most of each Q&A session, please ask your questions in Slack (e.g., by typing "Question for Peter: Why did you..."). The moderator for that session will ask the question out loud to the speaker. Please feel encouraged to write questions while the presentation is ongoing so that we have a few questions queued up as soon as the presentation finishes. If someone else asks a question that you find especially interesting, please "emoji react" to it. We will prioritize questions with more reactions. While we realize that it is less personal to have a moderator give voice to each question, we found during SOUPS 2020 that this approach actually maximizes interaction. As a presenter, please follow up with any unanswered questions on Slack and continue the discussion after you've finished speaking!

To the extent you feel comfortable, please consider leaving your video feed on as you attend so that presenters aren't just looking out at a sea of empty boxes. No worries at all if logistics or preference make this impossible.

Social Contract

To make the workshop as effective as possible for everyone, we ask that all participants commit to our social contract:

  1. Engage and actively participate (to the degree you feel comfortable) with each talk.
  2. Be sure your feedback is constructive, forward-looking, and meaningful.
  3. The usable security & privacy has earned a reputation for being inclusive and welcoming to newcomers; please keep it that way.
  4. We encourage attendees to aim to meet at least three new people from this year's workshop.
  5. We strongly encourage tweeting under the hashtag "#EuroUSEC20" and otherwise spreading the word about work you find exciting at the workshop. However, please do not record the workshop itself or further distribute comments made on our Slack instance.

Instructions for Presenters

Each research-track paper has been allocated 15 minutes total, which should consist of a 7.5-minute talk and 7.5-minute Q&A session. Each vision-track paper has been allocated 10 minutes total, which should consist of a 5-minute talk and 5-minute Q&A session. To promote an interactive atmosphere, we have chosen to have live presentations, not pre-recorded videos. At the beginning of each session, we will promote all speakers to a Zoom role in which screen-sharing is enabled. When we announce the final question for the preceding session, the subsequent speaker should share their screen and get ready to present. For speakers who have not presented on Zoom before, we will offer a short (optional) training session the week before the workshop.




Call for Papers

We invite you to submit a paper and join us at the EuroUSEC workshop, which will be held on June 15, 2020 September 7, 2020 in Genova, Italy online. The workshop will be co-located with the 5th IEEE European Symposium on Security and Privacy (EuroS&P). The EuroUSEC 2020 website is at https://eusec20.cs.uchicago.edu

We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches.

We accept both longer papers on mature/completed work in a research track, as well as shorter papers on work in progress or work that has yet to begin in a vision track. This decision to accept both types of submissions, which started with EuroUSEC 2019, aims to include researchers at all stages of their career and at all stages of their projects. We especially encourage submissions to the vision track.

Topics include, but are not limited to:

  • innovative security or privacy functionality and design
  • new applications of existing models or technology
  • field studies of security or privacy technology
  • usability evaluations of new or existing security or privacy features
  • security testing of new or existing usability features
  • longitudinal studies of deployed security or privacy features
  • studies of administrators or developers and support for security and privacy
  • psychological, sociological, and economic aspects of security and privacy
  • the impact of organizational policy or procurement decisions
  • methodologies for usable security and privacy research
  • lessons learned from the deployment and use of usable privacy and security features
  • reports of replicating previously published studies and experiments
  • reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience

We have observed that the most effective workshops are those that encourage discussion between attendees. Each paper presentation will be followed by about 15 minutes of discussion to promote engagement and helpful feedback.

For accepted papers, at least one author must attend the workshop.



Important Dates

Paper submission deadline:    Monday, March 16, 2020 (Anywhere on Earth)
Notification:Sunday, April 12, 2020
Camera ready:Friday, April 24, 2020 (encouraged for quicker dissemination), Wednesday, June 24, 2020 (required by IEEE)
        
Supplemental deadline due to COVID-19:
Paper registration deadline (mandatory):    Tuesday, June 2, 2020 (Anywhere on Earth)
Paper submission deadline:Friday, June 5, 2020 (Anywhere on Earth)
Notification:Thursday, June 18, 2020
Camera ready:Wednesday, June 24, 2020
        
Workshop:Monday, June 15, 2020  Monday, September 7, 2020 from 14:30 – 21:00 CEST



Submission Instructions

Papers must be written in English and must be anonymized for review. Please refer to your own related work in the third person, as though someone else had written it. This requirement also applies to data sets and artifacts. (For example, "We received data from the authors of Smith et al. [31] that we reused for this experiment.") Do not blind citations except in extraordinary circumstances.

In keeping with IEEE guidelines, all submissions must be original work. Authors must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed. Serious infringements of these policies may cause the paper to be rejected from publication and the authors put on a warning list, even if the paper is initially accepted by the program committee. Contact the workshop chairs if there are questions about this policy.

Following the requirements of the main conference, papers must be typeset in A4 format (not "US Letter") using the IEEE conference proceeding LaTeX template we supply (eurosp-2020-template.zip) or the IEEE Word template (conference-template-a4.docx). We suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied, and then write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Research Track: The research track is intended to report on more mature work that has been completed. The goal of the workshop's research track is to disseminate results of interest to the broader usable security and privacy community. Papers must be up to 10 pages in length including the bibliography. Authors have the option to attach to their paper supplementary appendices containing study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise fit within the body of the paper. Reviewers are not required to read any appendices, so your paper should be self-contained without them. Accepted papers will be published on the workshop website as pre-prints with their supplementary appendices included, but will be published in IEEE Xplore without these supplemental appendices.

Vision Track: The vision track is intended to report on work in progress or concrete ideas for work that has yet to begin. The focus in the vision track is to spark discussion with the goal to provide the authors helpful feedback, pointers to potentially related investigations, and new ideas to explore. Suitable submissions to the vision track include traditional work-in-progress pieces such as preliminary results of pre-studies, but also research proposals and position papers outlining future research. Papers must be up to 6 pages in length including the bibliography, and with no appendices. Submissions to the vision track should have a title beginning with the prefix "Vision: ".

Submission Site

Please upload your submission to our HotCRP instance, which is now open for paper registration and submissions for the June deadline.

Proceedings

The proceedings will be published by the IEEE in a volume accompanying the main IEEE EuroS&P 2020 proceedings and will be made available after the workshop in IEEE Xplore. To facilitate discussion at the workshop itself, we plan to post pre-prints on this webpage shortly before the workshop.



Program Committee Chairs

The chairs can be contacted at eusec20-chairs@lists.uchicago.edu

Publicity Chairs

Program Committee

Steering Committee