Jump to Content
Alexander De Luca

Alexander De Luca

Research Areas

Authored Publications
results

Publications

Years

Research Areas

Teams

Sort By
  • Title
  • Title, descending
  • Year
  • Year, descending
    "If I press delete, it's gone" - User Understanding of Online Data Deletion and Expiration
    Ambar Murillo
    Andreas Kramm
    Sebastian Schnorf
    Alexander De Luca
    Proceedings of the Symposium on Usable Privacy and Security 2018
    Preview abstract In this paper, we present the results of an interview study with 22 participants and two focus groups with 7 data deletion experts. The studies explored understanding of online data deletion and retention, as well as expiration of user data. We used different scenarios to shed light on what parts of the deletion process users understand and what they struggle with. As one of our results, we identified two major views on how online data deletion works: UI-Based and Backend-Aware (further divided into levels of detail). Their main difference is on whether users think beyond the user interface or not. The results indicate that communicating deletion based on components such as servers or "the cloud" has potential. Furthermore, generic expiration periods do not seem to work while controllable expiration periods are preferred. View details
    The Anatomy of Smartphone Unlocking - Why and How Android Users Around the World Lock their Phones
    Nathan Malkin
    Marian Harbach
    Alexander De Luca
    Serge Egelman
    GetMobile: Mobile Comp. and Comm., 20 (2017), pp. 42-46
    Preview abstract With the growth in smartphone adoption around the world, threats to the personal information they contain are also increasing. To protect devices and their contents from unauthorized physical access, manufacturers offer locking mechanisms, such as PINs, passwords, and biometrics. However, from a security perspective, PINs and patterns are susceptible to guessing attacks [1, 4, 12] and shoulder-surfing [14]. Patterns are also vulnerable to smudge attacks [2]. Because of the limitations of existing locking mechanisms, a variety of novel techniques have been introduced in the academic literature. These include additional biometric security layers for PINs [15] and Android patterns [5], external hardware [3], and improving security by visual methods like indirect input [9, 11, 13]. However, for any alternative method to be successfully adopted, a detailed understanding of how real users interact with existing smartphone authentication mechanisms is needed. As a result, the motivation for our research is twofold. First, we sought to understand the adoption and usage of current locking mechanisms: which ones are used, and what motivates people to use them. Second, we wanted to establish benchmarks for the current authentication mechanisms, against which future research can be compared: users are unlikely to switch to a mechanism that requires more time or effort than their current one. To this end, we conducted two studies: an international survey [8] and a measurement-based in situ study [7]. View details
    The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens
    Marian Harbach
    Alexander De Luca
    Serge Egelman
    Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI'16), ACM, New York, NY, USA (2016) (to appear)
    Preview abstract To prevent unauthorized parties from accessing data stored on their smartphones, users have the option of enabling a "lock screen" that requires a secret code (e.g., PIN, drawing a pattern, or biometric) to gain access to their devices. We present a detailed analysis of the smartphone locking mechanisms currently available to billions of smartphone users worldwide. Through a month-long field study, we logged events from a panel of users with instrumented smartphones (N=134). We are able to show how existing lock screen mechanisms provide users with distinct tradeoffs between usability (unlocking speed vs. unlocking frequency) and security. We find that PIN users take longer to enter their codes, but commit fewer errors than pattern users, who unlock more frequently and are very prone to errors. Overall, PIN and pattern users spent the same amount of time unlocking their devices on average. Additionally, unlock performance seemed unaffected for users enabling the stealth mode for patterns. Based on our results, we identify areas where device locking mechanisms can be improved to result in fewer human errors - increasing usability - while also maintaining security. View details
    Keep on Lockin' in the Free World: A Multi-National Comparison of Smartphone Locking
    Marian Harbach
    Alexander De Luca
    Nathan Malkin
    Serge Egelman
    Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI'16), ACM, New York, NY, USA (2016) (to appear)
    Preview abstract We present the results of an online survey of smartphone unlocking (N=8,286) that we conducted in eight different countries. The goal was to investigate differences in attitudes towards smartphone unlocking between different national cultures. Our results show that there are indeed significant differences across a range of categories. For instance, participants in Japan considered the data on their smartphones to be much more sensitive than those in other countries, and respondents in Germany were 4.5 times more likely than others to say that protecting data on their smartphones was important. The results of this study shed light on how motivations to use various security mechanisms are likely to differ from country to country. View details
    Expert and Non-Expert Attitudes towards (Secure) Instant Messaging
    Alexander De Luca
    Sauvik Das
    Martin Ortlieb
    Iulia Ion
    Ben Laurie
    Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), USENIX Association, Denver, CO, pp. 147-157
    Preview abstract In this paper, we present results from an online survey with 1,510 participants and an interview study with 31 participants on (secure) mobile instant messaging. Our goal was to uncover how much of a role security and privacy played in people's decisions to use a mobile instant messenger. In the interview study, we recruited a balanced sample of IT security experts and non-experts, as well as an equal split of users of mobile instant messengers that are advertised as being more secure and/or private (e.g., Threema) than traditional mobile IMs. Our results suggest that peer influence is what primarily drives people to use a particular mobile IM, even for secure/private IMs, and that security and privacy play minor roles. View details
    Search on Google Scholar