Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
HCI patterns for cryptographically equipped cloud services
Université de Lausanne, Switzerland.
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0002-6509-3792
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0002-6938-4466
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
Show others and affiliations
2018 (English)In: Human-Computer Interaction. Theories, Methods, and Human Issues / [ed] Masaaki Kurosu, Springer, 2018, p. 567-586Conference paper, Published paper (Refereed)
Abstract [en]

Recent cryptographic research has devised several new algorithms and protocols with a potential of mitigating several of the most ardent security and privacy threats, existing in currently available public cloud services. Nevertheless, such cryptographic schemes often exhibit counterintuitive functionality to end users, or they work differently to other already established traditional schemes with which users are already familiar. A practical solution to address these problems involves a human centered design approach, deriving Human Computer Interaction (HCI) requirements from consultations and extensive testing with experts, prospective end users, and other stakeholders. The European Horizon 2020 project PRISMACLOUD “Privacy and Security Maintaining Services for the Cloud” uses such an approach and provides HCI patterns as part of its proper cloud service development methodology CryptSDLC to communicate HCI requirements to cloud service designers and user interface implementers. In this article, we present several new cryptographic cloud services, e.g. for redacting digitally signed data, and for redundant storage and sharing of confidential data in a public cloud scenario, together with three example HCI patterns for specific interactions of end users with these services. We show how these patterns were elaborated and validated in practice to prove the suitability for their intended purpose. To summarize, we give an account on our practical experience during the actual prototype development and implementation and show how they constitute an essential element of the CryptSDLC development methodology.

Place, publisher, year, edition, pages
Springer, 2018. p. 567-586
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10901
Keywords [en]
Cloud computing, Cryptography, HCI patterns, End-user security, End-user privacy
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-67347DOI: 10.1007/978-3-319-91238-7_44ISI: 000450991000044ISBN: 978-3-319-91237-0 (print)ISBN: 978-3-319-91238-7 (electronic)OAI: oai:DiVA.org:kau-67347DiVA, id: diva2:1209591
Conference
20th International Conference, HCI International 2018, Las Vegas, NV, USA, July 15–20, 2018.
Available from: 2018-05-23 Created: 2018-05-23 Last updated: 2019-12-16Bibliographically approved
In thesis
1. The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions
Open this publication in new window or tab >>The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within the eHealth use-case. Redactable signatures are  a privacy enhancing scheme allowing to remove parts of a signed document by a specified party for achieving data minimization without invalidating the respective signature.

We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2018. p. 14
Series
Karlstad University Studies, ISSN 1403-8099 ; 2018:23
Keywords
Data privacy, wicked problems, user-centered design, crypto-based solutions, usability, data minimization, redactable signatures
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-67134 (URN)978-91-7063-856-5 (ISBN)978-91-7063-951-7 (ISBN)
Presentation
2018-06-11, 10:15 (English)
Opponent
Supervisors
Note

Paper 3 was included as manuscript in the thesis.

Available from: 2018-05-23 Created: 2018-04-23 Last updated: 2019-02-07Bibliographically approved
2. Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services
Open this publication in new window or tab >>Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Data privacy has been growing in importance in recent years, especially with the constant increase of online activity. Consequently, researchers study, design, and develop solutions aimed at enhancing users' data privacy. The wicked problem of data privacy is a dynamic challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to explore challenges and opportunities with a focus on human aspects for designing usable crypto-based privacy-enhancing technologies (PETs). Mainly, there were three PETs in the cloud context included in our studies: malleable signatures, secret sharing, and homomorphic encryption. Based on the three PETs, services were developed within European research projects that were the scope of our user studies. We followed a user-centered design approach by using empirical qualitative and quantitative means for collecting study data. Our results and tinkering conveyed (i) analysis of different categories of user's perspectives, mental models, and trade-offs, (ii) user requirements for PET services, and (iii) user interface design guidelines for PET services. In our contributions, we highlight considerations and guidelines for supporting the design of future solutions.

Abstract [en]

Data privacy has been growing in importance in recent years, especially with the constant increase of online activity. Consequently, researchers study, design, and develop solutions aimed at enhancing users' data privacy. The wicked problem of data privacy is a dynamic challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to explore challenges and opportunities with a focus on human aspects for designing usable crypto-based privacy-enhancing technologies (PETs). Our results and tinkering conveyed (i) analysis of different categories of user's perspectives, mental models, and trade-offs, (ii) user requirements for PET services, and (iii) user interface design guidelines for PET services. In our contributions, we highlight considerations and guidelines for supporting the design of future solutions.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 22
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:5
Keywords
Data privacy, wicked problems, user-centered design, privacy enhancing technologies, human factors, malleable signatures, secret sharing, homomorphic encryption
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-75992 (URN)978-91-7867-077-2 (ISBN)978-91-7867-087-1 (ISBN)
Public defence
2020-01-30, 21A342, Eva Eriksson, 10:15 (English)
Opponent
Supervisors
Available from: 2020-01-09 Created: 2019-12-16 Last updated: 2020-01-09Bibliographically approved

Open Access in DiVA

fulltext(371 kB)12 downloads
File information
File name FULLTEXT01.pdfFile size 371 kBChecksum SHA-512
51dffef6175cd084d5c6c9563cf93e0181b234941040402e0d2a54feb90ca6b31c235929f5f17929d520d1b3f128486109a90c74f03bf2046d63380a9fd94020
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records BETA

Alaqra, AlaaFischer-Hübner, SimoneFramner, ErikPettersson, John Sören

Search in DiVA

By author/editor
Alaqra, AlaaFischer-Hübner, SimoneFramner, ErikPettersson, John Sören
By organisation
Department of Mathematics and Computer Science (from 2013)Centre for HumanIT (from 2013)Karlstad Business School (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 12 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 142 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf