USEC 2021

Workshop on Usable Security and Privacy (USEC)
A virtual event!
Auckland, New Zealand | Friday May 7 2021 (GMT Thursday May 6)


The Workshop on Usable Security (USEC) serves as an Asian forum for research and discussion in the area of human factors in security and privacy.

It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage replication studies to validate previous research findings. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of faded experiments, since their publication will serve to highlight the lessons learned and prevent others falling into the same traps.

REGISTRATION: Please sign up for the registration using this form for us to coordinate attendance at the workshop. We will only provide a link to the virtual workshop to only those who have successfully registered.




Alana Maurushat is Professor of Cybersecurity and Behaviour at Western Sydney University and Director of the Cyber Incident Response Centre where she holds a joint position in the School of Computers, Data and Mathematical Sciences, and in the School of Social Sciences. She is currently researching on payment diversion fraud and ransomware, cyber risk management, neuro-morphic approaches to extreme edge computing, tracking money-laundering through bitcoin blenders, distributed extreme edge computing for micro-clustered satellites, and ethical hacking.

Usable Security Lessons from Covid - why Johnny can't secure small business
The rate and effects of the Covid virus were not the only thing to spread in 2020 and 2021; we also witnessed an exponential increase in cybersecurity incidents. During lockdown industry , government and people had to improvise literally overnight, and continue to evolve and, in some instances, re-organise in order to deal with cybersecurity incidents. We accidentally ended up conducting research on cybersecurity and small business during Covid. Our accidental experiment motivated us to expand the work into something more formal. We examined the cybersecurity principles in NIST and the ASD8, mapped them with existing training materials online, and evaluated if a small business could read and watch the training materials, then implement just one recommendation from the NIST and ASD8. Not a single small business could implement or understand any of the materials enough to implement even one recommendation. Following the results, we started to explore in detail the existing literature, videos and other dedicated to cybersecurity training for small business, NIST and ASD8. What did we find? That none of these materials or the principles are usable for small business. Moreover, many of the recommendations found in ASD8 and NIST are not affordable for small business. This presentation explores ways on how we as a community can improve the usability of cybersecurity and privacy for small business.


Timezone: NZST (GMT+12)
Note that each presentation is of a 20 min length (15min presentation + 5min Q&A)
Schedule Details
7:00 - 7:15 Opening
7:15 – 8:15 Evaluation and Assessments of Technology, Heuristics, and Perception (Session Chair: Marthie Grobler)
Holistic Privacy and Usability of a Cryptocurrency Wallet - Harry Halpin. (20 min)
Cross-National Study on Phishing Resilience - Shakthidhar Gopavaram, Jayati Dev, Marthie Grobler, Donginn Kim, Sanchari Das and L. Jean Camp. (20 min)
Scenario-Driven Assessment of Cyber Risk Perception at the Security Executive Level - Simon Parkin, Kristen Kuhn and Siraj Shaikh. (20 min)
8:15 – 8:30 Break
8:30 – 9:30 Social Media, Phishing, and Mobile Platform (Session Chair : Simon Parkin)
My Past Dictates my Present: Relevance, Exposure, and Influence of Longitudinal Data on Facebook - Muhammad Shujaat Mirza and Christina Pöpper. (20 min)
Evaluating Personal Data Control In Mobile Applications Using Heuristics - Karima Boudaoud, Patrice Pena, Alain Giboin, Yoann Bertrand and Fabien Gandon. (20 min)
Exploring The Design Space of Sharing and Privacy Mechanisms in Wearable Fitness Platforms - Abdulmajeed Alqhatani and Heather Lipford. (20 min)
9:30 – 9:45 Break
9:45 – 10:45 Location Privacy, Quantum and Covid-19 contact Tracing (Session Chair: Karima Boudaoud)
"Lose Your Phone, Lose Your Identity": Exploring Users’ Perceptions and Expectations of a Digital Identity Service - Michael Lutaaya, Hala Assal, Khadija Baig, Sana Maqsood and Sonia Chiasson. (20 min)
SOK: An Evaluation of Quantum Authentication Through Systematic Literature Review - Ritajit Majumdar and Sanchari Das. (20 min)
Location Data and COVID-19 Contact Tracing: How Data Privacy Regulations and Cell Service Providers Work In Tandem - Callie Monroe, Faiza Tazi and Sanchari Das. (20 min)
10:45 – 11:00 Break
11:00 – 11:40 Security Practice and Trust (Session Chair: Sana Maqsood)
Why Do Programmers Do What They Do? A Theory of Influences on Security Practices - Lavanya Sajwan, James Noble, Craig Anslow and Robert Biddle. (20 min)
Raising Trust In The Food Supply Chain - Alexander Krumpholz, Marthie Grobler, Raj Gaire, Claire Mason and Shanae Burns. (20 min)
11:40 – 12:00 Break
12:00 – 13:00 Keynote   
(Alana Maurushat) (Session Chair: Julian Jang-Jaccard)
13:00 – Closing


General Chairs

Julian Jang-Jaccard, Massey University
L Jean Camp, Indiana University Bloomington

Program Committee

  • Christian Probst, Unitec Institute of Technology, NZ
  • Dan DongSeong Kim, University of Queensland, AU
  • Dongxi Liu, Data61 / CSIRO, AU
  • Fariza Sabrina, Central Queensland University, AU
  • Hooman Alavizadeh, Massey University, AU
  • Hyoungshick Kim, Sungkyunkwan University, Korea
  • Jayati Dav, Indiana University Bloomington, US
  • Jin Kwak, Ajou University, Korea
  • Julia Bernd, International Computer Science Institute, US
  • Karima Boudaoud, University of Nice Sophia Antipolis, France
  • Mahdi Nasrullah Al-Ameen, Utah State University, US
  • Ian Welch, Victoria University of Wellington, NZ
  • Seyit Camtepe, Data61 / CSIRO, AU
  • Sophie van der Zee, Erasmus University Rotterdam, Netherlands
  • Vimal Kumar, University of Waikato, NZ
  • Xuyun Zhang, Macquarie University, AU