Working Group 4: Human factors in wireless security networks

Working group leader: Dr. Vesna Dimitrova

In this working group, cyber-physical systems and emerging wireless networks will be considered in strict relation with the human components, which is an integral part of the system. The new communication technologies systems will be regarded by considering the interaction with humans and by introducing a new paradigm shift, Cyber Physical Human Systems (CPHS). Human beings are a fundamental part of CPHS and play different roles as users, sources of problems in terms of security and the viable solution for the problem. Another main part of CPHS is the privacy and security component. Recently, there is an increasing interest on research activities regarding personalised and adaptive features to integrate into privacy and security user tasks. In this WG, the diversity of user’s characteristics, together with technology components will be considered for designing adaptive privacy and security technologies, accounting for the specific user context. As the wireless technology is imposing in the daily life of human beings, there is an increasing use of the proper own devices, both for personal and professional purposes. People are more and more used to publish personal information by the means of social networks without being aware of security and privacy issues. Even though there is an increasing attention and focus on the vulnerabilities for reducing sensitive data leakage and strengthening online communication, the manipulation of users based on social engineering attack is more complicated to be managed and deserve much attention. In practice, a social engineering attack targets the weakest link in the security chain, namely human beings. Different manipulation techniques can be used, and such a type of attacks requires an interdisciplinary perspective and analysis. Indeed, it is deeply entrenched in the fields of social and human science and computer science.

Tasks

4.1. Identification of human-centric models for personalised security solutions

The main aim of this task is to understand how IT systems security and privacy can be guaranteed, without or with a minimal impact on the workflow ‘user. Security and privacy do not have to complicate the “normal” usage of the IT system and must be transparent for the final user. This challenging objective cannot be achieved, without the involvement of the final users, both in the design stage and the runtime phase. The final objective is to identify human-centric models, to design usable security systems that are consistent with the performance targets established in the WG1.

4.2. Evaluation of the impact of personalised cybersecurity solutions

Impact of cybersecurity solutions on final users is crucial to the system security. Security and user experience are in a double-edged relationship. Users aim for their connected objects to be trustable and secured, but security must not have impact on user experience. Based on these reflections, it is clear how user involvement is needed to give it personalised security solutions and impact on it must be measured through specific parameters that can allow to establish the security guarantee level and if the solution will be successfully, namely accepted or not by the user.

4.3. Ethical aspects in personalised cyber-security solutions

Personalised cybersecurity solutions and the definition of usable security solutions based on user-centric approaches, make ethical aspects considerations more challenging. Both in EU and USA, it is clearly established that independently of the undertaking processing, personal data must be protected. The definition of “personal data” is complicated in a highly connected cyber-world and with a massive use of AI/ML based on a huge amount of data and “transforming” input data in such a way that their status of “personal” could evolve under algorithmic processing. Also, users must understand the use of their data to be aware of privacy and security risks. As a general consideration, personal data encompasses a large part of interconnected objects, making the design of personalised security solutions more complicated. These considerations lead us to introduce an Ethic Design approach to be adopted for conceiving personalised solutions and is the main objective of this task.

News and Activities