One cannot have security and privacy without considering both the technical and human aspects thereof. If the user is not given due consideration in the development process, the system is unlikely to enable users to protect their privacy and security in the Internet.

Usable security and security is more complicated than traditional usability. This is because traditional usability principles cannot always be applied. For example, one of the cornerstones of usability is that people are given feedback on their actions, and are helped to recover from errors. In authentication, we obfuscate password entry (a usability fail) and we give people no assistance to recover from errors. Moreover, security is often not related to the actual functionality of the system, so people often see it as a bolt-on, and an annoying hurdle. These and other usability challenges of security are the focus of this workshop.

We invite submissions on all aspects of human factors including mental models, adoption, and usability in the context of security and privacy. USEC 2017 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence, machine learning and theoretical computer science as well as researchers from other domains such as economics, legal scientists, social scientists, and psychology. We particularly encourage collaborative research from authors in multiple disciplines.

Topics include, but are not limited to:

1.    Human factors related to the deployment of the Internet of Things (New topic for 2017)

2.    Usable security / privacy evaluation of existing and/or proposed solutions

3.    Mental models that contribute to, or complicate, security or privacy

4.    Lessons learned from designing, deploying, managing or evaluating security and privacy technologies

5.    Foundations of usable security and privacy incl. usable security and privacy patterns

6.    Ethical, psychological, sociological, economic, and legal aspects of security and privacy technologies

We further encourage submissions that contribute to the research community’s knowledge base:

•    Reports of replicating previously published studies and experiments

•    Reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience.

It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage the use of replication studies to validate research findings. This important and often very insightful branch of research is sorely underrepresented in human factors in security and privacy research to date. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of failed experiments, since their publication will serve to prevent others falling into the same traps.

Location and Important Dates

Paper Abstract submission (already extended): 7 December 2016 (11:59pm PST) – see note below on CHI submissions

Full Paper submission (already extended): 14 December 2016 (11:59pm PST) – see note below on CHI submissions

Notification: 21 January 2017

Camera ready copy due: 31 January 2017

Workshop: 26 February 2017 (co-located with NDSS 2017)

Location: Catamaran Resort Hotel & Spa in San Diego, California.

Submission Instructions

Papers should be written in English. Full papers must be no more than 10 pages total (excluding references and appendices). Papers must be formatted for US letter size (not A4) paper in a two-column layout, with columns no more than 9.25 inch high and 3.5 inch wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the NDSS provided templates.

We also invite short papers of up to 6 pages covering work in progress, short communications, as well as novel or provocative ideas. Short papers will be selected based on their potential to spark interesting discussions during the workshop.

Papers that contribute to the research community’s knowledge base such as studies replicating previous results can be submitted as full or short papers. Submissions do not have to be anonymized for review. Please clearly refer to your own related work.

USEC would like to accommodate those who are waiting to hear back about their CHI 2017 submissions. The CHI decision notification is expected to be December 12, 2016. If you think your CHI paper may not be accepted, please submit an abstract on the 7th December. Then if your paper *is* accepted you can simply log into the system and withdraw the abstract. Also email the PC chairs ([email protected]) to let them know you are withdrawing.

The proceedings will be published by the Internet Society.

Program Committee Chairs

Melanie Volkamer, Karlstad and Darmstadt

Karen Renaud, Glasgow