AsiaUSEC 2020

Ensuring effective security and privacy in real-world technology requires considering not only technical but also human aspects, as well as the complex way in which these combine. technical as well as human aspects. Enabling people to manage privacy and security necessitates giving due consideration to the users and the larger operating context within which technology is embedded.

It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage replication studies to validate previous research findings. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of faded experiments, since their publication will serve to highlight the lessons learned and prevent others falling into the same traps.



Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. He helped write the popular PGP encryption package, has authored a number of papers and RFC's on security and encryption, and is the author of the open source cryptlib security toolkit, "Cryptographic Security Architecture: Design and Verification" (Springer, 2003), and an upcoming book on security engineering. In his spare time he pokes holes in whatever security systems and mechanisms catch his attention and grumbles about the lack of consideration of human factors in designing security systems.

Availability and Security: Choose any One
Availability/dependability considerations assert that "in case of any issues, keep going at any cost" while security mandates "in case of any issues, raise the alarm and shut things down". In other words once you've found the single bit that's out of place, you've won and there's no need to think about continuing. Needless to say, these two concepts are more than a little incompatible. This talk looks at the thorny issue of availability/ dependability vs. security, complete with hair-raising examples, as instances of wicked problems, a concept taken from the field of social planning. To the annoyance of geeks everywhere, the talk will conclude without presenting any obvious solutions.?


Schedule Details
8:30 Introduction and Publication Plan Q &A
9:00 – 10:30 Email and Browsing
A Tale of Two Browsers: Understanding User’s Web Browser Choices in South Korea - Simon Woo, Hyoungshick Kim, Ji Won Choi, Soyoon Jeon, Jihye Woo and Joon Han.(15 min)
User-Centered Risk Communication for Safer Browsing - Sanchari Das, Jacob Abbott, Shakthidhar Gopavaram, Jim Blythe and L. Jean Camp.(15 min)
Secure Email – A Usability Study - Adrian Reuter, Ahmed Abdelmaksoud, Wadie Lemrazzeq, Karima Boudaoud and Marco Winckler.(15 min)
The Effects of Cue Utilization and Cognitive Load in the Detection of Phishing Emails - George Nasser, Ben Morrison, Piers Bayl-Smith, Ronnie Taib, Michael Gayed and Mark Wiggins.(15 min)
Cue Utilization, Phishing Feature and Phishing Email Detection - Piers Bayl-Smith, Daniel Sturman and Mark Wiggins.(15 min)
Panel Q&A 15 minutes
10:30 – 11:00 Break
11:00 – 12:30 Behaviour – Smart Environments & Workplaces
Perception of Privacy Dis-Empowerment & Patterns of Privacy Behaviour - Kovila P.L. Coopamootoo.(15 min)
Security and Privacy Awareness in Smart Environments – a Cross Country Investigation - Oksana Kulyk, Benjamin Maximilian Reinheimer, Lukas Aldag, Nina Gerber, Peter Mayer and Melanie Volkamer.(15 min)
Understanding Perceptions of Smart Devices - Hilda Hadan and Sameer Patil.(15 min)
In Our Employer We Trust: Mental Models of Office Worker’s Privacy Perceptions - Jan Tolsdorf and Florian Dehling.(15 min)
Behaviour of outsourced Employees as Sources of Information System Security Threats - David Oyebisi.(15 min)
Panel Q&A 15 minutes
12:30 – 14:00 Lunch   
Location: Pavilion
14:00 – 15:30 Passwords & Workplaces
Exploring Effects of Auditory Stimuli on CAPTCHA Performance - Gene Tsudik, Tyler Kaczmarek, Bruce Berg and Alfred Kobsa.(15 min)
PassPage: Graphical Password Authentication Scheme Based on Web Browsing Records Performance - Xian Chu, Huiping Sun and Zhong Chen.(15 min)
An Antidote to Frustration in Password Choice - Kovila P.L. Coopamootoo.(15 min)
Fixing the Fixes: Assessing the Solutions of SAST Tools for Securing Password Storage - Harshal Tupsamudre, Monika Sahu, Kumar Vidhani and Sachin Lodha.(15 min)
Incorporating Psychology into Cybersecurity Education - Jacqui Taylor-Jackson, John McAlaney, Jeff Foster, Abubakar Bello, Alana Maurushat and John Dale.(15 min)
Panel Q&A 15 minutes
15:30 – 16:00 Break
16:00 – 16:45 Keynote Peter Gutmann
16:45 – Closing Questions and Comments


Program Chairs

Alana Maurushat, Western Sydney University
L Jean Camp, Indiana University

Program Committee

  • Julian Jang-Jaccard, Massey University, NZ
  • Vaibhav Garg, Comcast, US
  • Julian M. Williams, Durham University, UK
  • Paul A. Watters, LaTrobe University, AU
  • Marthie Grobler, CSIRO, AU
  • Heather Crawford, Florida Tech, US
  • Nicholas Weaver, ISCI UC Berkeley, US
  • Alisa Frik, ISCI UC Berkeley, US
  • Shrirang Mare, U Washington & IU, US
  • Pamela Briggs, Northumbria University, UK
  • Karen Renaud, Rhodes University, SA and University of Glasgow, UK
  • Julie M. Haney, NIST, US
  • Ada Lerner, Wellesley College, US
  • Matt Bishop, UC David, US
  • Patrick Traynor, University of Florida, US
  • Andrew A. Adams Media University, Japan
  • Tim Kelley, US Navy, US
  • Peter Gutmann, University of Aukland, NZ
  • Sanchari Das, American Express, US
  • Sven Dietrich, City University of New York


The conference will be held in conjunctions with FC. 
February 10–14, 2020
Shangri-La Tanjung Aru Resort & Spa
Kota Kinabalu, Sabah, Malaysia


All questions about submissions should be emailed to