@inproceedings{59019, abstract = {{To facilitate the growing demand for a universal means of digital identification across services, while preserving user control and privacy, multiple digital identity implementations have emerged. From a technical perspective, many of these rely on established concepts within cryptography, allowing them to provide benefits in terms of security and privacy. Recent legislation also promises broader recognition and acceptance of digital identities, both in the digital world and beyond. However, research into the usability, accessibility, and user understanding of digital identities is rare. We argue that the development of usable digital identity wallets is vital to the successful and inclusive application of digital identities in society. In this vision paper, we describe our research plans for obtaining a better understanding of how to develop these usable digital identities wallets.}}, author = {{Last, Yorick and Arias Cabarcos, Patricia}}, booktitle = {{Symposium on Usable Security and Privacy (USEC) 2025}}, isbn = {{979-8-9919276-5-9}}, location = {{San Diego, U.S.A.}}, title = {{{Vision: Towards True User-Centric Design for Digital Identity Wallets}}}, year = {{2025}}, } @inproceedings{61144, author = {{Kablo, Emiram and Kleber, Melina and Arias Cabarcos, Patricia}}, booktitle = {{34th USENIX Security Symposium (USENIX Security 25)}}, pages = {{1531–1548}}, title = {{{PrivaCI in VR: Exploring Perceptions and Acceptability of Data Sharing in Virtual Reality Through Contextual Integrity}}}, year = {{2025}}, } @inproceedings{54291, author = {{Kablo, Emiram and Kader, Katharina and Arias Cabarcos, Patricia}}, booktitle = {{Extended Abstracts of the CHI Conference on Human Factors in Computing Systems}}, publisher = {{ACM}}, title = {{{"I'm actually going to go and change these passwords": Analyzing the Usability of Credential Audit Interfaces in Password Managers}}}, doi = {{10.1145/3613905.3650889}}, year = {{2024}}, } @inproceedings{49373, author = {{Kablo, Emiram and Arias Cabarcos, Patricia}}, booktitle = {{Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}}, publisher = {{ACM}}, title = {{{Privacy in the Age of Neurotechnology: Investigating Public Attitudes towards Brain Data Collection and Use}}}, doi = {{10.1145/3576915.3623164}}, year = {{2023}}, } @inproceedings{49641, author = {{Fallahi, Matin and Arias Cabarcos, Patricia and Strufe, Thorsten}}, booktitle = {{Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}}, publisher = {{ACM}}, title = {{{Poster: Towards Practical Brainwave-based User Authentication}}}, doi = {{10.1145/3576915.3624399}}, year = {{2023}}, } @article{53541, author = {{Robles-González, Antonio and Arias Cabarcos, Patricia and Parra-Arnau, Javier}}, issn = {{0167-4048}}, journal = {{Computers & Security}}, keywords = {{Law, General Computer Science}}, publisher = {{Elsevier BV}}, title = {{{Privacy-centered authentication: A new framework and analysis}}}, doi = {{10.1016/j.cose.2023.103353}}, volume = {{132}}, year = {{2023}}, } @inproceedings{48060, author = {{Röse, Markus and Kablo, Emiram and Arias Cabarcos, Patricia}}, booktitle = {{Proceedings of the 2023 European Symposium on Usable Security}}, publisher = {{ACM}}, title = {{{Overcoming Theory: Designing Brainwave Authentication for the Real World}}}, doi = {{10.1145/3617072.3617120}}, year = {{2023}}, } @inproceedings{46500, abstract = {{The security of Industrial Control Systems is relevant both for reliable production system operations and for high-quality throughput in terms of manufactured products. Security measures are designed, operated and maintained by different roles along product and production system lifecycles. Defense-in-Depth as a paradigm builds upon the assumption that breaches are unavoidable. The paper at hand provides an analysis of roles, corresponding Human Factors and their relevance for data theft and sabotage attacks. The resulting taxonomy is reflected by an example related to Additive Manufacturing. The results assist in both designing and redesigning Industrial Control System as part of an entire production system so that Defense-in-Depth with regard to Human Factors is built in by design.}}, author = {{Pottebaum, Jens and Rossel, Jost and Somorovsky, Juraj and Acar, Yasemin and Fahr, René and Arias Cabarcos, Patricia and Bodden, Eric and Gräßler, Iris}}, booktitle = {{2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)}}, keywords = {{Defense-in-Depth, Human Factors, Production Engineering, Product Design, Systems Engineering}}, location = {{Delft, Netherlands}}, pages = {{379--385}}, publisher = {{IEEE}}, title = {{{Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth}}}, doi = {{10.1109/eurospw59978.2023.00048}}, year = {{2023}}, } @unpublished{34079, abstract = {{Data collection and aggregation by online services happens to an extent that is often beyond awareness and comprehension of its users. Transparency tools become crucial to inform people, though it is unclear how well they work. To investigate this matter, we conducted a user study focusing on Facebook, which has recently released the "Off-Facebook Activity" transparency dashboard that informs about personal data collection from third parties. We exposed a group of n = 100 participants to the dashboard and surveyed their level of awareness and reactions to understand how transparency impacts users' privacy attitudes and intended behavior. Our participants were surprised about the massive amount of collected data, became significantly less comfortable with data collection, and more likely to take protective measures. Collaterally, we observed that current consent schemes are inadequate. Based on the survey findings, we make recommendations for more usable transparency and highlight the need to raise awareness about transparency tools and to provide easily actionable privacy controls.}}, author = {{Arias Cabarcos, Patricia and Khalili, Saina and Strufe, Thorsten}}, booktitle = {{arXiv:2209.08048}}, title = {{{'Surprised, Shocked, Worried': User Reactions to Facebook Data Collection from Third Parties}}}, year = {{2022}}, } @article{28463, author = {{Hanisch, Simon and Arias Cabarcos, Patricia and Parra-Arnau, Javier and Strufe, Thorsten}}, journal = {{CoRR}}, title = {{{Privacy-Protecting Techniques for Behavioral Data: A Survey}}}, volume = {{abs/2109.04120}}, year = {{2021}}, } @inproceedings{28462, author = {{Arias Cabarcos, Patricia and Habrich, Thilo and Becker, Karen and Becker, Christian and Strufe, Thorsten}}, booktitle = {{30th {USENIX} Security Symposium, {USENIX} Security 2021, August 11-13, 2021}}, editor = {{Bailey, Michael and Greenstadt, Rachel}}, pages = {{55--72}}, publisher = {{{USENIX} Association}}, title = {{{Inexpensive Brainwave Authentication: New Techniques and Insights on User Acceptance}}}, year = {{2021}}, } @article{28464, author = {{Aguilar'Igartua, Mónica and Almenárez-Mendoza, Florina and P. Díaz Redondo, Rebeca and I. Martín'Vicente, Manuela and Forné, Jordi and Campo, Celeste and Fernández Vilas, Ana and J. de la Cruz Llopis, Luis and García-Rubio, Carlos and Marín-López, Andrés and Mohamad Mezher, Ahmad and Díaz Sánchez, Daniel and Cerezo-Costas, Héctor and Rebollo-Monedero, David and Arias Cabarcos, Patricia and Rico-Novella, Francisco}}, journal = {{{IEEE} Access}}, pages = {{72435--72460}}, title = {{{INRISCO: INcident monitoRing in Smart COmmunities}}}, doi = {{10.1109/ACCESS.2020.2987483}}, volume = {{8}}, year = {{2020}}, } @inproceedings{28468, author = {{Seiler-Hwang, Sunyoung and Arias Cabarcos, Patricia and Marín, Andr{\'{e}}s and Almenáres, Florina and Díaz Sánchez, Daniel and Becker, Christian}}, booktitle = {{Proceedings of the 2019 {ACM} {SIGSAC} Conference on Computer and Communications Security, {CCS} 2019, London, UK, November 11-15, 2019}}, editor = {{Cavallaro, Lorenzo and Kinder, Johannes and Wang, XiaoFeng and Katz, Jonathan}}, pages = {{1937--1953}}, publisher = {{{ACM}}}, title = {{{"I don't see why I would ever want to use it": Analyzing the Usability of Popular Smartphone Password Managers}}}, doi = {{10.1145/3319535.3354192}}, year = {{2019}}, } @inproceedings{28469, author = {{Becker, Karen and Arias Cabarcos, Patricia and Habrich, Thilo and Becker, Christian}}, booktitle = {{Proceedings of the 2019 {ACM} {SIGSAC} Conference on Computer and Communications Security, {CCS} 2019, London, UK, November 11-15, 2019}}, editor = {{Cavallaro, Lorenzo and Kinder, Johannes and Wang, XiaoFeng and Katz, Jonathan}}, pages = {{2577--2579}}, publisher = {{{ACM}}}, title = {{{Poster: Towards a Framework for Assessing Vulnerabilities of Brainwave Authentication Systems}}}, doi = {{10.1145/3319535.3363260}}, year = {{2019}}, } @article{28466, author = {{Arias Cabarcos, Patricia and Krupitzer, Christian and Becker, Christian}}, journal = {{{ACM} Comput. Surv.}}, number = {{4}}, pages = {{80:1--80:30}}, title = {{{A Survey on Adaptive Authentication}}}, doi = {{10.1145/3336117}}, volume = {{52}}, year = {{2019}}, } @article{28465, author = {{Díaz Sánchez, Daniel and Marín López, Andrés and Almenárez Mendoza, Florina and Arias Cabarcos, Patricia and Simon Sherratt, R.}}, journal = {{{IEEE} Commun. Surv. Tutorials}}, number = {{4}}, pages = {{3502--3531}}, title = {{{TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications}}}, doi = {{10.1109/COMST.2019.2914453}}, volume = {{21}}, year = {{2019}}, } @article{28467, author = {{Díaz Sánchez, Daniel and Marín López, Andrés and Almenárez Mendoza, Florina and Arias Cabarcos, Patricia}}, journal = {{Sensors}}, number = {{15}}, pages = {{3292}}, title = {{{DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT}}}, doi = {{10.3390/s19153292}}, volume = {{19}}, year = {{2019}}, } @inproceedings{28473, author = {{Almenárez Mendoxa, Florina and Alonso, Lucía and Marín López, Andrés and Díaz Sánchez, Daniel and Arias Cabarcos, Patricia}}, booktitle = {{12th International Conference on Ubiquitous Computing and Ambient Intelligence, UCAmI 2018, Punta Cana, Dominican Republic, December 4-7, 2018}}, editor = {{Bravo, Jos{\'{e}} and Ba{\~{n}}os, Oresti}}, number = {{19}}, pages = {{1235}}, publisher = {{{MDPI}}}, title = {{{Assessment of Fitness Tracker Security: A Case of Study}}}, doi = {{10.3390/proceedings2191235}}, volume = {{2}}, year = {{2018}}, } @inproceedings{28471, author = {{Arias Cabarcos, Patricia and Almenárez, Florina and Díaz Sánchez, Daniel and Marín, Andrés}}, booktitle = {{Proceedings of the 2nd International Workshop on Multimedia Privacy and Security, MPS@CCS 2018, Toronto, ON, Canada, October 15, 2018}}, editor = {{A. Hallman, Roger and Li, Shujun and Chang, Victor}}, pages = {{18--26}}, publisher = {{{ACM}}}, title = {{{FRiCS: A Framework for Risk-driven Cloud Selection}}}, doi = {{10.1145/3267357.3267362}}, year = {{2018}}, } @inproceedings{28472, author = {{Díaz Sánchez, Daniel and Marín López, Andr{\'{e}}s and Almenárez Mendoza, Florina and Arias Cabarcos, Patricia}}, booktitle = {{12th International Conference on Ubiquitous Computing and Ambient Intelligence, UCAmI 2018, Punta Cana, Dominican Republic, December 4-7, 2018}}, editor = {{Bravo, Jos{\'{e}} and Baños, Oresti}}, number = {{19}}, pages = {{1233}}, publisher = {{{MDPI}}}, title = {{{DNS-Based Dynamic Authentication for Microservices in IoT}}}, doi = {{10.3390/proceedings2191233}}, volume = {{2}}, year = {{2018}}, }