The research is based on the hypothesis that human factors, such as biases and heuristics, have great influence on decision making in cyber security. Whereas rigorous decision practices are an important approach to overcome weak decisions (e.g., systematic statistical evaluation), the use of their results is influenced by human factors again, for instance, ignored because of convenience or underestimation of the risks.
We research to what extend a deliberate design of a choice architecture can improve security decision making. In particular, we apply this method to the area of bring your own device (BYOD) in SMEs, where the decisions of the users with respect to their devices impact the security of the overall system.
We are currently setting up a large-scale project on security and privacy of electronic identity (eID), with major academic and industry partners. The multi-year project will establish an eID infrastructure that offers secure identity protocols and brokering as well as integration of privacy-enhancing technologies, such as attribute-based credentials. From my own perspective the project follows up on my former work in Federated Identity Management , Cryptography for Privacy-enhanced Identity Management and the Smart Identity Card. Newcastle will contribute in the analysis of identity systems for security and privacy properties, new authentication languages, and usable privacy.
Project Launch: 4th quarter 2012.