Abstract
The concept of “personalized security nudges” promises to solve the contradictions between people’s heterogeneity and one-size-fits-all security nudges, whereas the psychological traits needed for personalization are not easy to obtain. To address the problem, we propose to leverage users’ behaviors logged by information systems, from which multiple behavioral features are extracted. A between-subjects lab experiment was conducted, during which participants’ behavioral features and responses to three famous security nudges (the so-called nudge effects) were logged. To test the feasibility of our proposal, we analyzed the relationships between the behavioral features with the nudge effects and discovered the significant moderation effects expected for all the three security nudges involved. The results indicate the feasibility of personalizing security nudges according to user behaviors, liberating the personalized security nudge schemes from the dependence on psychological scales.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdrabou, Y., Abdelrahman, Y., Khamis, M., Alt, F.: Think harder! Investigating the effect of password strength on cognitive load during password creation. In: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411763.3451636
Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users’ choices online. ACM Comput. Surv.(CSUR) 50(3), 44 (2017). https://doi.org/10.1145/3054926
Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)
Adjerid, I., Acquisti, A., Brandimarte, L., Loewenstein, G.: Sleights of privacy: framing, disclosures, and the limits of transparency. In: Proceedings of the ninth symposium on usable privacy and security. SOUPS 2013, p. 9. ACM, New York (2013). https://doi.org/10.1145/2501604.2501613
Almuhimedi, H., et al.: Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 2015 CHI Conference on Human Factors in Computing Systems. CHI 2015, pp. 787–796. ACM, New York (2015). https://doi.org/10.1145/2702123.2702210
Bahirat, P., Willemsen, M., He, Y., Sun, Q., Knijnenburg, B.: Overlooking context: how do defaults and framing reduce deliberation in smart home privacy decision-making? In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411764.3445672
Berkovsky, S., Taib, R., Koprinska, I., Wang, E., Zeng, Y., Li, J., Kleitman, S.: Detecting personality traits using eye-tracking data. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. CHI 2019, pp. 1–12. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3290605.3300451
Caraban, A., Karapanos, E., Gonçalves, D., Campos, P.: 23 ways to nudge: a review of technology-mediated nudging in human-computer interaction. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. CHI 2019, p. Paper No. 503. ACM, New York (2019). https://doi.org/10.1145/3290605.3300733
Credemo: Credemop (2021). https://www.credamo.com
Das, S., Kramer, A.D., Dabbish, L.A., Hong, J.I.: Increasing security sensitivity with social proof: a large-scale experimental confirmation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 739–749. ACM, New York (2014)
Egelman, S., Peer, E.: The myth of the average user: improving privacy and security systems through individualization. In: Proceedings of the 2015 New Security Paradigms Workshop. NSPW 2015, pp. 16–28. ACM, New York (2015). https://doi.org/10.1145/2841113.2841115
Felt, A.P., et al.: Improving SSL warnings: comprehension and adherence. In: Proceedings of the 2015 CHI Conference on Human Factors in Computing Systems. CHI 2015, pp. 2893–2902. ACM, New York (2015). https://doi.org/10.1145/2702123.2702442
Gluck, J., et al.: How short is too short? Implications of length and framing on the effectiveness of privacy notices. In: Twelfth Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2016), pp. 321–340. USENIX Association, Washington, D.C. (2016)
Golbeck, J., Robles, C., Edmondson, M., Turner, K.: Predicting personality from twitter. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pp. 149–156. IEEE (2011)
Golbeck, J., Robles, C., Turner, K.: Predicting personality with social media. In: CHI 2011 Extended Abstracts on Human Factors in Computing Systems, pp. 253–262 (2011)
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cyber security behavior intentions. Comput. Secur. 73, 345–358 (2018)
Guo, Y., Zhang, Z., Guo, Y., Guo, X.: Nudging personalized password policies by understanding users’ personality. Comput. Secur. 94(3), 101801 (2020)
Jia, Y., Xu, B., Karanam, Y., Voida, S.: Personality-targeted gamification: a survey study on personality traits and motivational affordances. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems. CHI 2016, pp. 2001–2013. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2858036.2858515
Joireman, J., Shaffer, M.J., Balliet, D., Strathman, A.: Promotion orientation explains why future-oriented people exercise and eat healthy: evidence from the two-factor consideration of future consequences-14 scale. Pers. Soc. Psychol. Bull. 38(10), 1272–1287 (2012)
Katsini, C., Fidas, C., Raptis, G.E., Belk, M., Samaras, G., Avouris, N.: Influences of human cognition and visual behavior on password strength during picture password composition. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. CHI 2018, p. 87. ACM, New York (2018). https://doi.org/10.1145/3173574.3173661
Khan, I.A., Brinkman, W., Fine, N., Hierons, R.M.: Measuring personality from keyboard and mouse use. In: Abascal, J., Fajardo, I., Oakley, I. (eds.) ECCE 2008 - The Ergonomics of Cool Interaction, European Conference on Cognitive Ergonomics 2008, Funchal, Madeira, Portugal, 16–19 September 2008, p. 38. ACM (2008). https://doi.org/10.1145/1473018.1473066
Komanduri, S., Shay, R., Cranor, L.F., Herley, C., Schechter, S.: Telepathwords: preventing weak passwords by reading users’ minds. In: 23rd \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 14), pp. 591–606. USENIX Association, Washington, D.C. (2014)
Li, L., Chu, W., Langford, J., Schapire, R.E.: A contextual-bandit approach to personalized news article recommendation. In: Proceedings of the 19th International Conference on World Wide Web. WWW 2010, pp. 661–670. Association for Computing Machinery, New York (2010). https://doi.org/10.1145/1772690.1772758
Malkin, N., Mathur, A., Harbach, M., Egelman, S.: Personalized security messaging: nudges for compliance with browser warnings. In: 2nd European Workshop on Usable Security. EuroUSEC 2017, pp. 1–12. Internet Society, Reston (2017). https://doi.org/10.14722/eurousec.2017.23008
Orji, R., Nacke, L.E., Di Marco, C.: Towards personality-driven persuasive health games and gamified systems. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems CHI 2017, pp. 1015–1027, Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3025453.3025577
Peer, E., Egelman, S., Harbach, M., Malkin, N., Mathur, A., Frik, A.: Nudge me right: Personalizing online security nudges to people’s decision-making styles. Comput. Hum. Behav. 109(12), 106347 (2020)
Petelka, J., Zou, Y., Schaub, F.: Put your warning where your link is: improving and evaluating email phishing warnings. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. CHI 2019, p. 518. ACM, New York (2019). https://doi.org/10.1145/3290605.3300748
Preacher, K.J., Curran, P.J., Bauer, D.J.: Computational tools for probing interactions in multiple linear regression, multilevel modeling, and latent curve analysis. J. Educ. Behav. Stat. 31(4), 437–448 (2006)
Qu, L., Wang, C., Xiao, R., Shi, W., Liang, B.: Towards better security decisions: applying prospect theory to cybersecurity. In: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems. CHI EA 2019, p. Paper No. LBW2613. ACM, New York (2019). https://doi.org/10.1145/3290607.3312782
Qu, L., Xiao, R., Wang, C., Shi, W.: Design and evaluation of CFC-targeted security nudges. In: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411763.3451624
Raptis, G.E., Fidas, C.A., Katsini, C., Avouris, N.M.: Towards a cognition-centered personalization framework for cultural-heritage content. In: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems. CHI EA 2018, pp. 1–6. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3170427.3190613
Raptis, G.E., Katsini, C., Cen, A.J.l., Arachchilage, N.A.G., Nacke, L.E.: Better, funner, stronger: a gameful approach to nudge people into making less predictable graphical password choices. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411764.3445658
Rose, J., Liu, Y., Awad, A.: Biometric authentication using mouse and eye movement data. In: 2017 IEEE Security and Privacy Workshops, SP Workshops 2017, San Jose, CA, USA, 25 May 2017, pp. 47–55. IEEE Computer Society (2017). https://doi.org/10.1109/SPW.2017.18
Rosenman, R., Tennekoon, V., Hill, L.G.: Measuring bias in self-reported data. Int. J. Behav. Healthc. Res. 2(4), 320–332 (2011)
Samat, S., Acquisti, A.: Format vs. content: the impact of risk and presentation on disclosure decisions. In: Thirteenth Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2017), pp. 377–384. USENIX Association, Washington, D.C. (2017)
Schöning, C., Matt, C., Hess, T.: Personalised nudging for more data disclosure? On the adaption of data usage policies format to cognitive styles. In: Proceedings of the 52nd Hawaii International Conference on System Sciences. HICSS 2019, pp. 4395–4404. University of Hawaii at Manoa, Honolulu (2019). https://doi.org/10.24251/HICSS.2019.532
Scott, S.G., Bruce, R.A.: Decision-making style: the development and assessment of a new measure. Educ. Psychol. Meas. 55(5), 818–831 (1995)
Shi, Y., Ye, D., Goder, A., Narayanan, S.: A large scale machine learning system for recommending heterogeneous content in social networks. In: Proceedings of the 34th International ACM SIGIR Conference on Research and Development in Information Retrieval. SIGIR 2011, pp. 1337–1338. Association for Computing Machinery, New York (2011). https://doi.org/10.1145/2009916.2010189
Stachl, C., et al.: Predicting personality from patterns of behavior collected with smartphones. Proc. Natl. Acad. Sci. 117(30), 17680–17687 (2020)
Sunstein, C.R.: Nudging: a very short guide. J. Consum. Policy 37(4), 583–588 (2014)
Thaler, R.H., Sunstein, C.R.: Nudge: Improving Decisions About Health, Wealth, and Happiness. Penguin, New York (2009)
Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. CHI 2017, pp. 3775–3786. ACM, New York (2017). https://doi.org/10.1145/3025453.3026050
Wang, W., Srivastava, G., Lin, J.C.W., Yang, Y., Alazab, M., Gadekallu, T.R.: Data freshness optimization under CAA in the UAV-aided MECN: a potential game perspective. IEEE Trans. Intell. Transp. Syst. 1–10 (2022). https://doi.org/10.1109/TITS.2022.3167485
Wang, Y., Gou, L., Xu, A., Zhou, M.X., Yang, H., Badenes, H.: Veilme: an interactive visualization tool for privacy configuration of using personality traits. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. CHI 2015, pp. 817–826. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2702123.2702293
Wang, Y., Leon, P.G., Acquisti, A., Cranor, L.F., Forget, A., Sadeh, N.: A field trial of privacy nudges for Facebook. In: Proceedings of the 2014 CHI Conference on Human Factors in Computing Systems. CHI 2014, pp. 2367–2376. ACM, New York (2014). https://doi.org/10.1145/2556288.2557413
Wheeler, D.L.: ZXCVBN: low-budget password strength estimation. In: 25th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 16), pp. 157–173. USENIX Association, Washington, D.C. (2016)
Yan, J., Liu, N., Wang, G., Zhang, W., Jiang, Y., Chen, Z.: How much can behavioral targeting help online advertising? In: Proceedings of the 18th International Conference on World Wide Web. WWW 2009, pp. 261–270. Association for Computing Machinery, New York (2009). https://doi.org/10.1145/1526709.1526745
Zhang, B., Sundar, S.S.: Proactive vs. reactive personalization: can customization of privacy enhance user experience? Int. J. Hum.-Comput. Stud. 128, 86–99 (2019)
Zhao, Y., Miao, D., Cai, Z.: Reading personality preferences from motion patterns in computer mouse operations. IEEE Trans. Affect. Comput. 1 (2020). https://doi.org/10.1109/TAFFC.2020.3023296
Zimmermann, V., Renaud, K.: The nudge puzzle: matching nudge interventions to cybersecurity decisions. ACM Trans. Comput. Hum. Interact. 28(1), 7:1–7:45 (2021). https://doi.org/10.1145/3429888
Acknowledgements
This work was supported by the National Natural Science Foundation of China under Grant No. 61472429 and Grant No. 61772538; the National Key R &D Program of China under Grant No. 2017YFB1400702 and Grant No. 2020YFB1005600.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Qu, L., Xiao, R., Shi, W. (2022). Towards Practical Personalized Security Nudge Schemes: Investigating the Moderation Effects of Behavioral Features on Nudge Effects. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_33
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)