We study learning & problem processes of hackers. Specifically, we are interested in challenges (obfuscation or other protective measures) and strategies (e.g. reverse engineering) of attacks on hardware circuits through a psychological lens: How do hackers overcome countermeasures? Which types of measures are easy, which are hard to crack? Which individual and task characteristics predict successful hacking of computer hardware.
We study behavior change with and through media. How do individuals acquire behaviors or behavioral responses from media use, both voluntarily (e.g., through educational software in a learning environment) and involuntarily (e.g., undesirable side effects through entertainment media, e.g. the link between displays of violence and aggressiveness).
We study science (and scientists). We conduct empirical research on the principles and mechanics of the production of scientific knowledge, such as the effects of academic peer review, statistical reporting practices, and standardization of behavioral measurement and operationalizations. We are interested in the effectiveness of nascent research practices, e.g. preregistration and sharing of data/materials.
R.Go.Sec aims to empirically study psychological learning and problem solving processes in the IT security of digital technologies. The goal is to generate a psychological model which takes into account user behaviour, attacker strategies and security implementation of hardware and software designers.
One part of the project investigates the cognitive factors and processes underlying problem solving in IT security. The focus here is mainly on the influence of visual characteristics of problems on solution strategies and success. The problems employed in this research are supposed to mirror processes that are essential for the work of IT experts. On the one hand, the extent to which the availability of visual aids facilitates fault diagnosis and troubleshooting in simplified abstract networks is examined.
On the other hand, the effect of different visual representations of problems on problem-solving behavior and performance is studied. This plays a central role especially in the field of Boolean logic, because here multiple representations for the same concepts exist, whereas it remains largely unclear which of these have a beneficial influence on the cognitive processing of Boolean circuits. Since Boolean logic lies at the core of every digital system, its cognitive characteristics are crucial for research on psychological aspects of IT security.
R.Go.Sec regards software, too: We investigate predictors of successful software reverse engineering. At the same time, various strategies to protect software are regarded to assess their effectivity. One of these strategies is called software obfuscation and is the center of focus in these studies, as R.Go.Sec considers this strategy a creative problem solving process. Because digital systems consist of both hardware and software, R.Go.Sec aims at a holistic approach to further deepen an understanding of attacks and protections of these systems and to inform future research in this regard.
While the focus on human factors is common to all subprojects of R.Go.Sec, another specific main objective is concerned with the particularities characterizing the cognition of attackers in the IT domain. What makes a hacker's thinking special? Is there a way to train this skill of comprehending and attacking complex systems? And which cognitive processes should be targeted in the development of protection mechanisms to hamper future attacks?
Funding: 821,048.55 €
Runtime: 01/2018 - 12/2023
Funded by: Ministry of Innovation, Science and Research of North Rhine-Westphalia
Project Administration: Projektträger Jülich (ptj)
HTI is conducting the project "UsableSec@Home: Experiential Data Protection and IT Security in Smart Home Applications" led by the University of Bremen and realized in cooperation with the other project partners, Neusta Mobile Solutions and Certavo.
This project develops and tests new approaches to solve security problems in smart home systems. By gaining empirical insights into fundamental motivational, cognitive and learning psychological processes in the use of such systems, Ruhr University Bochum supports the overall project. A key element of our research is the evaluation of the fit and effectiveness of specific visualization techniques of system and security functions.
In this context, the project examines the extent to which users of smart home devices could make better and, above all, more confident decisions regarding IT security in order to enable an effective protection of their data.
Multi-modal methodological approaches will be pursued throughout the projects’ stages, such as laboratory experiments of the applications, user surveys, vignette studies as well as online experiments. In line with the Open Science Initiative, studies will be pre-registered, and their data made available in appropriate repositories.
Partners: University of Bremen (Coordinator), neusta mobile solutions GmbH, certavo GmbH
Funding: Total 1.72 Mio. € (86% funded by BMBF), RUB 283,965.70 €
Runtime: 05/2020 - 04/2023
Funded by: Bundesministerium für Bildung und Forschung (BMBF)
Project Administration: VDI/VDE Innovation + Technik GmbH