Dates and Location: October 16 & 17, 2023 Copenhagen, Denmark
The European Symposium on Usable Security (EuroUSEC) serves as a European forum for research and discussion in the area of human factors in security and privacy. EuroUSEC solicits previously unpublished work offering novel research contributions or clearly articulated research visions in any aspect of human-centered security and privacy. The aim of EuroUSEC is to bring together an interdisciplinary group of researchers and practitioners in human-computer interaction, security, and privacy. Participants are researchers, practitioners, and students from domains including computer science, engineering, psychology, the social sciences, and economics.
EuroUSEC is an independent event in Copenhagen without any affiliation to any conference. We strive to keep registration costs to a minimum.
The International Conference Proceedings Series (ICPS) of ACM has accepted our application, and similar to last year, the EuroUsec proceedings will be published by ACM this year as well.
We will require one author of each accepted paper to present the paper in person. In certain circumstances, people who cannot travel may present their papers virtually. Under the same restrictions, we will ask keynote speakers to come and present in person.
We want EuroUSEC to be a community-driven event and would love to hear any questions, comments, or concerns you might have regarding these changes from last year. Therefore we want to encourage everyone to join the EuroUSEC Slack. Alternatively, you can email the program chairs with any questions or concerns..
EuroUSEC is part of the USEC family of events. You can find more info about all USEC events at: https://www.usablesecurity.net/USEC/index.php
Jetzabel M. Serna-Olvera
Talk Title: TBA
Biography: Dr. Jetzabel M. Serna-Olvera is the CEO and Co-founder of SAPAR GmbH, with over 18 years of experience in the global cybersecurity sector. She holds a Bachelor's degree in Computer Systems Engineering, a Master's degree in Computer Science and Communications Engineering, and a PhD in cybersecurity. Throughout her career, she has worked in various roles including software engineer (Tijuana City Council), security researcher (esCERT-UPC and LaCaixa Bank), and cybersecurity strategist (Continental, Rober Bosch GmbH, and Geely). She has contributed as an assistant professor at the Goethe University of Frankfurt and an external lecturer at the RheinMain University of Applied Sciences. Dr. Serna-Olvera has contributed to national and international research projects and her work focuses on Vulnerability Management, Incident Response, Threat Intelligence, and nurturing a culture of cybersecurity. She is passionate about fostering information sharing, addressing privacy issues, and integrating cybersecurity into core business operations.
Albin Zuccato
Talk Title: TBA
Biography: Albin is currently Chief Information Security Officer at ICA Gruppen AB. In this role, he maintains and develops Information Security, Cyber Security, and IT privacy. He holds a Ph.D. in information security management and is CISSP, CISA, ISO 27001 Lead Implementer, and Lead Auditor certified. Albin has worked in information security, IT security, and data protection since 1997. He has experience in the financial industry, public sector, cloud services, retail, and telecom industry as well as international research projects. Albin lectures regularly at universities about Privacy & Data Protection, Information Security Management, and Security Development. He is also an invited speaker at various conferences on information security topics.
Please consider submitting a poster to EuroUSEC 2023 based on the paper you submitted previously, or on some other topic. The posters will be reviewed by the two chairs.
Deadline: 4th 8th September 2023 (AoE)
Notification: 10th 14th September 2023 (AoE)
Prefix the paper title with: POSTER:
If accepted, at least one author has to attend the conference to discuss the poster with interested attendees.
We will include the submitted abstract on the conference website if authors consent to this. The posters/abstracts will not be included in the conference proceedings.
Please note, you don't need to submit your actual poster at the moment.
Background. 3-D Secure 2.0 (3DS 2.0) is an identity federation protocol authenticating the payment initiator for credit card transactions on the Web.
Aim. We aim to quantify the impact of factors used by 3DS 2.0 in its fraud-detection decision making process.
Method. We ran N=64 credit card transactions with two Web sites systematically manipulating the nominal IVs machine_data, value, region, and website. We measured whether the user was challenged with an authentication, whether the transaction was declined, and whether the card was blocked as nominal DVs. We established three logistic regression models to quantify the impact of the predictors on the likelihood of the transaction outcomes.
Results. A change in machine_data, region or value made it 5-7 times as likely to be challenged with password authentication. However, even in a foreign region with another factor being changed, the overall likelihood of being challenged only reached 60%. When in the card's home region, a transaction will be rarely declined (< 5% in control, 40% with one factor changed). However, in a region foreign to the card the system will more likely decline transactions anyway (about 60%) and any change in machine_data or value will lead to a near-certain declined transaction.
Conclusions. We found that the decisions to challenge the user with a password authentication, to decline a transaction and to block a card are governed by different weightings. 3DS 2.0 is most likely to decline transactions, especially in a foreign region. It is less likely to challenge users with password authentication, even if machine_data or value are changed.
We invite you to submit a paper and join us at EuroUSEC 2023.
We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches.
We will review longer papers on mature/completed work in a research track, as well as shorter papers on work in progress, or work that has yet to begin, in a vision track. We aim to provide a venue for researchers at all stages of their careers and at all stages of their projects.
Topics include, but are not limited to:
It is mandatory for at least one author to attend EuroUSEC (either in person or virtually in certain circumstances).
Paper registration deadline (mandatory): | Monday, 5th June, 2023 (Anywhere on Earth) |
Paper submission deadline: | Friday, 9th June, 2023(Anywhere on Earth) |
Notification: | |
Revision decision re-submission deadline: | |
Revision notification: | |
Camera ready (ACM proceedings): | Sunday, 10th September, 2023 |
Camera ready (authors' version, to be uploaded to HotCRP): | Sunday, 1st October, 2023 |
Registration, authors (online and onsite) | Friday, 1st September, 2023 |
Registration, all (onsite) | Saturday, 16th September, 2023 |
Registration, all (online) | Sunday, 1st October, 2023 |
EuroUSEC: | 16th & 17th October, 2023 |
Research Track: The research track is intended to report on mature work that has been completed. The goal of the EuroUSEC's research track is to disseminate results of interest to the broader usable security and privacy community. Papers must not be more than 16 pages in length using the one-column submission format excluding the bibliography. Try to scale the length of the paper according to the contributions you describe therein. Authors have the option to attach to their paper‘s supplementary appendices with study materials (e.g., survey instruments, interview guides, etc.) that would not otherwise take up valuable space within the body of the paper. Reviewers are not required to read appendices, so your paper should be self-contained without them. ACM also allows publication of additional supplemental materials and we want to encourage authors to use this option to provide research artifacts (e.g., builds of own software used in the study).
Vision Track: The vision track is intended to report on work in progress or concrete ideas for work that has yet to begin. The focus in the vision track is to spark discussion with the goal to provide the authors helpful feedback, pointers to potentially related investigations, and new ideas to explore. Suitable submissions to the vision track include traditional work-in-progress pieces such as preliminary results of pre-studies, but also research proposals and position papers outlining future research. Papers must be up to 9 pages in length using the one-column format, including the bibliography and with no appendices.
Upload your submission via this link:
Simultaneous submission of the same paper to another venue with proceedings or a journal is prohibited. Serious infringements of these policies may cause the paper to be rejected from publication and the authors put on a warning list, even if the paper is initially accepted by the program committee. Contact the EuroUSEC chairs if there are questions about this policy.
You are free to publish a pre-print of your paper on arXiv, SSRN or similar, if you wish to.
Contact the EuroUSEC chairs if there are any questions.
Because of the Russian invasion in Ukraine, current guidelines of our host IT University of Copenhagen (ITU) prohibit hosting guests from research institutions in Russia and Belarus at ITU. We therefore encourage researchers from such institutions to be mindful of these regulations and to check whether they will be able to attend EuroUSEC before submitting their work.
The chairs can be contacted at Oksana Kulyk and Farzaneh Karegar
As last year, all times in the program are given in the Central European (Summer) Time Zone (CEST). You can use this link to convert the times to any time zone you wish.
The preliminary program is available below. Specific details for sessions and keynotes will be published as soon as we finished the planning.
EuroUSEC will be held from October 16 - 17 in Copenhagen, Denmark. Event location is IT University of Copenhagen, located at Rued Langgaards Vej 7, DK-2300 Copenhagen S . The university is reachable via public transportation (metro and bus), see https://dinoffentligetransport.dk/en/ for more information about tickets.
The following hotels are well-connected to the university, either being via walking distance or being close to a city center and directly connected to the university via either bus or metro:
To make EuroUSEC as effective as possible for everyone, we ask that all participants commit to our social contract:
Further information will be available soon
Registration is mandatory for participation in EuroUSEC. Please register using the following link: Register Now
At least one author for each accepted paper has to register until September 1st. For the rest of the participants, the registration will be open until September 16th for onsite participants and until October 1st for online participants.
The prices for the registration are as follows (in Danish krones, 7,45 DKK is approximately 1 EUR). At least one registration using the "Author" option (either online or onsite) is required for each paper. Note, we strognly encourage the authors to present their paper onsite, while the online option is available to those who have difficulties in travelling.
Author (online) | 2500 DKK |
---|---|
Author (onsite) | 2500 DKK |
Standard (online) | 1500 DKK |
Standard (onsite) | 2000 DKK |
Student (online) | 1000 DKK |
Student (onsite) | 1000 DKK |