InUse – Supporting users’ decision on the trustworthiness of websites

Users can access an astonishing range of services through the web, ranging, for example, from product reviews and online shopping to online banking. However, despite a decade of intensive research in web security, it remains difficult for many end users to use these services securely: A host of threats endanger their privacy or lead to monetary losses. The key reason is that individual security mechanisms to mitigate these threats – such as HTTPS and PKIs – are only suboptimally integrated within the web ecosystem of web pages, web browsers, and end users. As a result, existing mechanisms are imprecise and require a substantial amount of expertise on the part of the end users, who consequently see warnings within the web browser as a nuisance.

In InUse, the expertise of the partners in the fields of usable security (CASED), legal sciences (Universität Kassel), IT auditing (usd), and digital identity (Kobil) enables the project to strive for an integrated approach to mitigate web security threats. The project particularly aims to improve the precision of end-user decision support and warnings, and to increase the effectiveness of the respective communication with end users. Moreover, for a holistic approach, the project also covers the legal aspects that govern the implementation of the mitigations, the technical challenges to protect sensitive personal data related the mitigations, and the auditing of web pages as a basis for risk evaluations.

Funded by: Gefördert durch Bundesministerium der Justiz und für Verbraucherschutz aufgrund eines Beschlusses des Deutschen Bundestages

Partner: University of Kassel, usd and Kobil

Period: 01.02.2012 – 31.01.2015