End User Threat Models Regarding Device Encryption


Supervision: Konstantin Fischer

Start date: As soon as pos­si­ble

More details:


When an unskilled attacker (think: thief) gains physical access to a user’s laptop, accessing the user’s data is trivial. They can boot a different OS from a usb stick or simply removing the hard drive and connect it to a different machine. Device Encryption (like BitLocker, VeraCrypt, FileVault) can protect from these attacks. The aim of this thesis is to investigate the following questions:
  • Are everyday end users aware of this threat?
  • If they are aware, do they care about this threat?
  • Are they aware of Device Encryption as a countermeasure?
  • If they are aware and care about this threat, what keeps them from using device encryption?
To investigate these questions, the student should:
  • Design a short interview guide for a qualitative interview study investigating the questions above
  • Conduct and evaluate a number of interviews using this guide
  • Design a questionnaire based on the results from above to gather quantitative data on the topic. (Designing a good questionnaire is hard work!)