End User Threat Models Regarding Device Encryption
As soon as possible
- When an unskilled attacker (think: thief) gains physical access to a user’s laptop, accessing the user’s data is trivial. They can boot a different OS from a usb stick or simply removing the hard drive and connect it to a different machine. Device Encryption (like BitLocker, VeraCrypt, FileVault) can protect from these attacks. The aim of this thesis is to investigate the following questions:
- Are everyday end users aware of this threat?
- If they are aware, do they care about this threat?
- Are they aware of Device Encryption as a countermeasure?
- If they are aware and care about this threat, what keeps them from using device encryption?
- To investigate these questions, the student should:
- Design a short interview guide for a qualitative interview study investigating the questions above
- Conduct and evaluate a number of interviews using this guide
- Design a questionnaire based on the results from above to gather quantitative data on the topic. (Designing a good questionnaire is hard work!)