Enterprise Organization of National Program of Excellence in Software

Security Laboratory, Two Papers Accepted to CHI 2026

Empirical Analysis of the Limits of User Awareness and Response Behavior After Large-Scale Security Incidents

Two research papers from the Security Laboratory at Sungkyunkwan University (Advisor: Professor Hyoungshick Kim) have been accepted to CHI 2026, the most prestigious international conference in the field of HCI. This achievement is significant in that it empirically analyzes how users understand risks and what response behaviors they actually exhibit following large-scale security incidents. One study, conducted in collaboration with KAIST, examines a major SIM data breach in South Korea, while the other, conducted with Georgia Tech and Samsung Research, analyzes changes in cryptocurrency users’ security perceptions and response patterns following the collapse of FTX. Both studies move beyond focusing solely on technical vulnerabilities and instead examine user perception, trust, and behavior, highlighting the importance of user-centered security design.

The first paper, "Mind the SIM: Awareness and Mental Models in a South Korean Case Study,” investigates how users understand risks related to SIM-based authentication in the context of a large-scale SIM authentication data breach in South Korea in 2025. Through interviews and mental model analysis with 33 participants, the research team found that while many users were aware that the incident had occurred, they did not clearly understand what information had been leaked or the potential risks it could lead to. In particular, users tended to vaguely perceive the severity of the incident while underestimating their own risk, or assumed that it was the responsibility of telecom providers, leading to a lack of proactive response. This demonstrates that the often-cited “gap between awareness and action” in security incidents clearly exists in the domain of telecommunications authentication infrastructure as well. Based on these findings, the researchers suggest that future telecommunications security services and authentication systems should be designed not only for technical robustness but also with explanatory frameworks and guidance structures that help users accurately understand risks and translate that understanding into protective actions.

The second paper, “I just have faith in my wallet to not mismanage my crypto”: Investigating Changes in Users’ Security Perceptions Post-FTX Collapse,” examines how cryptocurrency users perceive the security of custodial versus non-custodial wallets after the collapse of FTX, and whether these perception changes lead to actual behavioral responses. Based on 22 in-depth interviews and a follow-up survey of 430 participants, the study found that trust in centralized exchanges generally declined after the incident, while self-managed wallets were perceived as more secure. However, these shifts in perception did not consistently translate into action. Many users continued to keep their assets in existing services, and a considerable number did not fully understand the fundamental structure in which exchanges hold their private keys. Notably, some users recognized the risks but took no action, while others believed they were using safer methods but in reality remained within risky structures. The researchers emphasize that security communication in cryptocurrency services should go beyond simply providing information and instead help users concretely assess their risks and take immediate action.

The acceptance of these papers to CHI 2026 demonstrates that the Security Laboratory has established international competitiveness not only in technology-driven security research but also in human-centered security research that closely examines real user experiences and behaviors. Although the two studies focus on different domains, both empirically confirm that even after large-scale incidents, users repeatedly exhibit limited understanding, incomplete mental models, and delayed responses. This suggests that future security technologies should not only aim to build more secure systems but also evolve to support users in understanding risks and responding appropriately.

The findings of both studies will be presented on April 14 (local time) at ACM CHI 2026 in Barcelona.