invited-talk

Out-of-the-Lab Research in Usable Security and Privacy

Author:

Florian AltAuthors Info & Claims

UMAP '21: Adjunct Proceedings of the 29th ACM Conference on User Modeling, Adaptation and Personalization

Pages 363 - 365

https://doi.org/10.1145/3450614.3464468

Published: 22 June 2021 Publication History

Abstract

The COVID pandemic made it challenging for usable security and privacy researchers around the globe to run experiments involving human subjects, specifically in cases where such experiments are conducted in controlled lab setting. Examples include but are not limited to (a) observing and collecting data on user behavior with the goal of (b) informing the design and (c) engineering novel concepts based on adaptation and personalization as well as (d) evaluating such concepts regarding user performance and robustness against different threat models. In this keynote I will set out with providing a brief introduction to and examples on our research on behavioral biometrics. I will then discuss how the current situation influences research requiring close work with human subjects in lab settings and outline approaches to address emerging issues. Finally, I will provide some examples of out-of-the-lab research and reflect on both challenges and opportunities of these approaches.

References

[1]

Yomna Abdelrahman, Mohamed Khamis, Stefan Schneegass, and Florian Alt. 2017. Stay Cool! Understanding Thermal Attacks on Mobile-Based User Authentication. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). Association for Computing Machinery, New York, NY, USA, 3751–3763. https://doi.org/10.1145/3025453.3025461

Digital Library

[2]

Florian Alt, Mateusz Mikusz, Stefan Schneegass, and Andreas Bulling. 2016. Memorability of Cued-Recall Graphical Passwords with Saliency Masks. In Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia (Rovaniemi, Finland) (MUM ’16). Association for Computing Machinery, New York, NY, USA, 191–200. https://doi.org/10.1145/3012709.3012730

Digital Library

[3]

Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 3011–3020. https://doi.org/10.1145/2207676.2208712

Digital Library

[4]

Daniel Buschek, Benjamin Bisinger, and Florian Alt. 2018. ResearchIME: A Mobile Keyboard Application for Studying Free Typing Behaviour in the Wild. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3173574.3173829

Digital Library

[5]

Daniel Buschek, Alexander De Luca, and Florian Alt. 2015. Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 1393–1402. https://doi.org/10.1145/2702123.2702252

Digital Library

[6]

Daniel Buschek, Alexander De Luca, and Florian Alt. 2016. Evaluating the Influence of Targets and Hand Postures on Touch-Based Behavioural Biometrics. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI ’16). Association for Computing Machinery, New York, NY, USA, 1349–1361. https://doi.org/10.1145/2858036.2858165

Digital Library

[7]

Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, and Dawn Song. 2013. Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication. IEEE Transactions on Information Forensics and Security 8, 1(2013), 136–148. https://doi.org/10.1109/TIFS.2012.2225048

Digital Library

[8]

Michael Fröhlich, Maurizio Wagenhaus, Albrecht Schmidt, and Florian Alt. 2021. Don’t Stop Me Now! Exploring Challenges Of First-Time Cryptocurrency Users. In Proceedings of the 2021 ACM Conference on Designing Interactive Systems (Virtual) (DIS ’21). ACM, New York, NY, USA. (to appear).

Digital Library

[9]

Pascal Jansen and Fabian Fischbach. 2020. The Social Engineer: An Immersive Virtual Reality Educational Game to Raise Social Engineering Awareness. In Extended Abstracts of the 2020 Annual Symposium on Computer-Human Interaction in Play (Virtual Event, Canada) (CHI PLAY ’20). Association for Computing Machinery, New York, NY, USA, 59–63. https://doi.org/10.1145/3383668.3419917

Digital Library

[10]

Mohamed Khamis, Anita Baier, Niels Henze, Florian Alt, and Andreas Bulling. 2018. Understanding Face and Eye Visibility in Front-Facing Cameras of Smartphones Used in the Wild. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–12. https://doi.org/10.1145/3173574.3173854

Digital Library

[11]

Jonathan Liebers, Uwe Gruenefeld, Lukas Mecke, Alia Saad, Jonas Auda, Florian Alt, Mark Abdelaziz, and Stefan Schneegass. 2021. Understanding User Identification in Virtual Reality through Behavioral Biometrics and the Effect of Body Normalization. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3313831.3376840 liebers2021chi.

Digital Library

[12]

John McAlaney and Peter J. Hills. 2020. Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking. Frontiers in Psychology 11 (2020), 1756. https://doi.org/10.3389/fpsyg.2020.01756

[13]

Ken Pfeuffer, Matthias J. Geiger, Sarah Prange, Lukas Mecke, Daniel Buschek, and Florian Alt. 2019. Behavioural Biometrics in VR: Identifying People from Body Motion and Relations in Virtual Reality. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (Glasgow, Scotland Uk) (CHI ’19). Association for Computing Machinery, New York, NY, USA, 1–12. https://doi.org/10.1145/3290605.3300340

Digital Library

[14]

Elissa M Redmiles, Sean Kross, and Michelle L Mazurek. 2019. How well do my results generalize? comparing security and privacy survey results from mturk, web, and telephone samples. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1326–1343.

[15]

Radiah Rivu, Ville Mäkelä, Sarah Prange, Sarah Delgado Rodriguez, Robin Piening, Yumeng Zhou, Kay Köhle, Ken Pfeuffer, Yomna Abdelrahman, Matthias Hoppe, Albrecht Schmidt, and Florian Alt. 2021. Remote VR Studies – A Framework for Running Virtual Reality Studies Remotely Via Participant-Owned HMDs. arxiv:2102.11207 [cs.HC]

[16]

Albrecht Schmidt and Florian Alt. 2020. Evaluation in Human-Computer Interaction – Beyond Lab Studies. Working Document (2020). https://amp.ubicomp.net/wp-content/uploads/2020/04/Evaluation-in-Human-Computer-Interaction-Beyond-Lab-Studies.pdf

[17]

Albrecht Schmidt, Ville Mäkelä, and Florian Alt. 2021. Evaluation in Human-Computer Interaction – Beyond Lab Studies. In Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI EA ’21). Association for Computing Machinery, New York, NY, USA, 1–4.

Digital Library

[18]

Stefan Schneegass, Frank Steimle, Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2014. SmudgeSafe: Geometric Image Transformations for Smudge-Resistant User Authentication. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (Seattle, Washington) (UbiComp ’14). Association for Computing Machinery, New York, NY, USA, 775–786. https://doi.org/10.1145/2632048.2636090

Digital Library

[19]

Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2010. Encountering Stronger Password Requirements: User Attitudes and Behaviors. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, USA) (SOUPS ’10). Association for Computing Machinery, New York, NY, USA, Article 2, 20 pages. https://doi.org/10.1145/1837110.1837113

Digital Library

[20]

Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’07). Association for Computing Machinery, New York, NY, USA, 88–99. https://doi.org/10.1145/1280680.1280692

Digital Library

[21]

Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015. SwiPIN: Fast and Secure PIN-Entry on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 1403–1406. https://doi.org/10.1145/2702123.2702212

Digital Library

[22]

Ding Wang, Qianchen Gu, Xinyi Huang, and Ping Wang. 2017. Understanding Human-Chosen PINs: Characteristics, Distribution and Security. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (Abu Dhabi, United Arab Emirates) (ASIA CCS ’17). Association for Computing Machinery, New York, NY, USA, 372–385. https://doi.org/10.1145/3052973.3053031

Digital Library

Cited By

Mathis FVaniea KKhamis M(2022)Can I Borrow Your ATM? Using Virtual Reality for (Simulated) In Situ Authentication Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00049(301-310)Online publication date: Mar-2022
https://doi.org/10.1109/VR51125.2022.00049

Index Terms

Out-of-the-Lab Research in Usable Security and Privacy
1. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Security services
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

Enhancing research into usable privacy and security
SIGDOC '09: Proceedings of the 27th ACM international conference on Design of communication

Researchers in technical communication and information design have important contributions to make to the field of usable privacy and security, also called user-centered security or trust user experience (TUX). I give some background on the usable ...
Game theoretical analysis of usable security and privacy

Security, privacy, and usability are among the most important concerns in system and application design. Enhanced security, privacy, and usability features in a product definitely lead to remarkable total customer experience. It is commonly seen that ...
What Usable Security Really Means: Trusting and Engaging Users
Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 8533

Non-compliance with security mechanisms and processes poses a significant risk to organizational security. Current approaches focus on designing systems that restrict user actions to make them 'secure', or providing user interfaces to make security ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

UMAP '21: Adjunct Proceedings of the 29th ACM Conference on User Modeling, Adaptation and Personalization

June 2021

431 pages

ISBN:9781450383677

DOI:10.1145/3450614

Editors:
Judith Masthoff
Utrecht University, The Netherlands and University of Aberdeen, UK
,
Eelco Herder
Radboud University, The Netherlands
,
Nava Tintarev
University of Maastricht, The Netherlands
,
Marko Tkalčič
University of Primorska, Slovenia

Copyright © 2021 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2021

Check for updates

Author Tags

Qualifiers

Invited-talk
Research
Refereed limited

Funding Sources

dtec.bw
DFG

Conference

UMAP '21

Sponsor:

UMAP '21: 29th ACM Conference on User Modeling, Adaptation and Personalization

June 21 - 25, 2021

Utrecht, Netherlands

Acceptance Rates

Overall Acceptance Rate 162 of 633 submissions, 26%

Upcoming Conference

UMAP '25

Sponsor:
sigchi
sigchi

33rd ACM Conference on User Modeling, Adaptation and Personalization

June 16 - 19, 2025

New York City , NY , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
118
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)3

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mathis FVaniea KKhamis M(2022)Can I Borrow Your ATM? Using Virtual Reality for (Simulated) In Situ Authentication Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00049(301-310)Online publication date: Mar-2022
https://doi.org/10.1109/VR51125.2022.00049

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten