Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays
Reyhan Duezguen, Peter Mayer, Sanchari Das, Melanie Volkamer
TTowards Secure and Usable Authentication forAugmented and Virtual Reality Head-Mounted Displays
Reyhan Duezguen ∗ , Peter Mayer ∗ , Sanchari Das † , Melanie Volkamer ∗∗ SECUSO - Security, Usability, Society, Karlsruhe Institute of Technology † University of Denver, Indiana University Bloomington ∗ fi[email protected], † [email protected] Abstract
Immersive technologies, including augmented and virtualreality (AR & VR) devices, have enhanced digital commu-nication along with a considerable increase in digital threats.Thus, authentication becomes critical in AR & VR technol-ogy, particularly in shared spaces. In this paper, we proposeapplying the ZeTA protocol that allows secure authentica-tion even in shared spaces for the AR & VR context. Weexplain how it can be used with the available interaction meth-ods provided by Head-Mounted Displays. In future work,our research goal is to evaluate different designs of ZeTA(e.g., interaction modes) concerning their usability and users’risk perception regarding their security - while using a cross-cultural approach.
New-age technologies help to connect people despite geo-graphical constraints. However, such technological evolutionbrings new risks. Augmented and virtual reality (AR & VR)are such technologies that have expanded considerably andare projected to reach $114 billion and $65 billion, respec-tively, by 2021 [44]. AR & VR systems like the Oculus andGoogle Glass increasingly promise to provide social activitieslike interactive gaming, virtual shopping, or attending virtualmeetings [46]. Many of these activities happen in so-calledshared spaces, i.e., places not strictly public, but where multi-ple people are present at the same time [22]. However, thesetechnologies also introduce new security challenges in AR& VR [24], including authentication challenges. Nowadays,authentication on AR & VR systems is neglected or carriedout on the smartphone or PC [6]. Yet, if authentication isrequired during a VR experience, e.g., paying for a product
Copyright is held by the author/owner. Permission to make digital or hardcopies of all or part of this work for personal or classroom use is grantedwithout fee.
Who Are You?! Adventures in Authentication (WAY) 2020.
August 7, 2020, Virtual Conference. or entering a virtual conference, the user must take off theHead-Mounted Display (HMD), interrupting the virtual expe-rience. Such challenges motivated our research direction toimplement more secure and usable authentication strategiesfor AR & VR devices.A naive approach using voice recognition technology of theHMD as an authentication strategy might put users at serioussecurity risks, especially in public and shared spaces. Anothermethod could be to use the available sensors for biometricauthentication, e.g., gait recognition [18]. Such authenticationschemes are designed for continuous authentication. The goalof our research is to focus on authenticating services whenneeded. Additionally, biometric-based approaches wouldalso hamper authenticating with someone else’s HMD (as itwould first need to be trained) and may have several privacyconcerns. Thus, what is needed is a secure (especially inshared spaces) and usable authentication scheme, which onlyuses the sensors of the HMDs while being privacy-preserving.Therefore, we are proposing a shoulder-surfing resistantauthentication scheme that relies only on the equipment ofthe AR & VR HMDs.
The proposed authentication scheme is based on our pre-vious research: the Zero-Trust Authentication (ZeTA) proto-col [23]. In this paper we describe how ZeTA can be appliedto the AR & VR context. Our future research goal is to imple-ment the proposed authentication scheme using a user-centreddevelopment approach and conduct user studies to evaluate itsusability and users’ risk perception. Note, since organizationsaim to provide their products and services worldwide, it is inparticular interesting to understand the cultural differences inthe use and perception of upcoming technologies like AR &VR.The importance of social and cultural aspects when inves-tigating the acceptability and appropriateness of technologyare shown in many papers [3, 12, 28, 49]. Hofstede’s [48] fivecultural dimensions (namely power distance, individualism,masculinity, uncertainty avoidance and long-term orientation)are widely used to quantify national differences. These cul-tural dimensions showed many times an association towardstechnology use [1,13,50]. Some studies also discovered differ-ences on perceived usability among different cultures [40, 43].The impact of cultural aspects on the use and acceptance ofHMDs and authentication schemes has yet to be determined.1 a r X i v : . [ c s . CR ] J u l ser Web Service User requests accountZeTA assigns secret to userUser requests authenticationZeTA sends challenge to userUser responds to challengeRepeated until desired security level is reachedZeTA grants access to user if user could respond to challenges
Enrolment requires a non-compromised device and a private channel
Authentication only requires the server to be not compromised
Figure 1: Overview of Zero-Trust Authentication (ZeTA) in AR & VR Context.Thus, the study is going to be conducted in Germany and theU.S. for cross-cultural analysis.
Prior research has proposed and developed different authen-tication schemes on HMDs. Yu et al. [53] and George etal. [20] investigated well-established concepts for the VR con-text, such as PINs or 2D and 3D sliding patterns within VRenvironments. These concepts, though helpful for authentica-tion, have some security concerns. For example, bystanderscan observe or even record the movement which can helpthem to guess the password from the controller’s action.Additionally, for AR devices like Google Glass, Islam etal. [25] proposed tapping gestures on the glasses’ temple anduse tapping patterns as a means to authenticate. Winkleret al. [52] introduced an authentication method that is moreresistant to observations by using AR glasses in combinationwith the smartphone. The glasses show a randomly createdPIN pad on the private display according to which the user caninput password through their smartphone. Other proposalsinclude biometric authentication based on head and bodymovement [31,37,39] or the human visual system [29,32,34].These proposals require either additional hardware (such as asmartphone) or a training phase to capture the user’s biometricpattern. In contrast, our proposal requires neither.For any proposal aiming to advance authentication for AR& VR devices, investigating societal and cultural aspects intechnology adoption is critical. Prior studies have shown thatauthentication behaviour, usage, and experience is influencedvastly by age [11], cultural differences [2], and geographicallocations [42, 45, 51]. Riley et al. investigated regional differ-ences in the perception of biometric authentication in India,South Africa, and the United Kingdom [45]. Volkamer et al.observed in a field study PIN usage at ATMs and in variouselectronic payment scenarios in Germany, Sweden, and theUnited Kingdom [51]. Given prior evidence, it is essentialto evaluate the impact of different countries when designinga new authentication scheme, especially for new-age tech-nologies. These technologies, such as AR & VR are usedworldwide where the demographical, societal, and culturalimpact can play a critical role. Yet, in the AR & VR space, we found very little researchon cross-cultural aspects. Jung et al. [27] and Lee et al. [30]explored the cultural differences in the adoption of mobileAR in South Korea and Ireland. Few studies investigated theeffect of web-based AR on online shopping and comparedresults from different countries inside of Europe [19, 41].These studies identified differences in the use and perceptionof mobile and web-based AR applications between countries.Despite such critical research, to our knowledge, there areno cross-cultural studies in AR & VR with HMDs. Thus,comparing HMD usage in different countries in the contextof authentication will be novel and, therefore, very valuable.
The goal of this work is to propose an authentication schemefor the AR & VR devices, which is resistant to observationand only relies on the sensors integrated into the most AR &VR HMDs. Our proposed authentication scheme is based onour previous research on observation resistant authentication:the Zero-Trust Authentication (ZeTA) protocol [23]. Here,we first provide a summary of the ZeTA protocol and explainhow it could be applied in the AR & VR context.
ZeTA is a knowledge-based authentication protocol, i.e., theuser has to memorize a secret analogously to text passwords.In this section we describe its working principle, which isalso illustrated in fig. 1.The general idea of ZeTA is to expand upon the humancapacity to build up semantic networks of related conceptsand is thus based on innate human-based computation. Tothat end, ZeTA requires a knowledge base of concepts (e.g.,words or symbols) and their semantic relations. The users’secrets in ZeTA consist of two or more concepts and logicalconnections between them (i.e., AND, OR, NOT), e.g., “yel-low OR wheel”. This secret is generated and assigned to theuser by ZeTA during the enrolment of the user. The enrolmenthas to be performed through a private channel between thesystem and the user.2he authentication is based on a challenge-response inter-action. The user has to determine whether a specific attributeis related to their secret or not, e.g., if the secret was “yel-low OR wheel” and the challenge was “sunflower”, then thecorrect answer would be “yes”. Note that all challenges arepre-generated as part of the creation of the user secret andstored as described in [23]. Thereby, the secret is chosen suchthat it partitions the knowledge base equally in yes and nochallenges (i.e., half of the attributes are related to the secretand half of the attributes are not related to the secret).Due to its design, ZeTA can allow errors in responsesby the users to compensate for innate differences in users’interpretations of the semantic relations between concepts.This can potentially increase ZeTAs usability but might im-pair security if the two are not carefully balanced. It alsohighlights the importance of cultural effects. The systemrepeats the challenge-response protocol until the desired cer-tainty threshold is achieved; i.e., the probability of the userbeing an impostor is sufficiently small. Consequently, ZeTAcan be scaled seamlessly to arbitrary security levels. Whenuser errors are not allowed during an authentication attempt,according to [23] ZeTa can easily reach PIN-level securitywith 14 challenges. The usual online guessing threshold of10 [16] can be achieved as easily using 25 challenges, whileeven allowing for one error by the user [23].As stated above, the enrolment procedure of ZeTA relies ona private channel. In contrast, after the enrolment, ZeTA wasdesigned with the threat model as introduced by Matsumotoand Imai [35] in mind. The attacker can compromise thecommunication channels and even the user’s device. Thus,ZeTA relies only on the server being secure. Proofs for lowerbounds on the number of observations required to learn asecret based on a probably approximately correct learningmodel are presented in the original publication [23]. Augmented and Virtual Reality HMDs provide various inter-action methods depending on the capabilities of the device.Examples of input systems are controller, head movement,gesture, and voice recognition. The core output system isthe private display (i.e., optics that create the virtual image)combined with audio. The idea underlying the usage of ZeTAin the AR & VR context is that the challenge is shown on thedisplay of the HMDs. The user responses are entered usinginput options, which can be found in most of the AR & VRHMDs. Thus, we avoid dependencies on additional hardware.Concerning the entry of the response to the system’s challengeby the user, the following interaction options can be used: 1)voice control, 2) head movement, and 3) buttons on the VRcontroller or touch controls on the AR glasses. Additionally,finding the right number of challenges as a trade-off betweenusability and security while considering the specifics of theAR/VR context is an important aspect of the development ofthe ZeTA implementations for our user study.The advantage of using ZeTA as an authentication schemefor the AR/VR context is that shoulder-surfing resistance doesnot need to be empirically evaluated due to the aforemen-tioned security proofs. Therefore, the lower bound of neededobservations holds no matter whether the attacker observes the communication channel, the user’s interaction, or eventhe private display of the HMD. The user input can even beprocessed by the web server and does not need to burden thecapacity of the HMD without impairing the user’s privacy.The only time the user is required to use a non-compromiseddevice and a private channel is when being assigned the secretby ZeTA during enrolment.
The proposed authentication scheme will be implementedas mock-up for both AR & VR HMDs, as well as for eachinteraction method. The development is based on a human-centered design approach: the mock-ups are tested and im-proved iteratively by evaluating different design variations ofthe outputs and inputs with users to maximize the authenti-cation scheme’s usability. Options for the output to show thechallenges are text, image, and audio. Options for the input ofthe responses are: voice, head movement, and buttons/touchcontrols (cf. section 3.2). There might also be different ap-proaches to give feedback to the user after answering eachchallenge or to proceed from one challenge to the next one.
As future work, we will evaluate the three interaction methodsof the proposed authentication scheme through in-lab userstudies. We are planning to use Google Glass for the ARapplication and the Oculus Rift S for the VR application. Thestudy design is built upon our research on shoulder-surfingresistant authentication using gamepads [36].
The evaluation of the authentication scheme for each of theAR & VR HMDs and each of the three interaction methods(voice, head movement, and touch/press) will be based onusability criteria and users’ risk perception regarding the au-thentication protocol security. Usability is measured by userseffectiveness, efficiency and satisfaction with the authentica-tion scheme. Thus, our research goal for future work is:
Identifying the best interaction method for authenticatingthrough ZeTA on both, AR & VR HMDs, i.e., the method thatprovides the highest effectiveness, efficiency, and satisfactionas well as the lowest perceived risk by users regarding thesecurity of the authentication process.
We aim to inspect the cross-cultural influence by conductingidentical studies in Germany and the United States. Germanyand the U.S. are interesting cultures to compare becauseof their global influence in the field of technology [21, 38].Both of these nations share much in common (democraticgovernments, similar linguistic roots), they also have some in-teresting differences (ethical heterogeneity, capitalistic versussocialistic approach) [47]. Additionally, it is predicted that theAR/VR market will rise globally, especially in U.S. (96.1%Compound annual growth rate (CAGR)) and in Western Eu-ropean countries (104.2% CAGR), including Germany [8].3igure 2: Main study protocol.
After completing the implementation, a pre-study is plannedto pilot and refine the study protocol of the main study, whichis described below. The authentication scheme is tested witheach combination of the device (i.e., AR, VR) and interac-tion method (i.e., voice, head gestures, button/touch controls)regarding its usability and users’ risk perception regardingits security mechanism. The study will be conducted in both,Germany and the United States. Therefore, 12 (2x3x2) groupsare used to collect data as visualized in fig. 3.Each participant will test all three interaction methods. Toavoid first-order carryover effects, the allocation of the partic-ipants will be specified with the Latin Square Design [7] thatcounterbalances sequential effects. The procedure of the mainstudy is presented in figure 2. We will ask two participantsto come to the lab simultaneously. Both of the participantswill receive an explanation of the ZeTA scheme and will begiven a user scenario with three different randomly generatedpasswords. Then, we will run a 3-step evaluation process:1. Participant-1 authenticates on the HMD three times.Participant-2 observes the process.2. Now they change roles: participant-2 authenticates onthe HMD three times. Participant-1 observes the process.3. Both participants answer questions in a survey as wellas we conclude with a short semi-structured interview.By having two participants in the lab simultaneously, weaim to create a higher validity setting with respect to evalu-ating users’ risk perception. Secrets will be assigned to theparticipants by the system. Each of them will have time aloneto memorize their secret. As a baseline for the configuration,we propose to use the online guessing resistance threshold of10 [16]. This is in line with the envisioned types of accountsused on the HMDs (e.g., purchasing media content from ononline service). Before conducting the study, we will ask forethical approval. Participants will be compensated based onthe minimum wage regulations in the U.S. and Germany.Figure 3: Allocation of the groups in the main user study. The effectiveness will be measured by the ratio of correctpassword entries among the three. Efficiency will be assessedby the average time needed for authentication across the threepasswords. Satisfaction will be measured with the SystemUsability Scale (SUS) that covers users’ subjective reactionsto using the scheme [4]. To examine the user’s risk percep-tion, the scales proposed by Fischhoff et al. [15], Liang &Xue [33], and Das [9] will be adapted to our use case. Therisk perception metric is defined by nine characteristics ofthe risk: 1) voluntariness, 2) immediacy, 3) knowledge of theexposed, 4) knowledge of experts, 5) control, 6) newness, 7)common-dread, 8) chronic-catastrophic, and 9) severity. Of-fline, this framework informed four decades of research in riskperception and public policy in a diversity of risk domains,e.g., environmental risk [17] and health risk [26]. Online, thisframework has been used to explain perceptions of technicalsecurity risks [5, 10] and insider threats [14]. Acknowledgments
This work was supported by the German Federal Ministry ofEducation and Research (BMBF) in the Competence Centerfor Applied Security Technology (KASTEL), Karlsruhe Insti-tute of Technology; Secure and Privacy Research in New-AgeTechnology (SPRINT) Lab, University of Denver; and Hu-man and Technical Security (HATS) Lab, Indiana University.Any opinions, findings, and conclusions or recommendationsexpressed in this material are solely those of the author(s).
References [1] Said S Al-Gahtani. Extending the technology accep-tance model beyond its country of origin: a cultural testin western europe. In
Advanced Topics in InformationResources Management, Volume 1 , pages 158–183. IGIGlobal, 2002.[2] Hani Moaiteq Aljahdali and Ron Poet. The affect of fa-miliarity on the usability of recognition-based graphicalpasswords: Cross cultural study between saudi arabiaand the united kingdom. In , pages1528–1534, 2013.[3] David Benyon, Phil Turner, and Susan Turner.
De-signing interactive systems: People, activities, contexts,technologies . Pearson Education, 2005.[4] John Brooke. Sus: a “quick and dirty’usability.
Usabil-ity evaluation in industry , page 189, 1996.[5] L. Jean Camp. Mental models of privacy and security.
SSRN Electronic Journal , 2006.46] Pan Chan, Tzipora Halevi, and Nasir Memon. Glass otp:Secure and convenient user authentication on googleglass. In
Financial Cryptography and Data Security ,pages 298–308. Springer, 2015.[7] Renita Coleman.
Designing experiments for the socialsciences: How to plan, create, and execute researchusing experiments . Sage publications, 2018.[8] IDC: International Data Corporation. Worldwidespending on augmented and virtual reality expectedto reach $18.8 billion in 2020, according to idc. . idc . com/getdoc . jsp?containerId=prUS45679219 , 2019. Accessed: 2020-07-17.[9] Sanchari Das. A Risk-reduction-based IncentivizationModel for Human-centered Multi-factor Authentication .PhD thesis, Indiana University, 2020.[10] Sanchari Das, Jacob Abbott, Shakthidhar Gopavaram,Jim Blythe, and L Jean Camp. User-centered risk com-munication for safer browsing. In
Proceedings of theFirst Asia USEC-Workshop on Usable Security, In Con-junction with the Twenty-Fourth International Confer-ence International Conference on Financial Cryptogra-phy and Data Security , 2020.[11] Sanchari Das, Andrew Kim, Ben Jelen, Joshua Streiff,L Jean Camp, and Lesa Huber. Towards implementinginclusive authentication technologies for older adults.
Who Are You , 2019.[12] Jayati Dev, Sanchari Das, Yasmeen Rashidi, and L JeanCamp. Personalized whatsapp privacy: Demographicand cultural influences on indian and saudi users.
Avail-able at SSRN 3391021 , 2019.[13] Abdul Azeez Erumban and Simon B De Jong. Cross-country differences in ict adoption: A consequence ofculture?
Journal of world business , 41(4):302–314,2006.[14] Fariborz Farahmand and Eugene H Spafford. Under-standing insiders: An analysis of risk-taking behavior.
Information Systems Frontiers , 15(1):5–15, 2013.[15] Baruch Fischhoff, Paul Slovic, Sarah Lichtenstein,Stephen Read, and Barbara Combs. How safe is safeenough? a psychometric study of attitudes towards tech-nological risks and benefits.
Policy sciences , 9(2):127–152, 1978.[16] Dinei Florêncio, Cormac Herley, and Paul C vanOorschot. An Administrator’s Guide to Internet Pass-word Research. In
Large Installation System Adminis-tration Conference , pages 35–52. USENIX, 2014.[17] James Flynn, Paul Slovic, and Chris K Mertz. Gender,race, and perception of environmental health risks.
Riskanalysis , 14(6):1101–1108, 1994.[18] Davrondzhon Gafurov, Kirsi Helkala, and Torkjel Søn-drol. Biometric gait authentication using accelerometersensor.
JCP , 1(7):51–59, 2006. [19] Stéphanie Gautier, Claire Gauzente, and Maiju Aikala.Are ar shopping services valued the same way through-out europe? a four-country q-investigation.
Systemesd’information management , 21(1):69–102, 2016.[20] Ceenu George, Mohamed Khamis, Emanuel vonZezschwitz, Marinus Burger, Henri Schmidt, FlorianAlt, and Heinrich Hussmann. Seamless and securevr: Adapting and evaluating established authenticationsystems for virtual reality. In
NDSS , 2017.[21] Marilyn Greenstein-Prosch, Thomas E McKee, andReiner Quick. A comparison of the information tech-nology knowledge of united states and german audi-tors.
The International Journal of Digital AccountingResearch , 8(14):45–79, 2008.[22] Jan Gugenheimer, Christian Mai, Mark McGill, JulieWilliamson, Frank Steinicke, and Ken Perlin. Chal-lenges using head-mounted displays in shared and socialspaces. In
EA CHI , pages 1–8, 2019.[23] Andreas Gutmann, Karen Renaud, Joseph Maguire, Pe-ter Mayer, Melanie Volkamer, Kanta Matsuura, and JörnMüller-Quade. Zeta-zero-trust authentication: Relyingon innate human ability, not technology. In
EuroS&P ,pages 357–371. IEEE, 2016.[24] Jassim Happa, Mashhuda Glencross, and Anthony Steed.Cyber security threats and challenges in collaborativemixed-reality.
Frontiers in ICT , 6:5, 2019.[25] MD Rasel Islam, Doyoung Lee, Liza Suraiya Jahan,and Ian Oakley. Glasspass: Tapping gestures to unlocksmart glasses. In AH , pages 1–8, 2018.[26] Branden B Johnson and Paul Slovic. Presenting un-certainty in health risk assessment: initial studies ofits effects on risk perception and trust. Risk Analysis ,15(4):485–494, 1995.[27] Timothy Hyungsoo Jung, Hyunae Lee, Namho Chung,and M Claudia tom Dieck. Cross-cultural differences inadopting mobile augmented reality at cultural heritagetourism sites.
IJCHM , 2018.[28] Minna Kamppuri, Roman Bednarik, and Markku Tuki-ainen. The expanding focus of hci: case culture. In
Proceedings of the 4th Nordic conference on Human-computer interaction: changing roles , pages 405–408,2006.[29] Mohamed Khamis, Carl Oechsner, Florian Alt, and An-dreas Bulling. Vr pursuits: interaction in virtual realityusing smooth pursuit eye movements. In
AVI , pages1–8, 2018.[30] Hyunae Lee, Namho Chung, and Timothy Jung. Exam-ining the cultural differences in acceptance of mobileaugmented reality: Comparison of south korea and ire-land. In
Information and communication technologiesin tourism , pages 477–491. Springer, 2015.531] Sugang Li, Ashwin Ashok, Yanyong Zhang, ChenrenXu, Janne Lindqvist, and Macro Gruteser. Whose moveis it anyway? authenticating smart wearable devicesusing unique head movement patterns. In
PerCom ,pages 1–9. IEEE, 2016.[32] Yung-Hui Li and Po-Jen Huang. An accurate and effi-cient user authentication mechanism on smart glassesbased on iris recognition.
Mobile Information Systems ,2017.[33] Huigang Liang, Yajiong Lucky Xue, et al. Understand-ing security behaviors in personal computer usage: Athreat avoidance perspective.
Journal of the associationfor information systems , 11(7):1, 2010.[34] Shiqing Luo, Anh Nguyen, Chen Song, Feng Lin,Wenyao Xu, and Zhisheng Yan. OcuLock: Explor-ing human visual system for authentication in virtualreality head-mounted display. In
NDSS , 2020.[35] Tsutomu Matsumoto and Hideki Imai. Human Identi-fication Through Insecure Channel. In
EUROCRYPT ,pages 409–421. Springer, 1991.[36] Peter Mayer, Nina Gerber, Benjamin Reinheimer,Philipp Rack, Kristoffer Braun, and Melanie Volkamer.I (don’t) see what you typed there! shoulder-surfingresistant password entry on gamepads. In
CHI , pages1–12, 2019.[37] Robert Miller, Natasha Kholgade Banerjee, and SeanBanerjee. Within-system and cross-system behavior-based biometric authentication in virtual reality. In
IEEE VR , pages 311–316, 2020.[38] Michael Morgan and Laura Borns. 360 degrees ofusability. In
CHI’04 Extended Abstracts on HumanFactors in Computing Systems , pages 795–809, 2004.[39] Tahrima Mustafa, Richard Matovu, Abdul Serwadda,and Nicholas Muirhead. Unsure how to authenticateon your vr headset? come on, use your head! In
ACMIWSPA , pages 23–30, 2018.[40] Jantawan Noiwan and Anthony F Norcio. Culturaldifferences on attention and perceived usability: Investi-gating color combinations of animated graphics.
Inter-national journal of Human-computer studies , 64(2):103–122, 2006.[41] Eleonora Pantano, Alexandra Rese, and Daniel Baier.Enhancing the online decision-making process by usingaugmented reality: A two country comparison of youthmarkets.
Journal of Retailing and Consumer Services ,38:81–95, 2017.[42] Helen Petrie and Burak Merdenyan. Cultural and genderdifferences in password behaviors: Evidence from china,turkey and the uk. In
Nordic Conference on CHI , pages1–10, 2016. [43] Katharina Reinecke and Abraham Bernstein. Improv-ing performance, perceived usability, and aestheticswith culturally adaptive user interfaces.
ACM TOCHI ,18(2):1–29, 2011.[44] ABI Research and Qualcomm. Augmentedand virtual reality: the first wave of 5g killerapps. . qualcomm . com/news/onq/2017/02/01/vr-and-ar-are-pushing-limits-connectivity-5g-our-rescue , 2017. Accessed:2020-06-17.[45] Chris Riley, Kathy Buckner, Graham Johnson, andDavid Benyon. Culture & biometrics: regional dif-ferences in the perception of biometric authenticationtechnologies. AI & society , 24(3):295–306, 2009.[46] Jonathan C Roberts, Panagiotis D Ritsos, Sriram KarthikBadam, Dominique Brodbeck, Jessie Kennedy, andNiklas Elmqvist. Visualization beyond the desktop–thenext big thing.
IEEE Computer Graphics and Applica-tions , 34(6):26–34, 2014.[47] Peter Schmuck, Tim Kasser, and Richard M Ryan. In-trinsic and extrinsic goals: Their structure and relation-ship to well-being in german and us college students.
Social Indicators Research , 50(2):225–241, 2000.[48] Mikael Søndergaard and Geert Hofstede. Culture’s con-sequences: comparing values, behaviours, institutions,and organizations across nations.
International Journalof Cross Cultural Management , pages 243–246, 2001.[49] Noam Tractinsky. Aesthetics and apparent usability:empirically assessing cultural and methodological is-sues. In
Proceedings of the ACM SIGCHI Conferenceon Human factors in computing systems , pages 115–122,1997.[50] Yvonne M Van Everdingen and Eric Waarts. The ef-fect of national culture on the adoption of innovations.
Marketing letters , 14(3):217–232, 2003.[51] Melanie Volkamer, Andreas Gutmann, Karen Renaud,Paul Gerber, and Peter Mayer. Replication study: Across-country field observation study of real world pinusage at atms and in various electronic payment scenar-ios. In
SOUPS , pages 1–11, 2018.[52] Christian Winkler, Jan Gugenheimer, AlexanderDe Luca, Gabriel Haas, Philipp Speidel, David Dobbel-stein, and Enrico Rukzio. Glass Unlock: EnhancingSecurity of Smartphone Unlocking through Leveraginga Private Near-eye Display. In
CHI , pages 1407–1410.ACM, 2015.[53] Zhen Yu, Hai-Ning Liang, Charles Fleming, and Ka LokMan. An exploration of usable authentication mecha-nisms for virtual reality systems. In