Flynn Wolf

Poster: Towards supporting situational awareness using tactile feedback

In this paper, we describe an approach with the aim of supporting individuals engaged with a task where the eyes are occupied to monitor obstacles within their wider environment. A head-mounted interface has been developed where tactile feedback can be presented to alert the user to important situational events, such as the presence of spatial obstacles. Our research aims to examine ways in which cues can be developed to support levels of situational awareness for decision-making. Early results from our work suggest that the participatory approach adopted offers considerable potential when developing feedback for presentation to sites on the body which are rarely used for tactile interaction (e.g. locations on the head).

Baseline Measurements of Shoulder Surfing Analysis and Comparability for Smartphone Unlock Authentication

In this paper, we describe a novel approach to measure the susceptibility of smartphone unlock authentication to shoulder surfing attacks. In our methodology, participants play the role of attackers, viewing video-recorded footage of PIN and graphical password pattern authentication input with various camera angles, hand positions, phone sizes, and authentication length and strength. Based on the data collected and recording methodology developed, we aim to provide insight into the factors of mobile unlock authentication which best and least resist shoulder surfing attacks and examine scenarios where weaknesses may occur. The goal is to identify more effective guidance for mobile device users to avoid observational attacks. We also aim to advance the methodologies used to measure the shoulder surfing attack surfaces where baselines of comparisons to preexisting systems (e.g., PINs and patterns) are not standardized. Utilizing the methodology and recordings, other researchers may build upon this approach to analyze future systems and replicate our results.

Towards Baselines for Shoulder Surfing on Mobile Authentication

Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder surfing, a form of an observation attack. While the research community has investigated solutions to minimize or prevent the threat of shoulder surfing, our understanding of how the attack performs on current systems is less well studied. In this paper, we describe a large online experiment (n = 1173) that works towards establishing a baseline of shoulder surfing vulnerability for current unlock authentication systems. Using controlled video recordings of a victim entering in a set of 4- and 6-length PINs and Android unlock patterns on different phones from different angles, we asked participants to act as attackers, trying to determine the authentication input based on the observation. We find that 6-digit PINs are the most elusive attacking surface where a single observation leads to just 10.8% successful attacks (26.5% with multiple observations). As a comparison, 6-length Android patterns, with one observation, were found to have an attack rate of 64.2% (79.9% with multiple observations). Removing feedback lines for patterns improves security to 35.3% (52.1% with multiple observations). This evidence, as well as other results related to hand position, phone size, and observation angle, suggests the best and worst case scenarios related to shoulder surfing vulnerability which can both help inform users to improve their security choices, as well as establish baselines for researchers.

Developing tactile feedback for wearable presentation: observations from using a participatory approach

In this paper, we describe a participatory-based approach to developing tactile feedback for a head-mounted device. Three focus groups iteratively designed and evaluated tactile interaction concepts for user-generated use-case scenarios. Results showed productive design insights from the groups regarding approaches to tactile coding schemes addressing the scenario conditions, as well as method-innovations to participatory design techniques for interaction development in unfamiliar sensory modalities such as touch. The study has culminated in the development of a library of tactile icons relating to spatial concepts, which will be tested as part of future work.

Supporting augmented and alternative communication using a low-cost gestural device

In this paper, we describe an exploratory study to determine the feasibility of using a low-cost gestural headset to support communication. Findings have shown tasks involving facial gestures, such as blinks and smiles, can be performed and detected by an Augmented and Alternative Communication (AAC) system within a shorter period of time compared to brow movements. As tasks increase in complexity, rates of accuracy and time taken remain relatively constant for blinking gestures, highlighting their potential in AAC interfaces. We aim to refine such a system to better address the needs of individuals with disabilities, by limiting input errors from involuntary movements and examining ways to reduce interface navigation time. Insights gained from the study offer promise to interface designers seeking to widen access to their interfaces using gestural input.

Developing a head-mounted tactile prototype to support situational awareness

Abstract In this paper, we describe the design and evaluation of a head-mounted tactile prototype and multi-parameter coding scheme to support situational awareness among users. The head has been selected as the location for the interaction because it has been relatively under-researched compared to the torso or hands, and offers potential for hands-free attention direction and integration with new head and eyewear technology. Two studies have been conducted. The first examined the users ability to discern three-parameter tactile signals presented at sites on the head. Findings highlighted that while multi-parameter cues could be interpreted with low error, challenges were faced when interpreting specific combinations of waveform and interval type, and when performing identification of interval pattern and stimulation location while visually-distracted. A second study investigated how use of the three-parameter tactile coding scheme impacted participants’ situational awareness under several exertion conditions. Significant interaction was found between the exertion conditions and subjective cognitive workload. The relationship between situational awareness phases of participant SAGAT assessment scores were consistent between conditions, with perception and prediction phases outpacing comprehension. This suggests, pending further study of the suitability of situational awareness evaluation methods for tactile perception, that quickly trained participants may struggle to understand multi-parameter coding intended to convey changing events. Interpretations of coding schemes were found to vary, highlighting the importance of carefully selecting and mapping signals for presentation. Insights from our study can support interface designers aiming to heighten levels of spatial and situational awareness among their users through use of the tactile channel.

An empirical study examining the perceptions and behaviours of security-conscious users of mobile authentication

ABSTRACT The purpose of this study is to better understand, from an explorative qualitative perspective, the motivations and practices of highly security-conscious users of mobile authentication, and their underlying mental models of those behaviours. Mobile authentication studies have largely overlooked the mindset of these users in the upper bound of security experience, who have considered their behaviour in terms of detailed knowledge of mobile authentication risk. Twenty IT professionals who self-identified as security-conscious mobile device users, many with decades of intensive security-specific experience, were interviewed for this study regarding their opinions and experiences with mobile device authentication and security. These users described usability and situational impairment issues, as well as a deep concern for their identity and data security arising from highly contextual combinations of distrust towards underlying technologies and situational risk. Derived implications for development of security methods adapted to these informed perspectives are discussed and will be the basis for follow-on research comparing these findings with everyday users.

Perceptions of Mobile Device Authentication Mechanisms by Individuals who are Blind

This paper describes an exploratory study focusing on the methods of mobile authentication currently utilized by individuals who are blind. Perceptions of security are discussed, along with the trade-offs with usability and accessibility. A tactile aid for a mobile authentication interface was introduced to participants to obtain preliminary feedback on its design. The aid was found to offer promise for supporting orientation, which could be used support novice users, and provide assistance when the mobile device must be used privately in public spaces.

“It’s all about the start” classifying eyes-free mobile authentication techniques

Abstract Mobile device users avoiding observational attacks and coping with situational impairments may employ techniques for eyes-free mobile unlock authentication, where a user enters his/her passcode without looking at the device. This study supplies an initial description of user accuracy in performing this authentication behavior with PIN and pattern passcodes, with varying lengths and visual characteristics. Additionally, we inquire if tactile-only feedback can provide assistive spatialization, finding that orientation cues prior to unlocking do not help. Measurements of edit distance and dynamic time warping accuracy were collected, using a within-group, randomized study of 26 participants. 1021 passcode entry gestures were collected and classified, identifying six user strategies for using the pre-entry tactile feedback, and ten codes for types of events and errors that occurred during entry. We found that users who focused on orienting themselves to position the first digit of the passcode using the tactile feedback performed better in the task. These results could be applied to better define eyes-free behavior in further research, and to design better and more secure methods for eyes-free authentication.

How Do We Talk Ourselves Into These Things

Biometric authentication offers promise for mobile security, but its adoption can be controversial, both from a usability and security perspective. We describe a preliminary study, comparing recollections of biometric adoption by computer security experts and non-experts collected in semi-structured interviews. Initial decisions and thought processes around biometric adoption were recalled, as well as changes in those views over time. These findings should serve to better inform security education across differing levels of technical experience. Preliminary findings indicate that both user groups were influenced by similar sources of information; however, expert users differed in having more professional requirements affecting choices (e.g., BYOD). Furthermore, experts often added biometric authentication methods opportunistically during device updates, despite describing higher security concern and caution. Non-experts struggled with the setting up fingerprint biometrics, leading to poor adoption. Further interviews are still being conducted.