research-article

Open Access

Human-centered Behavioral and Physiological Security

Authors:
Florian Alt

University of the Bundeswehr Munich, Germany

University of the Bundeswehr Munich, Germany

0000-0001-8354-2195
View Profile

,
Mariam Hassib

fortiss Research Institute of the Free State of Bavaria, Germany

fortiss Research Institute of the Free State of Bavaria, Germany

0000-0001-6530-9357
View Profile

,
Verena Distler

University of the Bundeswehr, Germany

University of the Bundeswehr, Germany

0000-0002-4461-0551
View Profile

NSPW '23: Proceedings of the 2023 New Security Paradigms WorkshopSeptember 2023Pages 48–61https://doi.org/10.1145/3633500.3633504

Published:22 December 2023Publication History

NSPW '23: Proceedings of the 2023 New Security Paradigms Workshop

Pages 48–61

ABSTRACT

We propose a paradigm shift in human-centered security research in which users’ objective behavior and physiological states move into focus. This proposal is motivated by the fact that many personal and wearable devices today come with capabilities that allow researchers to assess users’ behavior and physiology in real-time. We expect substantial advances due to the ability to develop more targeted approaches to human-centered security in which solutions are targeted at individuals’ literacy, skills, and context. To this end, the main contribution of this work is a research space: we first provide an overview of common human-centered attacks that could be better understood and addressed through our approach. Based on this overview, we then showcase how specific security habits can benefit from the knowledge of users’ current state. Our work is complemented by a discussion of the implications and research directions enabled through this novel paradigm.

References

Yomna Abdelrahman, Mohamed Khamis, Stefan Schneegass, and Florian Alt. 2017. Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication. In Proceedings of the 35th Annual ACM Conference on Human Factors in Computing Systems(CHI ’17). ACM, New York, NY, USA. https://doi.org/10.1145/3025453.3025461Google ScholarDigital Library
Yomna Abdelrahman, Eduardo Velloso, Tilman Dingler, Albrecht Schmidt, and Frank Vetere. 2017. Cognitive Heat: Exploring the Usage of Thermal Imaging to Unobtrusively Estimate Cognitive Load. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 1, 3, Article 33 (sep 2017). https://doi.org/10.1145/3130898Google ScholarDigital Library
Yasmeen Abdrabou, Felix Dietz, Ahmed Shams, Pascal Knierim, Yomna Abdelrahman, Ken Pfeuffer, Mariam Hassib, and Florian Alt. 2023. Revealing the Hidden Effects of Phishing Emails: An Analysis of Eye and Mouse Movements in Email Sorting Tasks. arXiv.org. arxiv:2305.17044 [cs.HC]Google Scholar
Yasmeen Abdrabou, Elisaveta Karypidou, Florian Alt, and Mariam Hassib. 2023. Investigating User Behaviour Towards Fake News on Social Media Using Gaze and Mouse Movements. In Proceedings of the Usable Security Mini Conference 2023(USEC’23). Internet Society, San Diego, CA, USA. https://doi.org/10.14722/usec.2023.232041Google ScholarCross Ref
Yasmeen Abdrabou, Johannes Schütte, Ahmed Shams, Ken Pfeuffer, Daniel Buschek, Mohamed Khamis, and Florian Alt. 2022. "Your Eyes Say You Have Used This Password Before": Identifying Password Reuse from Gaze Behavior and Keystroke Dynamics. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems(CHI ’22). ACM, New York, NY, USA. https://doi.org/10.1145/3491102.3517531Google ScholarDigital Library
Yasmeen Abdrabou, Ahmed Shams, Mohamed Omar Mantawy, Anam Ahmad Khan, Mohamed Khamis, Florian Alt, and Yomna Abdelrahman. 2021. GazeMeter: Exploring the Usage of Gaze Behaviour to Enhance Password Assessments. In ACM Symposium on Eye Tracking Research and Applications(ETRA ’21). ACM, New York, NY, USA, Article 9, 12 pages. https://doi.org/10.1145/3448017.3457384Google ScholarDigital Library
Anne Adams and Martina Angela Sasse. 1999. Users Are Not the Enemy. Commun. ACM 42, 12 (dec 1999), 40–46. https://doi.org/10.1145/322796.322806Google ScholarDigital Library
Abdulaziz Almehmadi. 2021. Micro-Behavioral Accidental Click Detection System for Preventing Slip-Based Human Error. Sensors 21, 24 (2021). https://doi.org/10.3390/s21248209Google ScholarCross Ref
Bonnie Brinton Anderson, Anthony Vance, C. Brock Kirwan, Jeffrey L. Jenkins, and David Eargle. 2016. From Warning to Wallpaper: Why the Brain Habituates to Security Warnings and What Can Be Done About It. Journal of Management Information Systems 33, 3 (2016), 713–743. https://doi.org/10.1080/07421222.2016.1243947 arXiv:https://doi.org/10.1080/07421222.2016.1243947Google ScholarCross Ref
Majid Arianezhad, L. Jean Camp, Timothy Kelley, and Douglas Stebila. 2013. Comparative Eye Tracking of Experts and Novices in Web Single Sign-On. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy(CODASPY ’13). ACM, New York, NY, USA, 105–116. https://doi.org/10.1145/2435349.2435362Google ScholarDigital Library
Syed Arshad, Yang Wang, and Fang Chen. 2013. Analysing Mouse Activity for Cognitive Load Detection. In Proceedings of the 25th Australian Computer-Human Interaction Conference: Augmentation, Application, Innovation, Collaboration(OzCHI ’13). ACM, New York, NY, USA, 115–118. https://doi.org/10.1145/2541016.2541083Google ScholarDigital Library
Adam J. Aviv, John T. Davin, Flynn Wolf, and Ravi Kuber. 2017. Towards Baselines for Shoulder Surfing on Mobile Authentication. In Proceedings of the 33rd Annual Computer Security Applications Conference(ACSAC ’17). ACM, New York, NY, USA, 486–498. https://doi.org/10.1145/3134600.3134609Google ScholarDigital Library
Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies(WOOT’10). USENIX Association, USA, 1–7.Google ScholarDigital Library
Paul Bekaert, Norah Alotaibi, Florian Mathis, Nina Gerber, Aidan Christopher Rafferty, Mohamed Khamis, and Karola Marky. 2022. Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users’ Daily Lives. In Nordic Human-Computer Interaction Conference(NordiCHI ’22). ACM, New York, NY, USA, Article 76, 9 pages. https://doi.org/10.1145/3546155.3546706Google ScholarDigital Library
Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. 2020. (How) Do people change their passwords after a breach?arXiv preprint arXiv:2010.09853 (2020).Google Scholar
Robert Biddle, Sonia Chiasson, and P.C. Van Oorschot. 2012. Graphical Passwords: Learning from the First Twelve Years. ACM Comput. Surv. 44, 4, Article 19 (sep 2012), 41 pages. https://doi.org/10.1145/2333112.2333114Google ScholarDigital Library
Ralf Biedert, Mario Frank, Ivan Martinovic, and Dawn Song. 2012. Stimuli for Gaze Based Intrusion Detection. In Future Information Technology, Application, and Service, James J. (Jong Hyuk) Park, Victor C.M. Leung, Cho-Li Wang, and Taeshik Shon (Eds.). Springer Netherlands, Dordrecht, 757–763.Google Scholar
Leon Bošnjak and Boštjan Brumen. 2020. Shoulder surfing experiments: A systematic literature review. Computers & Security 99 (2020), 102023. https://doi.org/10.1016/j.cose.2020.102023Google ScholarCross Ref
Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, and Saranga Komanduri. 2011. Bridging the Gap in Computer Security Warnings: A Mental Model Approach. IEEE Security & Privacy 9, 2 (2011), 18–26. https://doi.org/10.1109/MSP.2010.198Google ScholarDigital Library
David Guy Brizan, Adam Goodkind, Patrick Koch, Kiran Balagani, Vir V. Phoha, and Andrew Rosenberg. 2015. Utilizing linguistically enhanced keystroke dynamics to predict typist cognition and demographics. International Journal of Human-Computer Studies 82 (2015), 57–68. https://doi.org/10.1016/j.ijhcs.2015.04.005Google ScholarDigital Library
Ulrich Burgbacher and Klaus Hinrichs. 2014. An Implicit Author Verification System for Text Messages Based on Gesture Typing Biometrics. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(CHI ’14). ACM, New York, NY, USA, 2951–2954. https://doi.org/10.1145/2556288.2557346Google ScholarDigital Library
Daniel Buschek, Benjamin Bisinger, and Florian Alt. 2018. ResearchIME: A Mobile Keyboard Application for Studying Free Typing Behaviour in the Wild. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems(CHI ’18). ACM, New York, NY, USA, 1–14. https://doi.org/10.1145/3173574.3173829Google ScholarDigital Library
Daniel Buschek, Alexander De Luca, and Florian Alt. 2015. Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems(CHI ’15). ACM, New York, NY, USA, 1393–1402. https://doi.org/10.1145/2702123.2702252Google ScholarDigital Library
Daniel Buschek, Alexander De Luca, and Florian Alt. 2016. Evaluating the Influence of Targets and Hand Postures on Touch-based Behavioural Biometrics. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems(CHI ’16). ACM, New York, NY, USA, 1349–1361. https://doi.org/10.1145/2858036.2858165Google ScholarDigital Library
Rui Chen, Tiantian Xie, Yingtao Xie, Tao Lin, and Ningjiu Tang. 2016. Do Speech Features for Detecting Cognitive Load Depend on Specific Languages?. In Proceedings of the 18th ACM International Conference on Multimodal Interaction(ICMI ’16). ACM, New York, NY, USA, 76–83. https://doi.org/10.1145/2993148.2993149Google ScholarDigital Library
Francesco Chiossi, Robin Welsch, Steeven Villa, Lewis Chuang, and Sven Mayer. 2022. Virtual Reality Adaptation Using Electrodermal Activity to Support the User Experience. Big Data and Cognitive Computing 6, 2 (2022). https://doi.org/10.3390/bdcc6020055Google ScholarCross Ref
Burcu Cinaz, Bert Arnrich, Roberto La Marca, and Gerhard Tröster. 2013. Monitoring of mental workload levels during an everyday life office-work scenario. Personal and ubiquitous computing 17 (2013), 229–239.Google Scholar
Heather Crawford. 2010. Keystroke dynamics: Characteristics and opportunities. In 2010 Eighth International Conference on Privacy, Security and Trust. 205–212. https://doi.org/10.1109/PST.2010.5593258Google ScholarCross Ref
Avisha Das, Shahryar Baki, Ayman El Aassal, Rakesh Verma, and Arthur Dunbar. 2020. SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective. IEEE Communications Surveys & Tutorials 22, 1 (2020), 671–708. https://doi.org/10.1109/COMST.2019.2957750Google ScholarDigital Library
Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and i Know It’s You! Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(CHI ’12). ACM, New York, NY, USA, 987–996. https://doi.org/10.1145/2207676.2208544Google ScholarDigital Library
Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of Eye-Gaze Interaction Methods for Security Enhanced PIN-Entry. In Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces(OZCHI ’07). ACM, New York, NY, USA, 199–202. https://doi.org/10.1145/1324892.1324932Google ScholarDigital Library
Verena Distler. 2023. The Influence of Context on Response to Spear-Phishing Attacks: An In-Situ Deception Study. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems(CHI ’23). ACM, New York, NY, USA, Article 619, 18 pages. https://doi.org/10.1145/3544548.3581170Google ScholarDigital Library
Verena Distler, Matthias Fassl, Hana Habib, Katharina Krombholz, Gabriele Lenzini, Carine Lallemand, Lorrie Faith Cranor, and Vincent Koenig. 2021. A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research. ACM Trans. Comput.-Hum. Interact. 28, 6, Article 43 (dec 2021), 50 pages. https://doi.org/10.1145/3469845Google ScholarDigital Library
Reyhan Düzgün, Naheem Noah, Peter Mayer, Sanchari Das, and Melanie Volkamer. 2022. SoK: A Systematic Literature Review of Knowledge-Based Authentication on Augmented Reality Head-Mounted Displays. In Proceedings of the 17th International Conference on Availability, Reliability and Security(ARES ’22). ACM, New York, NY, USA, Article 36, 12 pages. https://doi.org/10.1145/3538969.3539011Google ScholarDigital Library
Malin Eiband, Mohamed Khamis, Emanuel von Zezschwitz, Heinrich Hussmann, and Florian Alt. 2017. Understanding Shoulder Surfing in the Wild: Stories from Users and Observers. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems(CHI ’17). ACM, New York, NY, USA, 4254–4265. https://doi.org/10.1145/3025453.3025636Google ScholarDigital Library
Anjuli Franz, Verena Zimmermann, Gregor Albrecht, Katrin Hartwig, Christian Reuter, Alexander Benlian, and Joachim Vogt. 2021. SoK: Still Plenty of Phish in the Sea — A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). USENIX Association, 339–358. https://www.usenix.org/conference/soups2021/presentation/franzGoogle Scholar
Hugo Gamboa and Ana Fred. 2004. A behavioral biometric system based on human-computer interaction. In Biometric Technology for Human Identification, Anil K. Jain and Nalini K. Ratha (Eds.). Vol. 5404. International Society for Optics and Photonics, SPIE, 381 – 392. https://doi.org/10.1117/12.542625Google ScholarCross Ref
Christopher Hadnagy. 2010. Social engineering: The art of human hacking. John Wiley & Sons.Google Scholar
Yassir Hashem, Hassan Takabi, Mohammad GhasemiGol, and Ram Dantu. 2015. Towards insider threat detection using psychophysiological signals. In Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats. 71–74.Google ScholarDigital Library
Mariam Hassib, Michael Braun, Bastian Pfleging, and Florian Alt. 2019. Detecting and influencing driver emotions using psycho-physiological sensors and ambient light. In Human-Computer Interaction–INTERACT 2019: 17th IFIP TC 13 International Conference, September 2–6, 2019, Proceedings, Part I 17. Springer, 721–742.Google ScholarDigital Library
Mariam Hassib, Mohamed Khamis, Susanne Friedl, Stefan Schneegass, and Florian Alt. 2017. Brainatwork: Logging Cognitive Engagement and Tasks in the Workplace Using Electroencephalography. In Proceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia(MUM ’17). ACM, New York, NY, USA, 305–310. https://doi.org/10.1145/3152832.3152865Google ScholarDigital Library
Mariam Hassib, Stefan Schneegass, Philipp Eiglsperger, Niels Henze, Albrecht Schmidt, and Florian Alt. 2017. EngageMeter: A System for Implicit Audience Engagement Sensing Using Electroencephalography. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems(CHI ’17). ACM, New York, NY, USA, 5114–5119. https://doi.org/10.1145/3025453.3025669Google ScholarDigital Library
Heinke Hihn, Sascha Meudt, and Friedhelm Schwenker. 2016. Inferring mental overload based on postural behavior and gestures. In Proceedings of the 2nd workshop on emotion representations and modelling for companion systems. 1–4.Google ScholarDigital Library
M Sazzad Hussain, Rafael A Calvo, and Fang Chen. 2014. Automatic cognitive load detection from face, physiology, task performance and fusion during affective interference. Interacting with computers 26, 3 (2014), 256–268.Google Scholar
Stephen Hutt, Angela E.B. Stewart, Julie Gregg, Stephen Mattingly, and Sidney K. D’Mello. 2022. Feasibility of Longitudinal Eye-Gaze Tracking in the Workplace. Proc. ACM Hum.-Comput. Interact. 6, ETRA, Article 148 (may 2022), 21 pages. https://doi.org/10.1145/3530889Google ScholarDigital Library
Christina Katsini, Yasmeen Abdrabou, George E. Raptidis, Mohamed Khamis, and Florian Alt. 2020. The Role of Eye Gaze in Security and Privacy Applications:Survey and Future HCI Research Directions. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems(CHI ’20). ACM, New York, NY, USA. https://doi.org/10.1145/3313831.3376840Google ScholarDigital Library
Christina Katsini, Christos Fidas, George E. Raptis, Marios Belk, George Samaras, and Nikolaos Avouris. 2018. Eye Gaze-Driven Prediction of Cognitive Differences during Graphical Password Composition. In 23rd International Conference on Intelligent User Interfaces(IUI ’18). ACM, New York, NY, USA, 147–152. https://doi.org/10.1145/3172944.3172996Google ScholarDigital Library
Ruhul Amin Khalil, Edward Jones, Mohammad Inayatullah Babar, Tariqullah Jan, Mohammad Haseeb Zafar, and Thamer Alhussain. 2019. Speech emotion recognition using deep learning techniques: A review. IEEE Access 7 (2019), 117327–117345.Google ScholarCross Ref
Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction(ICMI ’17). ACM, New York, NY, USA, 446–450. https://doi.org/10.1145/3136755.3136809Google ScholarDigital Library
Hassan Khan, Urs Hengartner, and Daniel Vogel. 2016. Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services(MobiSys ’16). ACM, New York, NY, USA, 387–398. https://doi.org/10.1145/2906388.2906404Google ScholarDigital Library
M Asif Khawaja, Natalie Ruiz, and Fang Chen. 2007. Potential speech features for cognitive load measurement. In Proceedings of the 19th Australasian conference on computer-human interaction: Entertaining user interfaces. 57–60.Google ScholarDigital Library
R Benjamin Knapp, Jonghwa Kim, and Elisabeth André. 2010. Physiological signals and their use in augmenting emotion recognition for human–machine interaction. In Emotion-oriented systems: The Humaine handbook. Springer, 133–159.Google Scholar
Thomas Kosch, Mariam Hassib, Daniel Buschek, and Albrecht Schmidt. 2018. Look into My Eyes: Using Pupil Dilation to Estimate Mental Workload for Task Complexity Adaptation. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems(CHI EA ’18). ACM, New York, NY, USA, 1–6. https://doi.org/10.1145/3170427.3188643Google ScholarDigital Library
Thomas Kosch, Mariam Hassib, Paweł W Woźniak, Daniel Buschek, and Florian Alt. 2018. Your eyes tell: Leveraging smooth pursuit for assessing cognitive workload. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 1–13.Google ScholarDigital Library
Thomas Kosch, Jakob Karolus, Johannes Zagermann, Harald Reiterer, Albrecht Schmidt, and Paweł W. Woźniak. 2023. A Survey on Measuring Cognitive Workload in Human-Computer Interaction. ACM Comput. Surv. 55, 13s, Article 283 (jul 2023), 39 pages. https://doi.org/10.1145/3582272Google ScholarDigital Library
Kat Krol, Matthew Moroz, and M. Angela Sasse. 2012. Don’t work. Can’t work? Why it’s time to rethink security warnings. In 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS). 1–8. https://doi.org/10.1109/CRISIS.2012.6378951Google ScholarDigital Library
Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing Shoulder-Surfing by Using Gaze-Based Password Entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security(SOUPS ’07). ACM, New York, NY, USA, 13–19. https://doi.org/10.1145/1280680.1280683Google ScholarDigital Library
Daniel LeBlanc, Alain Forget, and Robert Biddle. 2010. Guessing click-based graphical passwords by eye tracking. In 2010 Eighth International Conference on Privacy, Security and Trust. 197–204. https://doi.org/10.1109/PST.2010.5593249Google ScholarCross Ref
Chunyong Li, Jiguo Xue, Cheng Quan, Jingwei Yue, and Chenggang Zhang. 2018. Biometric recognition via texture features of eye movement trajectories in a visual searching task. PLOS ONE 13, 4 (04 2018), 1–24. https://doi.org/10.1371/journal.pone.0194475Google ScholarCross Ref
Jonathan Liebers and Stefan Schneegass. 2020. Gaze-Based Authentication in Virtual Reality. In ACM Symposium on Eye Tracking Research & Applications(ETRA ’20 Adjunct). ACM, New York, NY, USA. https://doi.org/10.1145/3379157.3391421Google ScholarDigital Library
Andrey V. Lyamin and Elena N. Cherepovskaya. 2015. Biometric student identification using low-frequency eye tracker. 191–195. https://doi.org/10.1109/ICAICT.2015.7338544Google ScholarCross Ref
Aicha Maalej and Ilhem Kallel. 2020. Does keystroke dynamics tell us about emotions? A systematic literature review and dataset construction. In 2020 16th International Conference on Intelligent Environments (IE). IEEE, 60–67.Google ScholarCross Ref
Mihajlov Martin, Trpkova Marija, and Arsenovski Sime. 2013. Eye tracking recognition-based graphical authentication. In 2013 7th International Conference on Application of Information and Communication Technologies. 1–5. https://doi.org/10.1109/ICAICT.2013.6722632Google ScholarCross Ref
John McAlaney and Peter J. Hills. 2020. Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking. Frontiers in Psychology 11 (2020). https://doi.org/10.3389/fpsyg.2020.01756Google ScholarCross Ref
Lukas Mecke, Daniel Buschek, Mathias Kiermeier, Sarah Prange, and Florian Alt. 2019. Exploring Intentional Behaviour Modifications for Password Typing on Mobile Touchscreen Devices. In Fifteenth Symposium on Usable Privacy and Security(SOUPS’19). USENIX, Santa Clara, CA, 303–317. https://doi.org/10.5555/3361476.3361499Google ScholarDigital Library
Lukas Mecke, Sarah Delgado Rodriguez, Daniel Buschek, Sarah Prange, and Florian Alt. 2019. Communicating Device Confidence Level and Upcoming Re-Authentications in Continuous Authentication Systems on Mobile Devices. In Proceedings of the Fifteenth Symposium on Usable Privacy and Security(SOUPS’19). USENIX, Santa Clara, CA, 289–301. https://doi.org/10.5555/3361476.3361498Google ScholarDigital Library
Daisuke Miyamoto, Takuji Iimura, Gregory Blanc, Hajime Tazaki, and Youki Kadobayashi. 2014. EyeBit: Eye-Tracking Approach for Enforcing Phishing Prevention Habits. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). 56–65. https://doi.org/10.1109/BADGERS.2014.14Google ScholarDigital Library
Daisuke Miyamoto, Takuji Iimura, Gregory Blanc, Hajime Tazaki, and Youki Kadobayashi. 2014. EyeBit: Eye-Tracking Approach for Enforcing Phishing Prevention Habits. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). 56–65. https://doi.org/10.1109/BADGERS.2014.14Google ScholarDigital Library
Rosana Montañez, Edward Golob, and Shouhuai Xu. 2020. Human Cognition Through the Lens of Social Engineering Cyberattacks. Frontiers in Psychology 11 (2020). https://doi.org/10.3389/fpsyg.2020.01755Google ScholarCross Ref
Ajaya Neupane, Md Lutfor Rahman, Nitesh Saxena, and Leanne Hirshfield. 2015. A multi-modal neuro-physiological study of phishing detection and malware warnings. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 479–491.Google ScholarDigital Library
Mark Nixon. 2008. Gait biometrics. Biometric Technology Today 16, 7 (2008), 8–9. https://doi.org/10.1016/S0969-4765(08)70103-6Google ScholarCross Ref
Kevin Pfeffel, Philipp Ulsamer, and Nicholas H. Müller. 2019. Where the User Does Look When Reading Phishing Mails – An Eye-Tracking Study. In Learning and Collaboration Technologies. Designing Learning Experiences, Panayiotis Zaphiris and Andri Ioannou (Eds.). Springer International Publishing, Cham, 277–287.Google Scholar
Ken Pfeuffer, Matthias Geiger, Sarah Prange, Lukas Mecke, Daniel Buschek, and Florian Alt. 2019. Behavioural Biometrics in VR - Identifying People from Body Motion and Relations in Virtual Reality. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems(CHI ’19). ACM, New York, NY, USA, 11 pages. https://doi.org/10.1145/3290605.3300340Google ScholarDigital Library
Sarah Prange, Sven Mayer, Maria-Lena Bittl, Mariam Hassib, and Florian Alt. 2021. Investigating User Perceptions Towards Wearable Mobile Electromyography. In Proceedings of the 18th IFIP TC 13 International Conference on Human-Computer Interaction(INTERACT ’21). Springer, Berlin-Heidelberg, Germany. https://doi.org/10.1007/978-3-030-85610-6_20Google ScholarDigital Library
George E. Raptis, Christina Katsini, Marios Belk, Christos Fidas, George Samaras, and Nikolaos Avouris. 2017. Using Eye Gaze Data and Visual Activities to Infer Human Cognitive Styles: Method and Feasibility Studies. In Proceedings of the 25th Conference on User Modeling, Adaptation and Personalization(UMAP ’17). ACM, New York, NY, USA, 164–173. https://doi.org/10.1145/3079628.3079690Google ScholarDigital Library
Nataasha Raul, Radha Shankarmani, and Padmaja Joshi. 2020. A comprehensive review of keystroke dynamics-based authentication mechanism. In International Conference on Innovative Computing and Communications: Proceedings of ICICC 2019, Volume 2. Springer, 149–162.Google ScholarCross Ref
Kenneth Revett. 2008. Behavioral biometrics: a remote access approach. Wiley.Google Scholar
Emils Rozentals. 2021. Email load and stress impact on susceptibility to phishing and scam emails. Student Thesis, Lulea, Sweden.Google Scholar
Alia Saad, Michael Chukwu, and Stefan Schneegass. 2018. Communicating Shoulder Surfing Attacks to Users. In Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia(MUM ’18). ACM, New York, NY, USA, 147–152. https://doi.org/10.1145/3282894.3282919Google ScholarDigital Library
Lipsarani Sahoo, Nazmus Sakib Miazi, Mohamed Shehab, Florian Alt, and Yomna Abdelrahman. 2022. You Know Too Much: Investigating Users’ Perceptions and Privacy Concerns Towards Thermal Imaging. In Proceedings of the 2022 Privacy Symposium(Privacy’22). http://www.florian-alt.org/unibw/wp-content/publications/sahoo2022privacy.pdfGoogle ScholarCross Ref
Florian Schaule, Jan Ole Johanssen, Bernd Bruegge, and Vivian Loftness. 2018. Employing Consumer Wearables to Detect Office Workers’ Cognitive Load for Interruption Management. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2, 1, Article 32 (mar 2018), 20 pages. https://doi.org/10.1145/3191764Google ScholarDigital Library
Stefan Schneegass, Bastian Pfleging, Nora Broy, Frederik Heinrich, and Albrecht Schmidt. 2013. A data set of real world driving to assess driver workload. In Proceedings of the 5th international conference on automotive user interfaces and interactive vehicular applications. ACM, New York, NY, USA, 150–157. https://doi.org/10.1145/2516540.2516561Google ScholarDigital Library
Jessica Schwarz, Sven Fuchs, and Frank Flemisch. 2014. Towards a more holistic view on user state assessment in adaptive human-computer interaction. In 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC). 1228–1234. https://doi.org/10.1109/SMC.2014.6974082Google ScholarCross Ref
Sophie Stephenson, Bijeeta Pal, Stephen Fan, Earlence Fernandes, Yuhang Zhao, and Rahul Chatterjee. 2022. SoK: Authentication in Augmented and Virtual Reality. In 2022 IEEE Symposium on Security and Privacy (SP). 267–284. https://doi.org/10.1109/SP46214.2022.9833742Google ScholarCross Ref
Viktor Taneski, Marjan Heričko, and Boštjan Brumen. 2019. Systematic overview of password security problems. Acta Polytechnica Hungarica 16, 3 (2019), 143–165.Google Scholar
Viktor Taneski, Marjan Heričko, and Boštjan Brumen. 2014. Password security — No change in 35 years?. In 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). 1360–1365. https://doi.org/10.1109/MIPRO.2014.6859779Google ScholarCross Ref
Pin Shen Teh, Andrew Beng Jin Teoh, and Shigang Yue. 2013. A survey of keystroke dynamics biometrics. The Scientific World Journal 2013 (2013).Google Scholar
Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. “I Added ’!’ at the End to Make It Secure”: Observing Password Creation in the Lab. In Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security(SOUPS ’15). USENIX Association, USA, 123–140.Google Scholar
Chang Zhi Wei. 2013. Stress emotion recognition based on RSP and EMG signals. In Advanced Materials Research, Vol. 709. Trans Tech Publ, 827–831.Google Scholar
Alma Whitten and J. D. Tygar. 1999. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8(SSYM’99). USENIX Association, USA, 14.Google Scholar
Emma J. Williams, Joanne Hinds, and Adam N. Joinson. [n. d.]. Exploring susceptibility to phishing in the workplace. International Journal of Human-Computer Studies 120 ([n. d.]), 1–13. https://doi.org/10.1016/j.ijhcs.2018.06.004Google ScholarCross Ref
Takehiro Yamakoshi, Ken-ichi Yamakoshi, Shinobu Tanaka, Masamichi Nogawa, Mariko Shibata, Y Sawada, P Rolfe, and Yukio Hirose. 2007. A preliminary study on driver’s stress index using a new method based on differential skin temperature measurement. In 2007 29th Annual International Conference of the IEEE Engineering in Medicine and Biology Society. IEEE, 722–725.Google Scholar
Kun Yu, Ronnie Taib, Marcus A Butavicius, Kathryn Parsons, and Fang Chen. 2019. Mouse behavior as an index of phishing awareness. In Human-Computer Interaction–INTERACT 2019: 17th IFIP TC 13 International Conference, Paphos, Cyprus, September 2–6, 2019, Proceedings, Part I 17. Springer, 539–548.Google Scholar
Beste F Yuksel, Kurt B Oleson, Lane Harrison, Evan M Peck, Daniel Afergan, Remco Chang, and Robert JK Jacob. 2016. Learn piano with BACh: An adaptive learning interface that adjusts task difficulty based on brain state. In Proceedings of the 2016 CHI conference on human factors in computing systems. 5372–5384.Google ScholarDigital Library
Sijie Zhuo, Robert Biddle, Yun Sing Koh, Danielle Lottridge, and Giovanni Russello. 2023. SoK: Human-Centered Phishing Susceptibility. ACM Trans. Priv. Secur. 26, 3, Article 24 (apr 2023), 27 pages. https://doi.org/10.1145/3575797Google ScholarDigital Library
Mary Ellen Zurko and Richard T. Simon. 1996. User-Centered Security. In Proceedings of the 1996 Workshop on New Security Paradigms(NSPW ’96). ACM, New York, NY, USA, 27–33. https://doi.org/10.1145/304851.304859Google ScholarDigital Library

Index Terms

Human-centered Behavioral and Physiological Security
1. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Applying Human Learning Principles to User-Centered IoT Systems

IoT systems can benefit from a process model based on principles derived from the psychology and neuroscience of human behavior that emulates how humans acquire task knowledge and learn to adapt to changing context.

Read More
Future directions for behavioral information security research

Information Security (InfoSec) research is far reaching and includes many approaches to deal with protecting and mitigating threats to the information assets and technical resources available within computer based systems. Although a predominant ...
Read More
A method for incorporating usable security into computer security courses
SIGCSE '13: Proceeding of the 44th ACM technical symposium on Computer science education

Since human factor security exploits are on the rise, ensuring Usable Security has become extremely important for the overall security of computer systems. However, traditional undergraduate computer security curriculum focuses heavily on technical ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in

NSPW '23: Proceedings of the 2023 New Security Paradigms Workshop
September 2023
136 pages
ISBN:9798400716201
DOI:10.1145/3633500

Copyright © 2023 Owner/Author
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 December 2023
Check for updates
Author Tags
human behavior
physiology
usable security
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate62of170submissions,36%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 186
  Total Downloads
- Downloads (Last 12 months)186
- Downloads (Last 6 weeks)60
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Human-centered Behavioral and Physiological Security

NSPW '23: Proceedings of the 2023 New Security Paradigms Workshop

ABSTRACT

References

Cited By

Index Terms

Recommendations

Applying Human Learning Principles to User-Centered IoT Systems

Future directions for behavioral information security research

A method for incorporating usable security into computer security courses

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

HTML Format

Caption

Human-centered Behavioral and Physiological Security

NSPW '23: Proceedings of the 2023 New Security Paradigms Workshop

ABSTRACT

References

Cited By

Index Terms

Recommendations

Applying Human Learning Principles to User-Centered IoT Systems

Future directions for behavioral information security research

A method for incorporating usable security into computer security courses

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

HTML Format

Share this Publication link

Share on Social Media