ABSTRACT
We propose a paradigm shift in human-centered security research in which users’ objective behavior and physiological states move into focus. This proposal is motivated by the fact that many personal and wearable devices today come with capabilities that allow researchers to assess users’ behavior and physiology in real-time. We expect substantial advances due to the ability to develop more targeted approaches to human-centered security in which solutions are targeted at individuals’ literacy, skills, and context. To this end, the main contribution of this work is a research space: we first provide an overview of common human-centered attacks that could be better understood and addressed through our approach. Based on this overview, we then showcase how specific security habits can benefit from the knowledge of users’ current state. Our work is complemented by a discussion of the implications and research directions enabled through this novel paradigm.
- Yomna Abdelrahman, Mohamed Khamis, Stefan Schneegass, and Florian Alt. 2017. Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication. In Proceedings of the 35th Annual ACM Conference on Human Factors in Computing Systems(CHI ’17). ACM, New York, NY, USA. https://doi.org/10.1145/3025453.3025461Google ScholarDigital Library
- Yomna Abdelrahman, Eduardo Velloso, Tilman Dingler, Albrecht Schmidt, and Frank Vetere. 2017. Cognitive Heat: Exploring the Usage of Thermal Imaging to Unobtrusively Estimate Cognitive Load. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 1, 3, Article 33 (sep 2017). https://doi.org/10.1145/3130898Google ScholarDigital Library
- Yasmeen Abdrabou, Felix Dietz, Ahmed Shams, Pascal Knierim, Yomna Abdelrahman, Ken Pfeuffer, Mariam Hassib, and Florian Alt. 2023. Revealing the Hidden Effects of Phishing Emails: An Analysis of Eye and Mouse Movements in Email Sorting Tasks. arXiv.org. arxiv:2305.17044 [cs.HC]Google Scholar
- Yasmeen Abdrabou, Elisaveta Karypidou, Florian Alt, and Mariam Hassib. 2023. Investigating User Behaviour Towards Fake News on Social Media Using Gaze and Mouse Movements. In Proceedings of the Usable Security Mini Conference 2023(USEC’23). Internet Society, San Diego, CA, USA. https://doi.org/10.14722/usec.2023.232041Google ScholarCross Ref
- Yasmeen Abdrabou, Johannes Schütte, Ahmed Shams, Ken Pfeuffer, Daniel Buschek, Mohamed Khamis, and Florian Alt. 2022. "Your Eyes Say You Have Used This Password Before": Identifying Password Reuse from Gaze Behavior and Keystroke Dynamics. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems(CHI ’22). ACM, New York, NY, USA. https://doi.org/10.1145/3491102.3517531Google ScholarDigital Library
- Yasmeen Abdrabou, Ahmed Shams, Mohamed Omar Mantawy, Anam Ahmad Khan, Mohamed Khamis, Florian Alt, and Yomna Abdelrahman. 2021. GazeMeter: Exploring the Usage of Gaze Behaviour to Enhance Password Assessments. In ACM Symposium on Eye Tracking Research and Applications(ETRA ’21). ACM, New York, NY, USA, Article 9, 12 pages. https://doi.org/10.1145/3448017.3457384Google ScholarDigital Library
- Anne Adams and Martina Angela Sasse. 1999. Users Are Not the Enemy. Commun. ACM 42, 12 (dec 1999), 40–46. https://doi.org/10.1145/322796.322806Google ScholarDigital Library
- Abdulaziz Almehmadi. 2021. Micro-Behavioral Accidental Click Detection System for Preventing Slip-Based Human Error. Sensors 21, 24 (2021). https://doi.org/10.3390/s21248209Google ScholarCross Ref
- Bonnie Brinton Anderson, Anthony Vance, C. Brock Kirwan, Jeffrey L. Jenkins, and David Eargle. 2016. From Warning to Wallpaper: Why the Brain Habituates to Security Warnings and What Can Be Done About It. Journal of Management Information Systems 33, 3 (2016), 713–743. https://doi.org/10.1080/07421222.2016.1243947 arXiv:https://doi.org/10.1080/07421222.2016.1243947Google ScholarCross Ref
- Majid Arianezhad, L. Jean Camp, Timothy Kelley, and Douglas Stebila. 2013. Comparative Eye Tracking of Experts and Novices in Web Single Sign-On. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy(CODASPY ’13). ACM, New York, NY, USA, 105–116. https://doi.org/10.1145/2435349.2435362Google ScholarDigital Library
- Syed Arshad, Yang Wang, and Fang Chen. 2013. Analysing Mouse Activity for Cognitive Load Detection. In Proceedings of the 25th Australian Computer-Human Interaction Conference: Augmentation, Application, Innovation, Collaboration(OzCHI ’13). ACM, New York, NY, USA, 115–118. https://doi.org/10.1145/2541016.2541083Google ScholarDigital Library
- Adam J. Aviv, John T. Davin, Flynn Wolf, and Ravi Kuber. 2017. Towards Baselines for Shoulder Surfing on Mobile Authentication. In Proceedings of the 33rd Annual Computer Security Applications Conference(ACSAC ’17). ACM, New York, NY, USA, 486–498. https://doi.org/10.1145/3134600.3134609Google ScholarDigital Library
- Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies(WOOT’10). USENIX Association, USA, 1–7.Google ScholarDigital Library
- Paul Bekaert, Norah Alotaibi, Florian Mathis, Nina Gerber, Aidan Christopher Rafferty, Mohamed Khamis, and Karola Marky. 2022. Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users’ Daily Lives. In Nordic Human-Computer Interaction Conference(NordiCHI ’22). ACM, New York, NY, USA, Article 76, 9 pages. https://doi.org/10.1145/3546155.3546706Google ScholarDigital Library
- Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. 2020. (How) Do people change their passwords after a breach?arXiv preprint arXiv:2010.09853 (2020).Google Scholar
- Robert Biddle, Sonia Chiasson, and P.C. Van Oorschot. 2012. Graphical Passwords: Learning from the First Twelve Years. ACM Comput. Surv. 44, 4, Article 19 (sep 2012), 41 pages. https://doi.org/10.1145/2333112.2333114Google ScholarDigital Library
- Ralf Biedert, Mario Frank, Ivan Martinovic, and Dawn Song. 2012. Stimuli for Gaze Based Intrusion Detection. In Future Information Technology, Application, and Service, James J. (Jong Hyuk) Park, Victor C.M. Leung, Cho-Li Wang, and Taeshik Shon (Eds.). Springer Netherlands, Dordrecht, 757–763.Google Scholar
- Leon Bošnjak and Boštjan Brumen. 2020. Shoulder surfing experiments: A systematic literature review. Computers & Security 99 (2020), 102023. https://doi.org/10.1016/j.cose.2020.102023Google ScholarCross Ref
- Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, and Saranga Komanduri. 2011. Bridging the Gap in Computer Security Warnings: A Mental Model Approach. IEEE Security & Privacy 9, 2 (2011), 18–26. https://doi.org/10.1109/MSP.2010.198Google ScholarDigital Library
- David Guy Brizan, Adam Goodkind, Patrick Koch, Kiran Balagani, Vir V. Phoha, and Andrew Rosenberg. 2015. Utilizing linguistically enhanced keystroke dynamics to predict typist cognition and demographics. International Journal of Human-Computer Studies 82 (2015), 57–68. https://doi.org/10.1016/j.ijhcs.2015.04.005Google ScholarDigital Library
- Ulrich Burgbacher and Klaus Hinrichs. 2014. An Implicit Author Verification System for Text Messages Based on Gesture Typing Biometrics. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(CHI ’14). ACM, New York, NY, USA, 2951–2954. https://doi.org/10.1145/2556288.2557346Google ScholarDigital Library
- Daniel Buschek, Benjamin Bisinger, and Florian Alt. 2018. ResearchIME: A Mobile Keyboard Application for Studying Free Typing Behaviour in the Wild. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems(CHI ’18). ACM, New York, NY, USA, 1–14. https://doi.org/10.1145/3173574.3173829Google ScholarDigital Library
- Daniel Buschek, Alexander De Luca, and Florian Alt. 2015. Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems(CHI ’15). ACM, New York, NY, USA, 1393–1402. https://doi.org/10.1145/2702123.2702252Google ScholarDigital Library
- Daniel Buschek, Alexander De Luca, and Florian Alt. 2016. Evaluating the Influence of Targets and Hand Postures on Touch-based Behavioural Biometrics. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems(CHI ’16). ACM, New York, NY, USA, 1349–1361. https://doi.org/10.1145/2858036.2858165Google ScholarDigital Library
- Rui Chen, Tiantian Xie, Yingtao Xie, Tao Lin, and Ningjiu Tang. 2016. Do Speech Features for Detecting Cognitive Load Depend on Specific Languages?. In Proceedings of the 18th ACM International Conference on Multimodal Interaction(ICMI ’16). ACM, New York, NY, USA, 76–83. https://doi.org/10.1145/2993148.2993149Google ScholarDigital Library
- Francesco Chiossi, Robin Welsch, Steeven Villa, Lewis Chuang, and Sven Mayer. 2022. Virtual Reality Adaptation Using Electrodermal Activity to Support the User Experience. Big Data and Cognitive Computing 6, 2 (2022). https://doi.org/10.3390/bdcc6020055Google ScholarCross Ref
- Burcu Cinaz, Bert Arnrich, Roberto La Marca, and Gerhard Tröster. 2013. Monitoring of mental workload levels during an everyday life office-work scenario. Personal and ubiquitous computing 17 (2013), 229–239.Google Scholar
- Heather Crawford. 2010. Keystroke dynamics: Characteristics and opportunities. In 2010 Eighth International Conference on Privacy, Security and Trust. 205–212. https://doi.org/10.1109/PST.2010.5593258Google ScholarCross Ref
- Avisha Das, Shahryar Baki, Ayman El Aassal, Rakesh Verma, and Arthur Dunbar. 2020. SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective. IEEE Communications Surveys & Tutorials 22, 1 (2020), 671–708. https://doi.org/10.1109/COMST.2019.2957750Google ScholarDigital Library
- Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and i Know It’s You! Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(CHI ’12). ACM, New York, NY, USA, 987–996. https://doi.org/10.1145/2207676.2208544Google ScholarDigital Library
- Alexander De Luca, Roman Weiss, and Heiko Drewes. 2007. Evaluation of Eye-Gaze Interaction Methods for Security Enhanced PIN-Entry. In Proceedings of the 19th Australasian Conference on Computer-Human Interaction: Entertaining User Interfaces(OZCHI ’07). ACM, New York, NY, USA, 199–202. https://doi.org/10.1145/1324892.1324932Google ScholarDigital Library
- Verena Distler. 2023. The Influence of Context on Response to Spear-Phishing Attacks: An In-Situ Deception Study. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems(CHI ’23). ACM, New York, NY, USA, Article 619, 18 pages. https://doi.org/10.1145/3544548.3581170Google ScholarDigital Library
- Verena Distler, Matthias Fassl, Hana Habib, Katharina Krombholz, Gabriele Lenzini, Carine Lallemand, Lorrie Faith Cranor, and Vincent Koenig. 2021. A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research. ACM Trans. Comput.-Hum. Interact. 28, 6, Article 43 (dec 2021), 50 pages. https://doi.org/10.1145/3469845Google ScholarDigital Library
- Reyhan Düzgün, Naheem Noah, Peter Mayer, Sanchari Das, and Melanie Volkamer. 2022. SoK: A Systematic Literature Review of Knowledge-Based Authentication on Augmented Reality Head-Mounted Displays. In Proceedings of the 17th International Conference on Availability, Reliability and Security(ARES ’22). ACM, New York, NY, USA, Article 36, 12 pages. https://doi.org/10.1145/3538969.3539011Google ScholarDigital Library
- Malin Eiband, Mohamed Khamis, Emanuel von Zezschwitz, Heinrich Hussmann, and Florian Alt. 2017. Understanding Shoulder Surfing in the Wild: Stories from Users and Observers. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems(CHI ’17). ACM, New York, NY, USA, 4254–4265. https://doi.org/10.1145/3025453.3025636Google ScholarDigital Library
- Anjuli Franz, Verena Zimmermann, Gregor Albrecht, Katrin Hartwig, Christian Reuter, Alexander Benlian, and Joachim Vogt. 2021. SoK: Still Plenty of Phish in the Sea — A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). USENIX Association, 339–358. https://www.usenix.org/conference/soups2021/presentation/franzGoogle Scholar
- Hugo Gamboa and Ana Fred. 2004. A behavioral biometric system based on human-computer interaction. In Biometric Technology for Human Identification, Anil K. Jain and Nalini K. Ratha (Eds.). Vol. 5404. International Society for Optics and Photonics, SPIE, 381 – 392. https://doi.org/10.1117/12.542625Google ScholarCross Ref
- Christopher Hadnagy. 2010. Social engineering: The art of human hacking. John Wiley & Sons.Google Scholar
- Yassir Hashem, Hassan Takabi, Mohammad GhasemiGol, and Ram Dantu. 2015. Towards insider threat detection using psychophysiological signals. In Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats. 71–74.Google ScholarDigital Library
- Mariam Hassib, Michael Braun, Bastian Pfleging, and Florian Alt. 2019. Detecting and influencing driver emotions using psycho-physiological sensors and ambient light. In Human-Computer Interaction–INTERACT 2019: 17th IFIP TC 13 International Conference, September 2–6, 2019, Proceedings, Part I 17. Springer, 721–742.Google ScholarDigital Library
- Mariam Hassib, Mohamed Khamis, Susanne Friedl, Stefan Schneegass, and Florian Alt. 2017. Brainatwork: Logging Cognitive Engagement and Tasks in the Workplace Using Electroencephalography. In Proceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia(MUM ’17). ACM, New York, NY, USA, 305–310. https://doi.org/10.1145/3152832.3152865Google ScholarDigital Library
- Mariam Hassib, Stefan Schneegass, Philipp Eiglsperger, Niels Henze, Albrecht Schmidt, and Florian Alt. 2017. EngageMeter: A System for Implicit Audience Engagement Sensing Using Electroencephalography. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems(CHI ’17). ACM, New York, NY, USA, 5114–5119. https://doi.org/10.1145/3025453.3025669Google ScholarDigital Library
- Heinke Hihn, Sascha Meudt, and Friedhelm Schwenker. 2016. Inferring mental overload based on postural behavior and gestures. In Proceedings of the 2nd workshop on emotion representations and modelling for companion systems. 1–4.Google ScholarDigital Library
- M Sazzad Hussain, Rafael A Calvo, and Fang Chen. 2014. Automatic cognitive load detection from face, physiology, task performance and fusion during affective interference. Interacting with computers 26, 3 (2014), 256–268.Google Scholar
- Stephen Hutt, Angela E.B. Stewart, Julie Gregg, Stephen Mattingly, and Sidney K. D’Mello. 2022. Feasibility of Longitudinal Eye-Gaze Tracking in the Workplace. Proc. ACM Hum.-Comput. Interact. 6, ETRA, Article 148 (may 2022), 21 pages. https://doi.org/10.1145/3530889Google ScholarDigital Library
- Christina Katsini, Yasmeen Abdrabou, George E. Raptidis, Mohamed Khamis, and Florian Alt. 2020. The Role of Eye Gaze in Security and Privacy Applications:Survey and Future HCI Research Directions. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems(CHI ’20). ACM, New York, NY, USA. https://doi.org/10.1145/3313831.3376840Google ScholarDigital Library
- Christina Katsini, Christos Fidas, George E. Raptis, Marios Belk, George Samaras, and Nikolaos Avouris. 2018. Eye Gaze-Driven Prediction of Cognitive Differences during Graphical Password Composition. In 23rd International Conference on Intelligent User Interfaces(IUI ’18). ACM, New York, NY, USA, 147–152. https://doi.org/10.1145/3172944.3172996Google ScholarDigital Library
- Ruhul Amin Khalil, Edward Jones, Mohammad Inayatullah Babar, Tariqullah Jan, Mohammad Haseeb Zafar, and Thamer Alhussain. 2019. Speech emotion recognition using deep learning techniques: A review. IEEE Access 7 (2019), 117327–117345.Google ScholarCross Ref
- Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction(ICMI ’17). ACM, New York, NY, USA, 446–450. https://doi.org/10.1145/3136755.3136809Google ScholarDigital Library
- Hassan Khan, Urs Hengartner, and Daniel Vogel. 2016. Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services(MobiSys ’16). ACM, New York, NY, USA, 387–398. https://doi.org/10.1145/2906388.2906404Google ScholarDigital Library
- M Asif Khawaja, Natalie Ruiz, and Fang Chen. 2007. Potential speech features for cognitive load measurement. In Proceedings of the 19th Australasian conference on computer-human interaction: Entertaining user interfaces. 57–60.Google ScholarDigital Library
- R Benjamin Knapp, Jonghwa Kim, and Elisabeth André. 2010. Physiological signals and their use in augmenting emotion recognition for human–machine interaction. In Emotion-oriented systems: The Humaine handbook. Springer, 133–159.Google Scholar
- Thomas Kosch, Mariam Hassib, Daniel Buschek, and Albrecht Schmidt. 2018. Look into My Eyes: Using Pupil Dilation to Estimate Mental Workload for Task Complexity Adaptation. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems(CHI EA ’18). ACM, New York, NY, USA, 1–6. https://doi.org/10.1145/3170427.3188643Google ScholarDigital Library
- Thomas Kosch, Mariam Hassib, Paweł W Woźniak, Daniel Buschek, and Florian Alt. 2018. Your eyes tell: Leveraging smooth pursuit for assessing cognitive workload. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 1–13.Google ScholarDigital Library
- Thomas Kosch, Jakob Karolus, Johannes Zagermann, Harald Reiterer, Albrecht Schmidt, and Paweł W. Woźniak. 2023. A Survey on Measuring Cognitive Workload in Human-Computer Interaction. ACM Comput. Surv. 55, 13s, Article 283 (jul 2023), 39 pages. https://doi.org/10.1145/3582272Google ScholarDigital Library
- Kat Krol, Matthew Moroz, and M. Angela Sasse. 2012. Don’t work. Can’t work? Why it’s time to rethink security warnings. In 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS). 1–8. https://doi.org/10.1109/CRISIS.2012.6378951Google ScholarDigital Library
- Manu Kumar, Tal Garfinkel, Dan Boneh, and Terry Winograd. 2007. Reducing Shoulder-Surfing by Using Gaze-Based Password Entry. In Proceedings of the 3rd Symposium on Usable Privacy and Security(SOUPS ’07). ACM, New York, NY, USA, 13–19. https://doi.org/10.1145/1280680.1280683Google ScholarDigital Library
- Daniel LeBlanc, Alain Forget, and Robert Biddle. 2010. Guessing click-based graphical passwords by eye tracking. In 2010 Eighth International Conference on Privacy, Security and Trust. 197–204. https://doi.org/10.1109/PST.2010.5593249Google ScholarCross Ref
- Chunyong Li, Jiguo Xue, Cheng Quan, Jingwei Yue, and Chenggang Zhang. 2018. Biometric recognition via texture features of eye movement trajectories in a visual searching task. PLOS ONE 13, 4 (04 2018), 1–24. https://doi.org/10.1371/journal.pone.0194475Google ScholarCross Ref
- Jonathan Liebers and Stefan Schneegass. 2020. Gaze-Based Authentication in Virtual Reality. In ACM Symposium on Eye Tracking Research & Applications(ETRA ’20 Adjunct). ACM, New York, NY, USA. https://doi.org/10.1145/3379157.3391421Google ScholarDigital Library
- Andrey V. Lyamin and Elena N. Cherepovskaya. 2015. Biometric student identification using low-frequency eye tracker. 191–195. https://doi.org/10.1109/ICAICT.2015.7338544Google ScholarCross Ref
- Aicha Maalej and Ilhem Kallel. 2020. Does keystroke dynamics tell us about emotions? A systematic literature review and dataset construction. In 2020 16th International Conference on Intelligent Environments (IE). IEEE, 60–67.Google ScholarCross Ref
- Mihajlov Martin, Trpkova Marija, and Arsenovski Sime. 2013. Eye tracking recognition-based graphical authentication. In 2013 7th International Conference on Application of Information and Communication Technologies. 1–5. https://doi.org/10.1109/ICAICT.2013.6722632Google ScholarCross Ref
- John McAlaney and Peter J. Hills. 2020. Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking. Frontiers in Psychology 11 (2020). https://doi.org/10.3389/fpsyg.2020.01756Google ScholarCross Ref
- Lukas Mecke, Daniel Buschek, Mathias Kiermeier, Sarah Prange, and Florian Alt. 2019. Exploring Intentional Behaviour Modifications for Password Typing on Mobile Touchscreen Devices. In Fifteenth Symposium on Usable Privacy and Security(SOUPS’19). USENIX, Santa Clara, CA, 303–317. https://doi.org/10.5555/3361476.3361499Google ScholarDigital Library
- Lukas Mecke, Sarah Delgado Rodriguez, Daniel Buschek, Sarah Prange, and Florian Alt. 2019. Communicating Device Confidence Level and Upcoming Re-Authentications in Continuous Authentication Systems on Mobile Devices. In Proceedings of the Fifteenth Symposium on Usable Privacy and Security(SOUPS’19). USENIX, Santa Clara, CA, 289–301. https://doi.org/10.5555/3361476.3361498Google ScholarDigital Library
- Daisuke Miyamoto, Takuji Iimura, Gregory Blanc, Hajime Tazaki, and Youki Kadobayashi. 2014. EyeBit: Eye-Tracking Approach for Enforcing Phishing Prevention Habits. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). 56–65. https://doi.org/10.1109/BADGERS.2014.14Google ScholarDigital Library
- Daisuke Miyamoto, Takuji Iimura, Gregory Blanc, Hajime Tazaki, and Youki Kadobayashi. 2014. EyeBit: Eye-Tracking Approach for Enforcing Phishing Prevention Habits. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). 56–65. https://doi.org/10.1109/BADGERS.2014.14Google ScholarDigital Library
- Rosana Montañez, Edward Golob, and Shouhuai Xu. 2020. Human Cognition Through the Lens of Social Engineering Cyberattacks. Frontiers in Psychology 11 (2020). https://doi.org/10.3389/fpsyg.2020.01755Google ScholarCross Ref
- Ajaya Neupane, Md Lutfor Rahman, Nitesh Saxena, and Leanne Hirshfield. 2015. A multi-modal neuro-physiological study of phishing detection and malware warnings. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 479–491.Google ScholarDigital Library
- Mark Nixon. 2008. Gait biometrics. Biometric Technology Today 16, 7 (2008), 8–9. https://doi.org/10.1016/S0969-4765(08)70103-6Google ScholarCross Ref
- Kevin Pfeffel, Philipp Ulsamer, and Nicholas H. Müller. 2019. Where the User Does Look When Reading Phishing Mails – An Eye-Tracking Study. In Learning and Collaboration Technologies. Designing Learning Experiences, Panayiotis Zaphiris and Andri Ioannou (Eds.). Springer International Publishing, Cham, 277–287.Google Scholar
- Ken Pfeuffer, Matthias Geiger, Sarah Prange, Lukas Mecke, Daniel Buschek, and Florian Alt. 2019. Behavioural Biometrics in VR - Identifying People from Body Motion and Relations in Virtual Reality. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems(CHI ’19). ACM, New York, NY, USA, 11 pages. https://doi.org/10.1145/3290605.3300340Google ScholarDigital Library
- Sarah Prange, Sven Mayer, Maria-Lena Bittl, Mariam Hassib, and Florian Alt. 2021. Investigating User Perceptions Towards Wearable Mobile Electromyography. In Proceedings of the 18th IFIP TC 13 International Conference on Human-Computer Interaction(INTERACT ’21). Springer, Berlin-Heidelberg, Germany. https://doi.org/10.1007/978-3-030-85610-6_20Google ScholarDigital Library
- George E. Raptis, Christina Katsini, Marios Belk, Christos Fidas, George Samaras, and Nikolaos Avouris. 2017. Using Eye Gaze Data and Visual Activities to Infer Human Cognitive Styles: Method and Feasibility Studies. In Proceedings of the 25th Conference on User Modeling, Adaptation and Personalization(UMAP ’17). ACM, New York, NY, USA, 164–173. https://doi.org/10.1145/3079628.3079690Google ScholarDigital Library
- Nataasha Raul, Radha Shankarmani, and Padmaja Joshi. 2020. A comprehensive review of keystroke dynamics-based authentication mechanism. In International Conference on Innovative Computing and Communications: Proceedings of ICICC 2019, Volume 2. Springer, 149–162.Google ScholarCross Ref
- Kenneth Revett. 2008. Behavioral biometrics: a remote access approach. Wiley.Google Scholar
- Emils Rozentals. 2021. Email load and stress impact on susceptibility to phishing and scam emails. Student Thesis, Lulea, Sweden.Google Scholar
- Alia Saad, Michael Chukwu, and Stefan Schneegass. 2018. Communicating Shoulder Surfing Attacks to Users. In Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia(MUM ’18). ACM, New York, NY, USA, 147–152. https://doi.org/10.1145/3282894.3282919Google ScholarDigital Library
- Lipsarani Sahoo, Nazmus Sakib Miazi, Mohamed Shehab, Florian Alt, and Yomna Abdelrahman. 2022. You Know Too Much: Investigating Users’ Perceptions and Privacy Concerns Towards Thermal Imaging. In Proceedings of the 2022 Privacy Symposium(Privacy’22). http://www.florian-alt.org/unibw/wp-content/publications/sahoo2022privacy.pdfGoogle ScholarCross Ref
- Florian Schaule, Jan Ole Johanssen, Bernd Bruegge, and Vivian Loftness. 2018. Employing Consumer Wearables to Detect Office Workers’ Cognitive Load for Interruption Management. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2, 1, Article 32 (mar 2018), 20 pages. https://doi.org/10.1145/3191764Google ScholarDigital Library
- Stefan Schneegass, Bastian Pfleging, Nora Broy, Frederik Heinrich, and Albrecht Schmidt. 2013. A data set of real world driving to assess driver workload. In Proceedings of the 5th international conference on automotive user interfaces and interactive vehicular applications. ACM, New York, NY, USA, 150–157. https://doi.org/10.1145/2516540.2516561Google ScholarDigital Library
- Jessica Schwarz, Sven Fuchs, and Frank Flemisch. 2014. Towards a more holistic view on user state assessment in adaptive human-computer interaction. In 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC). 1228–1234. https://doi.org/10.1109/SMC.2014.6974082Google ScholarCross Ref
- Sophie Stephenson, Bijeeta Pal, Stephen Fan, Earlence Fernandes, Yuhang Zhao, and Rahul Chatterjee. 2022. SoK: Authentication in Augmented and Virtual Reality. In 2022 IEEE Symposium on Security and Privacy (SP). 267–284. https://doi.org/10.1109/SP46214.2022.9833742Google ScholarCross Ref
- Viktor Taneski, Marjan Heričko, and Boštjan Brumen. 2019. Systematic overview of password security problems. Acta Polytechnica Hungarica 16, 3 (2019), 143–165.Google Scholar
- Viktor Taneski, Marjan Heričko, and Boštjan Brumen. 2014. Password security — No change in 35 years?. In 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). 1360–1365. https://doi.org/10.1109/MIPRO.2014.6859779Google ScholarCross Ref
- Pin Shen Teh, Andrew Beng Jin Teoh, and Shigang Yue. 2013. A survey of keystroke dynamics biometrics. The Scientific World Journal 2013 (2013).Google Scholar
- Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. “I Added ’!’ at the End to Make It Secure”: Observing Password Creation in the Lab. In Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security(SOUPS ’15). USENIX Association, USA, 123–140.Google Scholar
- Chang Zhi Wei. 2013. Stress emotion recognition based on RSP and EMG signals. In Advanced Materials Research, Vol. 709. Trans Tech Publ, 827–831.Google Scholar
- Alma Whitten and J. D. Tygar. 1999. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8(SSYM’99). USENIX Association, USA, 14.Google Scholar
- Emma J. Williams, Joanne Hinds, and Adam N. Joinson. [n. d.]. Exploring susceptibility to phishing in the workplace. International Journal of Human-Computer Studies 120 ([n. d.]), 1–13. https://doi.org/10.1016/j.ijhcs.2018.06.004Google ScholarCross Ref
- Takehiro Yamakoshi, Ken-ichi Yamakoshi, Shinobu Tanaka, Masamichi Nogawa, Mariko Shibata, Y Sawada, P Rolfe, and Yukio Hirose. 2007. A preliminary study on driver’s stress index using a new method based on differential skin temperature measurement. In 2007 29th Annual International Conference of the IEEE Engineering in Medicine and Biology Society. IEEE, 722–725.Google Scholar
- Kun Yu, Ronnie Taib, Marcus A Butavicius, Kathryn Parsons, and Fang Chen. 2019. Mouse behavior as an index of phishing awareness. In Human-Computer Interaction–INTERACT 2019: 17th IFIP TC 13 International Conference, Paphos, Cyprus, September 2–6, 2019, Proceedings, Part I 17. Springer, 539–548.Google Scholar
- Beste F Yuksel, Kurt B Oleson, Lane Harrison, Evan M Peck, Daniel Afergan, Remco Chang, and Robert JK Jacob. 2016. Learn piano with BACh: An adaptive learning interface that adjusts task difficulty based on brain state. In Proceedings of the 2016 CHI conference on human factors in computing systems. 5372–5384.Google ScholarDigital Library
- Sijie Zhuo, Robert Biddle, Yun Sing Koh, Danielle Lottridge, and Giovanni Russello. 2023. SoK: Human-Centered Phishing Susceptibility. ACM Trans. Priv. Secur. 26, 3, Article 24 (apr 2023), 27 pages. https://doi.org/10.1145/3575797Google ScholarDigital Library
- Mary Ellen Zurko and Richard T. Simon. 1996. User-Centered Security. In Proceedings of the 1996 Workshop on New Security Paradigms(NSPW ’96). ACM, New York, NY, USA, 27–33. https://doi.org/10.1145/304851.304859Google ScholarDigital Library
Index Terms
- Human-centered Behavioral and Physiological Security
Recommendations
Applying Human Learning Principles to User-Centered IoT Systems
IoT systems can benefit from a process model based on principles derived from the psychology and neuroscience of human behavior that emulates how humans acquire task knowledge and learn to adapt to changing context.
Future directions for behavioral information security research
Information Security (InfoSec) research is far reaching and includes many approaches to deal with protecting and mitigating threats to the information assets and technical resources available within computer based systems. Although a predominant ...
A method for incorporating usable security into computer security courses
SIGCSE '13: Proceeding of the 44th ACM technical symposium on Computer science educationSince human factor security exploits are on the rise, ensuring Usable Security has become extremely important for the overall security of computer systems. However, traditional undergraduate computer security curriculum focuses heavily on technical ...
Comments