Glass Unlock

Winkler, Christian; Gugenheimer, Jan; Luca, Alexander De; Haas, Gabriel; Speidel, Philipp; Dobbelstein, David; Rukzio, Enrico

doi:10.1145/2702123.2702316

Cited by 30 publications

(12 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As established authentication methods like Android unlock patterns [46] and text-based input [37] are very easy to observe, most prior work focused on investigating and proposing alternative authentication concepts which conceal the entered secret and make the authentication process observation-resistant. A literature review indicates that improved observation-resistance is usually achieved by visual overload (e.g., [18,45,40]), indirect input (e.g., [12,49]), multiplexed input (e.g., [35,44]) or by establishing a second, non-observable, communication channel (e.g., [4,11,26,36,51]). That is, the presentation style or interaction concept are usually modified in a way that makes the input harder to observe.…”

Section: Related Workmentioning

confidence: 99%

Understanding Shoulder Surfing in the Wild

Eiband

Khamis

Zezschwitz

et al. 2017

Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems

138

140

View full text Add to dashboard Cite

Research has brought forth a variety of authentication systems to mitigate observation attacks. However, there is little work about shoulder surfing situations in the real world. We present the results of a user survey (N=174) in which we investigate actual stories about shoulder surfing on mobile devices from both users and observers. Our analysis indicates that shoulder surfing mainly occurs in an opportunistic, nonmalicious way. It usually does not have serious consequences, but evokes negative feelings for both parties, resulting in a variety of coping strategies. Observed data was personal in most cases and ranged from information about interests and hobbies to login data and intimate details about third persons and relationships. Thus, our work contributes evidence for shoulder surfing in the real world and informs implications for the design of privacy protection mechanisms.

show abstract

Section: Related Workmentioning

confidence: 99%

Understanding Shoulder Surfing in the Wild

Eiband

Khamis

Zezschwitz

et al. 2017

Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems

138

140

View full text Add to dashboard Cite

show abstract

“…We argue that authentication in virtual environments can improve practical security as the HMD serves as a secret channel between the user and the system. While established methods already perform well, we assume that the security could be further improved by switching to already published security-optimized concepts (e.g., [18], [54], [55]).…”

Section: B Seamless Authentication Improves Practical Securitymentioning

confidence: 99%

Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality

George¹,

Khamis²,

Zezschwitz³

et al. 2017

Proceedings 2017 Workshop on Usable Security

View full text Add to dashboard Cite

Virtual reality (VR) headsets are enabling a wide range of new opportunities for the user. For example, in the near future users may be able to visit virtual shopping malls and virtually join international conferences. These and many other scenarios pose new questions with regards to privacy and security, in particular authentication of users within the virtual environment. As a first step towards seamless VR authentication, this paper investigates the direct transfer of well-established concepts (PIN, Android unlock patterns) into VR. In a pilot study (N = 5) and a lab study (N = 25), we adapted existing mechanisms and evaluated their usability and security for VR. The results indicate that both PINs and patterns are well suited for authentication in VR. We found that the usability of both methods matched the performance known from the physical world. In addition, the private visual channel makes authentication harder to observe, indicating that authentication in VR using traditional concepts already achieves a good balance in the trade-off between usability and security. The paper contributes to a better understanding of authentication within VR environments, by providing the first investigation of established authentication methods within VR, and presents the base layer for the design of future authentication schemes, which are used in VR environments only. While authentication has been explored for multiple do-Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

“…Usable Privacy and Security (USEC) researchers have proposed a plethora of novel authentication schemes (e.g., [18,19,40,52,60,105]). Developing and evaluating prototype authentication systems often involves non-commodity hardware (e.g., special smartphone prototypes [18], private near-eye displays [111], or eye trackers [49]), and complex study setups (e.g., [7,Figure 3], [50,Figure 2]). This makes corresponding usability and security evaluations often costly and time consuming.…”

Section: Introductionmentioning

confidence: 99%

RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication Systems

Mathis

Vaniea

Khamis

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Figure 1: We evaluate and discuss the suitability of using Virtual Reality (VR) to conduct human-centred usability and security evaluations of real-world authentication systems. To this end, we replicated a recently introduced authentication scheme called CueAuth [52] (➊) into VR (➋). We then evaluate the usability and security of our replica and compare the results to the real-world evaluation of CueAuth [52].

show abstract

Glass Unlock

Cited by 30 publications

References 7 publications

Understanding Shoulder Surfing in the Wild

Understanding Shoulder Surfing in the Wild

Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality

RepliCueAuth: Validating the Use of a Lab-Based Virtual Reality Setup for Evaluating Authentication Systems

Contact Info

Product

Resources

About