Risks and potentials of graphical and gesture-based authentication for touchscreen mobile devices

While a few years ago, mobile phones were mainly used for making phone calls and texting short messages, the functionality of mobile devices has massively grown. We are surfing the web, sending emails and we are checking our bank accounts on the go. As a consequence, these internet-enabled devices store a lot of potentially sensitive data and require enhanced protection. We argue that authentication often represents the only countermeasure to protect mobile devices from unwanted access. Knowledge-based concepts (e.g., PIN) are the most used authentication schemes on mobile devices. They serve as the main protection barrier for many users and represent the fallback solution whenever alternative mechanisms fail (e.g., fingerprint recognition). This thesis focuses on the risks and potentials of gesture-based authentication concepts that particularly exploit the touch feature of mobile devices. The contribution of our work is threefold. Firstly, the problem space of mobile authentication is explored. Secondly, the design space is systematically evaluated utilizing interactive prototypes. Finally, we provide generalized insights into the impact of specific design factors and present recommendations for the design and the evaluation of graphical gesture-based authentication mechanisms. The problem space exploration is based on four research projects that reveal important real-world issues of gesture-based authentication on mobile devices. The first part focuses on authentication behavior in the wild and shows that the mobile context makes great demands on the usability of authentication concepts. The second part explores usability features of established concepts and indicates that gesture-based approaches have several benefits in the mobile context. The third part focuses on observability and presents a prediction model for the vulnerability of a given grid-based gesture. Finally, the fourth part investigates the predictability of user-selected gesture-based secrets. The design space exploration is based on a design-oriented research approach and presents several practical solutions to existing real-world problems. The novel authentication mechanisms are implemented into working prototypes and evaluated in the lab and the field. In the first part, we discuss smudge attacks and present alternative authentication concepts that are significantly more secure against such attacks. The second part focuses on observation attacks. We illustrate how relative touch gestures can support eyes-free authentication and how they can be utilized to make traditional PIN-entry secure against observation attacks. The third part addresses the problem of predictable gesture choice and presents two concepts which nudge users to select a more diverse set of gestures. Finally, the results of the basic research and the design-oriented applied research are combined to discuss the interconnection of design space and problem space. We contribute by outlining crucial requirements for mobile authentication mechanisms and present empirically proven objectives for future designs. In addition, we illustrate a systematic goal-oriented development process and provide recommendations for the evaluation of authentication on mobile devices.Während Mobiltelefone vor einigen Jahren noch fast ausschließlich zum Telefonieren und zum SMS schreiben genutzt wurden, sind die Anwendungsmöglichkeiten von Mobilgeräten in den letzten Jahren erheblich gewachsen. Wir surfen unterwegs im Netz, senden E-Mails und überprüfen Bankkonten. In der Folge speichern moderne internetfähigen Mobilgeräte eine Vielfalt potenziell sensibler Daten und erfordern einen erhöhten Schutz. In diesem Zusammenhang stellen Authentifizierungsmethoden häufig die einzige Möglichkeit dar, um Mobilgeräte vor ungewolltem Zugriff zu schützen. Wissensbasierte Konzepte (bspw. PIN) sind die meistgenutzten Authentifizierungssysteme auf Mobilgeräten. Sie stellen für viele Nutzer den einzigen Schutzmechanismus dar und dienen als Ersatzlösung, wenn alternative Systeme (bspw. Fingerabdruckerkennung) versagen. Diese Dissertation befasst sich mit den Risiken und Potenzialen gestenbasierter Konzepte, welche insbesondere die Touch-Funktion moderner Mobilgeräte ausschöpfen. Der wissenschaftliche Beitrag dieser Arbeit ist vielschichtig. Zum einen wird der Problemraum mobiler Authentifizierung erforscht. Zum anderen wird der Gestaltungsraum anhand interaktiver Prototypen systematisch evaluiert. Schließlich stellen wir generelle Einsichten bezüglich des Einflusses bestimmter Gestaltungsaspekte dar und geben Empfehlungen für die Gestaltung und Bewertung grafischer gestenbasierter Authentifizierungsmechanismen. Die Untersuchung des Problemraums basiert auf vier Forschungsprojekten, welche praktische Probleme gestenbasierter Authentifizierung offenbaren. Der erste Teil befasst sich mit dem Authentifizierungsverhalten im Alltag und zeigt, dass der mobile Kontext hohe Ansprüche an die Benutzerfreundlichkeit eines Authentifizierungssystems stellt. Der zweite Teil beschäftigt sich mit der Benutzerfreundlichkeit etablierter Methoden und deutet darauf hin, dass gestenbasierte Konzepte vor allem im mobilen Bereich besondere Vorzüge bieten. Im dritten Teil untersuchen wir die Beobachtbarkeit gestenbasierter Eingabe und präsentieren ein Vorhersagemodell, welches die Angreifbarkeit einer gegebenen rasterbasierten Geste abschätzt. Schließlich beschäftigen wir uns mit der Erratbarkeit nutzerselektierter Gesten. Die Untersuchung des Gestaltungsraums basiert auf einem gestaltungsorientierten Forschungsansatz, welcher zu mehreren praxisgerechte Lösungen führt. Die neuartigen Authentifizierungskonzepte werden als interaktive Prototypen umgesetzt und in Labor- und Feldversuchen evaluiert. Im ersten Teil diskutieren wir Fettfingerattacken ("smudge attacks") und präsentieren alternative Authentifizierungskonzepte, welche effektiv vor diesen Angriffen schützen. Der zweite Teil beschäftigt sich mit Angriffen durch Beobachtung und verdeutlicht wie relative Gesten dazu genutzt werden können, um blickfreie Authentifizierung zu gewährleisten oder um PIN-Eingaben vor Beobachtung zu schützen. Der dritte Teil beschäftigt sich mit dem Problem der vorhersehbaren Gestenwahl und präsentiert zwei Konzepte, welche Nutzer dazu bringen verschiedenartige Gesten zu wählen. Die Ergebnisse der Grundlagenforschung und der gestaltungsorientierten angewandten Forschung werden schließlich verknüpft, um die Verzahnung von Gestaltungsraum und Problemraum zu diskutieren. Wir präsentieren wichtige Anforderungen für mobile Authentifizierungsmechanismen und erläutern empirisch nachgewiesene Zielvorgaben für zukünftige Konzepte. Zusätzlich zeigen wir einen zielgerichteten Entwicklungsprozess auf, welcher bei der Entwicklung neuartiger Konzepte helfen wird und geben Empfehlungen für die Evaluation mobiler Authentifizierungsmethoden

Touch-screen Behavioural Biometrics on Mobile Devices

Robust user verification on mobile devices is one of the top priorities globally from a financial security and privacy viewpoint and has led to biometric verification complementing or replacing PIN and password methods. Research has shown that behavioural biometric methods, with their promise of improved security due to inimitable nature and the lure of unintrusive, implicit, continuous verification, could define the future of privacy and cyber security in an increasingly mobile world. Considering the real-life nature of problems relating to mobility, this study aims to determine the impact of user interaction factors that affect verification performance and usability for behavioural biometric modalities on mobile devices. Building on existing work on biometric performance assessments, it asks: To what extent does the biometric performance remain stable when faced with movements or change of environment, over time and other device related factors influencing usage of mobile devices in real-life applications? Further it seeks to provide answers to: What could further improve the performance for behavioural biometric modalities? Based on a review of the literature, a series of experiments were executed to collect a dataset consisting of touch dynamics based behavioural data mirroring various real-life usage scenarios of a mobile device. Responses were analysed using various uni-modal and multi-modal frameworks. Analysis demonstrated that existing verification methods using touch modalities of swipes, signatures and keystroke dynamics adapt poorly when faced with a variety of usage scenarios and have challenges related to time persistence. The results indicate that a multi-modal solution does have a positive impact towards improving the verification performance. On this basis, it is recommended to explore alternatives in the form of dynamic, variable thresholds and smarter template selection strategy which hold promise. We believe that the evaluation results presented in this thesis will streamline development of future solutions for improving the security of behavioural-based modalities on mobile biometrics

Designing sound : procedural audio research based on the book by Andy Farnell

In procedural media, data normally acquired by measuring something, commonly described as sampling, is replaced by a set of computational rules (procedure) that defines the typical structure and/or behaviour of that thing. Here, a general approach to sound as a definable process, rather than a recording, is developed. By analysis of their physical and perceptual qualities, natural objects or processes that produce sound are modelled by digital Sounding Objects for use in arts and entertainments. This Thesis discusses different aspects of Procedural Audio introducing several new approaches and solutions to this emerging field of Sound Design.Em Media Procedimental, os dados os dados normalmente adquiridos através da medição de algo habitualmente designado como amostragem, são substituídos por um conjunto de regras computacionais (procedimento) que definem a estrutura típica, ou comportamento, desse elemento. Neste caso é desenvolvida uma abordagem ao som definível como um procedimento em vez de uma gravação. Através da análise das suas características físicas e perceptuais , objetos naturais ou processos que produzem som, são modelados como objetos sonoros digitais para utilização nas Artes e Entretenimento. Nesta Tese são discutidos diferentes aspectos de Áudio Procedimental, sendo introduzidas várias novas abordagens e soluções para o campo emergente do Design Sonoro

Reading the Score: Music Novels and the Alternative World of Words

The aim of this thesis is to write a ‘music novel’ for children and by doing so examine some of the many ways words and music play a role in storytelling. A music novel can be studied critically and to write one is ultimately a creative act. Academic scholarship on literary representations of music has so far been primarily focused on attending to the presence and representation of Western classical music in adult literary texts. Eminent leaders in the field include Delia da Sousa Correa, Emily Petermann, and Werner Wolf. Research into music in children’s fiction has not been undertaken to such an extent. This thesis takes a first step towards readdressing this gap in knowledge, taking as examples children’s novels by Aimee Lucido (In the Key of Code, 2019), Philip Reeve (Railhead, 2015), and Lewis Carroll (Alice’s Adventures in Wonderland, 1865); and a more recent, contemporary adult novel by Matthew Herbert (The Music – A novel through sound, 2018). My detailed analysis centres on how music contributes to the construction and development of these works, as well as music that has made use of fiction as a compositional device in György Ligeti’s Nonsense Madrigals (1988-93). The theoretical framing of my study draws on work by Roland Barthes, John Cage, Jean-Jacques Nattiez, and Patricia Waugh. Underdog, my music novel aimed at readers aged eight years and over, is my creative response to the questions this thesis raises. The two soundscapes that accompany the novel are musical paratexts born from Underdog that help unite the words with the music beyond the printed page. I provide a critical reflection on the inspirations behind Underdog which serves as a bridge into critical case studies that investigate what happens when one art form (music) has infiltrated the other (fiction) as part of what Jean-Jacques Nattiez calls the poietic process. My study demonstrates that the literary techniques used in fiction to imitate music, regardless of genre, are shared. These traits include references to pop and classical music embedded in the text, imitation of motifs and numerical musical patterns associated with a particular piece of music, and individual pieces of music that underpin the construction of a literary work

The drivers of Corporate Social Responsibility in the supply chain. A case study.

Purpose: The paper studies the way in which a SME integrates CSR into its corporate strategy, the practices it puts in place and how its CSR strategies reflect on its suppliers and customers relations. Methodology/Research limitations: A qualitative case study methodology is used. The use of a single case study limits the generalizing capacity of these findings. Findings: The entrepreneur’s ethical beliefs and value system play a fundamental role in shaping sustainable corporate strategy. Furthermore, the type of competitive strategy selected based on innovation, quality and responsibility clearly emerges both in terms of well defined management procedures and supply chain relations as a whole aimed at involving partners in the process of sustainable innovation. Originality/value: The paper presents a SME that has devised an original innovative business model. The study pivots on the issues of innovation and eco-sustainability in a context of drivers for CRS and business ethics. These values are considered fundamental at International level; the United Nations has declared 2011 the “International Year of Forestry”

Social work with airports passengers

Social work at the airport is in to offer to passengers social services. The main methodological position is that people are under stress, which characterized by a particular set of characteristics in appearance and behavior. In such circumstances passenger attracts in his actions some attention. Only person whom he trusts can help him with the documents or psychologically

Introduction to Development Engineering

This open access textbook introduces the emerging field of Development Engineering and its constituent theories, methods, and applications. It is both a teaching text for students and a resource for researchers and practitioners engaged in the design and scaling of technologies for low-resource communities. The scope is broad, ranging from the development of mobile applications for low-literacy users to hardware and software solutions for providing electricity and water in remote settings. It is also highly interdisciplinary, drawing on methods and theory from the social sciences as well as engineering and the natural sciences. The opening section reviews the history of “technology-for-development” research, and presents a framework that formalizes this body of work and begins its transformation into an academic discipline. It identifies common challenges in development and explains the book’s iterative approach of “innovation, implementation, evaluation, adaptation.” Each of the next six thematic sections focuses on a different sector: energy and environment; market performance; education and labor; water, sanitation and health; digital governance; and connectivity. These thematic sections contain case studies from landmark research that directly integrates engineering innovation with technically rigorous methods from the social sciences. Each case study describes the design, evaluation, and/or scaling of a technology in the field and follows a single form, with common elements and discussion questions, to create continuity and pedagogical consistency. Together, they highlight successful solutions to development challenges, while also analyzing the rarely discussed failures. The book concludes by reiterating the core principles of development engineering illustrated in the case studies, highlighting common challenges that engineers and scientists will face in designing technology interventions that sustainably accelerate economic development. Development Engineering provides, for the first time, a coherent intellectual framework for attacking the challenges of poverty and global climate change through the design of better technologies. It offers the rigorous discipline needed to channel the energy of a new generation of scientists and engineers toward advancing social justice and improved living conditions in low-resource communities around the world

Introduction to Development Engineering

This open access textbook introduces the emerging field of Development Engineering and its constituent theories, methods, and applications. It is both a teaching text for students and a resource for researchers and practitioners engaged in the design and scaling of technologies for low-resource communities. The scope is broad, ranging from the development of mobile applications for low-literacy users to hardware and software solutions for providing electricity and water in remote settings. It is also highly interdisciplinary, drawing on methods and theory from the social sciences as well as engineering and the natural sciences. The opening section reviews the history of “technology-for-development” research, and presents a framework that formalizes this body of work and begins its transformation into an academic discipline. It identifies common challenges in development and explains the book’s iterative approach of “innovation, implementation, evaluation, adaptation.” Each of the next six thematic sections focuses on a different sector: energy and environment; market performance; education and labor; water, sanitation and health; digital governance; and connectivity. These thematic sections contain case studies from landmark research that directly integrates engineering innovation with technically rigorous methods from the social sciences. Each case study describes the design, evaluation, and/or scaling of a technology in the field and follows a single form, with common elements and discussion questions, to create continuity and pedagogical consistency. Together, they highlight successful solutions to development challenges, while also analyzing the rarely discussed failures. The book concludes by reiterating the core principles of development engineering illustrated in the case studies, highlighting common challenges that engineers and scientists will face in designing technology interventions that sustainably accelerate economic development. Development Engineering provides, for the first time, a coherent intellectual framework for attacking the challenges of poverty and global climate change through the design of better technologies. It offers the rigorous discipline needed to channel the energy of a new generation of scientists and engineers toward advancing social justice and improved living conditions in low-resource communities around the world