GestureMeter: Evaluating Gesture Password Selection on Smartphones with Strength Meter

Department of Human Factors EngineeringGestures are potential authentication method for touchscreen devices and common tasks such as phone lock. While many studies have indicated gesture passwords can achieve high usability, evaluating their security remains a grey area. Key challenges stem from the small sample sizes in current gesture password studies and the requirement to use similarity-based recognition metrics which prevent the application of traditional entropy assessment methods. To overcome these problems, we perform a large-scale study online (N=2594). With the resulting data set, we develop a novel multi-stage discretization method and n-gram Markov models that enable us to assess the partial guessing entropy of gesture passwords and to create a novel clustering-based dictionary attack. We report then while partial guessing entropy appears to be greater than other common phone lock methods (e.g., Pin, pattern), gestures are highly susceptible to dictionary attack. To improve the security of gesture passwords, we develop a novel gesture password strength meter. Password strength meters has been previously proposed as an effective password policy that can improve the security of other authentication techniques such as passwords or pattern. Using the meter, we propose various mandated compliances in which users are restricted to meet certain level of strength: default (none), weak, fair, and strong. We validate the effectiveness of gesture strength meter designs on security by performing a follow up online study and applying the security framework and attacks established in the first study. The default policy improves the gesture password security with small cost in usability. This thesis concludes that gesture password meters can be an effective technique for improving the security of gesture authentication systems that deserve further study.clos

Design Principles of Mobile Information Systems in the Digital Transformation of the Workplace - Utilization of Smartwatch-based Information Systems in the Corporate Context

During the last decades, smartwatches emerged as an innovative and promising technology and hit the consumer market due to the accessibility of affordable devices and predominant acceptance caused by the considerable similarity to common wristwatches. With the unique characteristics of permanent availability, unobtrusiveness, and hands-free operation, they can provide additional value in the corporate context. Thus, this thesis analyzes use cases for smartwatches in companies, elaborates on the design of smartwatch-based information systems, and covers the usability of smartwatch applications during the development of smartwatch-based information systems. It is composed of three research complexes. The first research complex focuses on the digital assistance of (mobile) employees who have to execute manual work and have been excluded so far from the benefits of the digitalization since they cannot operate hand-held devices. The objective is to design smartwatch-based information systems to support workflows in the corporate context, facilitate the daily work of numerous employees, and make processes more efficient for companies. During a design science research approach, smartwatch-based software artifacts are designed and evaluated in use cases of production, support, security service, as well as logistics, and a nascent design theory is proposed to complement theory according to mobile information system research. The evaluation shows that, on the one hand, smartwatches have enormous potential to assist employees with a fast and ubiquitous exchange of information, instant notifications, collaboration, and workflow guidance while they can be operated incidentally during manual work. On the other hand, the design of smartwatch-based information systems is a crucial factor for successful long-term deployment in companies, and especially limitations according to the small form-factor, general conditions, acceptance of the employees, and legal regulations have to be addressed appropriately. The second research complex addresses smartwatch-based information systems at the office workplace. This broadens and complements the view on the utilization of smartwatches in the corporate context in addition to the mobile context described in the first research complex. Though smartwatches are devices constructed for mobile use, the utilization in low mobile or stationary scenarios also has benefits due they exhibit the characteristic of a wearable computer and are directly connected to the employee’s body. Various sensors can perceive employee-, environment- and therefore context-related information and demand the employees’ attention with proactive notifications that are accompanied by a vibration. Thus, a smartwatch-based and gamified information system for health promotion at the office workplace is designed and evaluated. Research complex three provides a closer look at the topic of usability concerning applications running on smartwatches since it is a crucial factor during the development cycle. As a supporting element for the studies within the first and second research complex, a framework for the usability analysis of smartwatch applications is developed. For research, this thesis contributes a systemization of the state-of-the-art of smartwatch utilization in the corporate context, enabling and inhibiting influence factors of the smartwatch adoption in companies, and design principles as well as a nascent design theory for smartwatch-based information systems to support mobile employees executing manual work. For practice, this thesis contributes possible use cases for smartwatches in companies, assistance in decision-making for the introduction of smartwatch-based information systems in the corporate context with the Smartwatch Applicability Framework, situated implementations of a smartwatch-based information system for typical use cases, design recommendations for smartwatch-based information systems, an implementation of a smartwatch-based information system for the support of mobile employees executing manual work, and a usability-framework for smartwatches to automatically access usability of existing applications providing suggestions for usability improvement

How do Smart watches influence the market of luxury watches with particular regard of the buying-reasons.

Ya no es necesario mirar el reloj de pulsera para saber la hora exacta. Los teléfonos inteligentes, el reloj del ordenador o el reloj del automóvil nos informan también sobre la hora. La gente paga miles de euros por un reloj de lujo, aunque podría comprar relojes mucho más económicos, que además cumplen la función de indicar la hora exacta. Hace unos años, los relojes inteligentes entraron en el mercado y ahora la gente puede obtener además datos como la distancia que recorren a pie por día o controlar su sueño... La pregunta es: ¿cómo reaccionarán los clientes de relojes de lujo? La intención de esta tesis, entre otros objetivos, es establecer los diferentes tipos de razones por las que los consumidores tienden a comprar relojes de lujo. Las diferentes razones pueden ser explicadas con la ayuda de modelos y variables psicológicas que facilitan la comprensión de los motivos del comportamiento de compra. En el estudio se trata de explicar la importancia y el significado de identidad de la marca con referencia a la compra de relojes inteligentes y relojes de lujo, iden-tificando los beneficios y características de los relojes inteligentes, que se entienden como productos sustitutivos de los relojes de lujo. Además, se pretende explicar las razones de compra de los relojes inteligentes en comparación con los motivos para comprar relojes de lujo, y averiguar si el cliente típico de relojes de lujo tiene los mismos motivos y razones de compra que el cliente de relojes inteligentes. A través del análisis de la teoría de la actitud y la teoría de la congruencia, con referencia al comportamiento de compra y su influencia en la elección de marca, se establece un modelo de ecuación estructural que responde a los objetivos mencionados. La intención es obtener una comprensión profunda del efecto psico-lógico de las marcas para poder explicar la toma de decisiones de compra de este tipo de productos. Para ello, se han realizado estudios empíricos basados en cues-tionarios anónimos sobre las marcas Apple Watch y Rolex. Se comprueba que la influencia de la intención de elección de marca es mayor en Apple, en comparación con los clientes de Rolex. La norma subjetiva tiene la mayor relevancia con referencia a la intención de elección de marca en Rolex. Además, la congruencia real no es positivamente relevante con respecto a la in-tención de elegir relojes de la marca Rolex; de hecho, la congruencia real del cliente de Rolex es insignificante en comparación con la congruencia ideal. Con referencia a Apple Watch, la congruencia ideal juega el papel más im-portante para la intención de la elección de la marca. La personalidad de la marca del Apple Watch está más cerca del ideal de la persona de prueba, en comparación con la persona de prueba de Rolex. Según este estudio, la congruencia funcional no tiene relevancia positiva con referencia a la intención de elección de marca de Apple Watch. Los criterios rele-vantes para la congruencia funcional para la muestra que se aplican en este estudio son: cómo de bien está fabricado el producto, si es un producto duradero, cómo de alta es la calidad del material de fabricación y cómo se percibe el diseño del producto. Estos criterios,Administración y Dirección de Empresa

Moving usable security research out of the lab: evaluating the use of VR studies for real-world authentication research

Empirical evaluations of real-world research artefacts that derive results from observations and experiments are a core aspect of usable security research. Expert interviews as part of this thesis revealed that the costs associated with developing and maintaining physical research artefacts often amplify human-centred usability and security research challenges. On top of that, ethical and legal barriers often make usability and security research in the field infeasible. Researchers have begun simulating real-life conditions in the lab to contribute to ecological validity. However, studies of this type are still restricted to what can be replicated in physical laboratory settings. Furthermore, historically, user study subjects were mainly recruited from local areas only when evaluating hardware prototypes. The human-centred research communities have recognised and partially addressed these challenges using online studies such as surveys that allow for the recruitment of large and diverse samples as well as learning about user behaviour. However, human-centred security research involving hardware prototypes is often concerned with human factors and their impact on the prototypes’ usability and security, which cannot be studied using traditional online surveys. To work towards addressing the current challenges and facilitating research in this space, this thesis explores if – and how – virtual reality (VR) studies can be used for real-world usability and security research. It first validates the feasibility and then demonstrates the use of VR studies for human-centred usability and security research through six empirical studies, including remote and lab VR studies as well as video prototypes as part of online surveys. It was found that VR-based usability and security evaluations of authentication prototypes, where users provide touch, mid-air, and eye-gaze input, greatly match the findings from the original real-world evaluations. This thesis further investigated the effectiveness of VR studies by exploring three core topics in the authentication domain: First, the challenges around in-the-wild shoulder surfing studies were addressed. Two novel VR shoulder surfing methods were implemented to contribute towards realistic shoulder surfing research and explore the use of VR studies for security evaluations. This was found to allow researchers to provide a bridge over the methodological gap between lab and field studies. Second, the ethical and legal barriers when conducting in situ usability research on authentication systems were addressed. It was found that VR studies can represent plausible authentication environments and that a prototype’s in situ usability evaluation results deviate from traditional lab evaluations. Finally, this thesis contributes a novel evaluation method to remotely study interactive VR replicas of real-world prototypes, allowing researchers to move experiments that involve hardware prototypes out of physical laboratories and potentially increase a sample’s diversity and size. The thesis concludes by discussing the implications of using VR studies for prototype usability and security evaluations. It lays the foundation for establishing VR studies as a powerful, well-evaluated research method and unfolds its methodological advantages and disadvantages