APPS 2021: Third International Workshop on Adaptive and Personalized Privacy and Security

The work has been partially supported by the EU Horizon 2020 Grant 826278 “Securing Medical Data in Smart Patient-Centric Healthcare Systems” (Serums), and by a new European project, TRUSTID - Intelligent and Continuous Online Student Identity Management for Improving Security and Trust in European Higher Education Institutions, which is funded by the European Commission within the Erasmus+ 2020 Programme.The Third International Workshop on Adaptive and Personalized Privacy and Security (APPS 2021) aims to bring together researchers and practitioners working on diverse topics related to understanding and improving the usability of privacy and security software and systems, by applying user modeling, adaptation and personalization principles. Our special focus in 2021 is on challenges and opportunities related to the Covid-19 outbreak, more specifically on ensuring security and privacy of sensitive data and secure user interactions in online systems. The third edition of the workshop includes interdisciplinary contributions from Belgium, Cyprus, Germany, Greece, Portugal, the Netherlands, and United Kingdom, that introduce new and disruptive ideas, suggest novel solutions, and present research results about various aspects (theory, applications, tools) for bringing user modeling, adaptation and personalization principles into privacy and systems security. This summary gives a brief overview of APPS 2021, held online in conjunction with the 29th ACM Conference on User Modeling, Adaptation and Personalization (ACM UMAP 2021).Postprin

Security and usability of a personalized user authentication paradigm : insights from a longitudinal study with three healthcare organizations

Funding information: This research has been partially supported by the EU Horizon 2020 Grant 826278 "Securing Medical Data in Smart Patient-Centric Healthcare Systems" (Serums) , and the Research and Innovation Foundation (Project DiversePass: COMPLEMENTARY/0916/0182).This paper proposes a user-adaptable and personalized authentication paradigm for healthcare organizations, which anticipates to seamlessly reflect patients’ episodic and autobiographical memories to graphical and textual passwords aiming to improve the security strength of user-selected passwords and provide a positive user experience. We report on a longitudinal study that spanned over three years in which three public European healthcare organizations participated in order to design and evaluate the aforementioned paradigm. Three studies were conducted (n=169) with different stakeholders: i) a verification study aiming to identify existing authentication practices of the three healthcare organizations with diverse stakeholders (n=9); ii) a patient-centric feasibility study during which users interacted with the proposed authentication system (n=68); and iii) a human guessing attack study focusing on vulnerabilities among people sharing common experiences within location-aware images used for graphical passwords (n=92). Results revealed that the suggested paradigm scored high with regards to users’ likeability, perceived security, usability and trust, but more importantly it assists the creation of more secure passwords. On the downside, the suggested paradigm introduces password guessing vulnerabilities by individuals sharing common experiences with the end-users. Findings are expected to scaffold the design of more patient-centric knowledge-based authentication mechanisms within nowadays dynamic computation realms.PostprintPeer reviewe

A Human Cognitive Processing Perspective in Designing E-Commerce Checkout Processes

International audienceDesigning a usable checkout process is of paramount importance for both E-Commerce and M-Commerce success. Aiming to understand human-computer interactions during checkout and improve the usability and user experience of checkout tasks, this research work investigates the relation among users’ cognitive styles, and alternative checkout designs in terms of user preference and task performance. A controlled user study with 38 participants was conducted which entailed a psychometric-based survey for highlighting the users’ cognitive styles, combined with a real usage scenario with two variations of checkout designs that were deployed on standard desktop computers and mobile touch-based devices. Results suggest that human cognitive differences could play an important role in designing E-Commerce and M-Commerce checkout processes, and particularly users’ cognitive styles may affect the way users perceive and perform during such tasks

On the Accuracy of Eye Gaze-driven Classifiers for Predicting Image Content Familiarity in Graphical Passwords

Graphical passwords leverage the picture superiority effect to enhance memorability, and reflect today's haptic users' interaction realms. Images related to users' past sociocultural experiences (e.g., retrospective) enable the creation of memorable and secure passwords, while randomly system-assigned images (e.g., generic) lead to easy-to-predict hotspot regions within graphical password schemes. What remains rather unexplored is whether the image type could be inferred during the password creation. In this work, we present a between-subjects user study in which 37 participants completed a recall-based graphical password creation task with retrospective and generic images, while we were capturing their visual behavior. We found that the image type can be inferred within a few seconds in real-time. User adaptive mechanisms might benefit from our work's findings, by providing users early feedback whether they are moving towards the creation of a weak graphical password

On the Personalization of Image Content in Graphical Passwords based on Users' Sociocultural Experiences: New Challenges and Opportunities

Recent works underpin the added value of considering users' past sociocultural experiences as a personalization factor for the image content used within graphical password schemes, since it has a positive impact on the security and memorability of the user-chosen passwords. This paper discusses the need for personalization of the image content used in graphical password schemes, as well as the initial steps towards the realization of an image content personalization framework that aims to achieve a better equilibrium between security and memorability. The paper also discusses emerging challenges related to the elicitation and maintenance of individual sociocultural-centered user models, the image content personalization mechanism and privacy considerations

The PersonaWeb System: Personalizing E-Commerce Environments based on Human Factors

Abstract. This demonstration paper presents the PersonaWeb system, an adaptive interactive system that personalizes the visual and interaction design aspects of E-Commerce product views based on individual differences in cognitive processing. The PersonaWeb system consists of three main components: i) the user modeling component in which explicit and implicit user data collection methods are performed for eliciting the users' cognitive processing factors; ii) the content management component for creating and managing structured Web content; and iii) the adaptive user interface that is responsible for performing rule-based mechanisms for deciding and communicating a personalized visual and interaction design according to the users' cognitive characteristics

APPS 2022:fourth international workshop on adaptive and personalized privacy and security

The Fourth International Workshop on Adaptive and Personalized Privacy and Security (APPS 2022) aims to bring together researchers and practitioners working on diverse topics related to understanding and improving the usability of privacy and security software and systems, by applying user modeling, adaptation and personalization principles. The fourth edition of the workshop includes interdisciplinary contributions from Austria, Belgium, Cyprus, Germany, United Kingdom, and the United States of America, that introduce new and disruptive ideas, suggest novel solutions, and present research results about various aspects (theory, applications, tools) for bringing user modeling, adaptation and personalization principles into privacy and security systems. This summary gives a brief overview of APPS 2022, held both virtually and physically from Barcelona, Spain, in conjunction with the 30th ACM Conference on User Modeling, Adaptation and Personalization (ACM UMAP 2022).</p

Eye Gaze and Interaction Differences of Holistic Versus Analytic Users in Image-Recognition Human Interaction Proof Schemes

Image-recognition Human Interaction Proof (HIP) schemes are widely used security defense mechanisms that are utilized by service providers to determine whether a human user is interacting with their system and not malicious software. Inspired by recent research, which underpins the necessity for designing user-centered HIPs, this paper examines, in the frame of an accredited cognitive style theory (Field Dependence-Independence – FD-I), whether human cognitive differences in visual information processing affect users’ visual behavior when interacting with an image-recognition HIP challenge. For doing so, we conducted an eye tracking study (n = 46) in which users solved an image-recognition HIP challenge. Analysis of users’ interactions and eye gaze data revealed differences in users’ visual behavior and interactions between Holistic and Analytic users within image-recognition HIP tasks. Findings underpin the added value of considering users’ cognitive processing differences in the design of adaptive and adaptable HIP security schemes