An Exploration of Countermeasures for Augmented Reality Shoulder Surfing Attacks

Information security is an area that IS researchers can and should contribute to (Zafar and Clark 2009), including password related research (Kreider 2018; Kreider and Rao 2010). One common attack against password entry, the shoulder surfing attack, occurs when an attacker unknowingly observes a user while entering their password (Tari et al. 2006), which has been shown to be a feasible attack using the Microsoft Hololens augmented reality wearable. While the attack was shown to be feasible, no countermeasures were explored. This paper will explore potential countermeasure to the shoulder surfing attack presented by Kreider (2018). The countermeasures will be explored both from an efficacy perspective, as well as a usability perspective. While other studies exploring this phenomena focus on the importance of discreet input, such as a haptic sensor (Roesner et al. 2014) and gesture control armbands utilizing electromyography (Zhang et al. 2017), our study will explore mechanisms not requiring discreetness

Revisiting Request for Adminship (RFA) Ten Years Later: How Do User Contributions Relate to Longevity in Wikipedia

Wikipedia, known as The Free Encyclopedia, is an online collaborative project providing free encyclopedia articles on a variety of topics (Burke and Kraut 2008). The project is possible due to an international network of independent volunteers, referred to as editors within the project (Viegas et al. 2007). While editors can perform basic tasks, a select set of tasks are reserved for those with the title administrator, such as deleting pages and blocking users. The title administrator is achieved after community assessment through a Request for Adminship or RfA (Kordzadeh and Kreider 2016; Kreider and Kordzadeh 2015).Ten years has since past from the time the cohorts of administrators were examined. As Wikipedia relies on the contributions of volunteers, including administrators, an interesting question is how long contributors will remain active in the project. This paper explores the factors related to promotion to administrator and longevity within the project

User Acceptance of Multiple Password Systems: A Proposed Study

The traditional means of user authentication based on usernames and passwords is subject to a number of behavioral concerns that can significantly reduce the security provided. As such, an important part of proposing a new authentication scheme should involve careful consideration of behavioral factors. Little research has actually examined the role user acceptance plays in different authentication schemes. Our research in progress proposes the investigation of user acceptance of a cognitive password system comprised of multiple authenticators. Specifically we will investigate the role that password characteristics, such as number of passwords and password complexity, coupled with frequency of use, play in users’ perceptions and overall willingness to faithfully adopt an alternative authentication system

Applying the Technology Acceptance Model (TAM) to Automatic Grading Technology for Large Projects

Autograding technology, a form of Computer Based Assessment (CBA), should allow course enrollments to grow without reducing the number of exercises, however, these gains are not expected to be immune to problems with adoption. This study utilizes the Technology Acceptance Model (TAM) to explore student and staff perceptions of autograding technology. This phenomena in the context of large projects. Our study explores the perceptions of 128 students and course staff in an online master degree program in computer science at a large public university. Our research design was chosen to leverage existing theories while also providing findings that will enable practitioners to apply them to their decision making regarding autograding technology. We find that perceived usefulness was significantly correlated with behavioral intention for both students and staff, leading to our hypotheses being supported and partially supported. Additionally, we find that perceived ease of use is only significantly correlated with student’s intentions, and does not apply to course staff

THE DISCOVERABILITY OF PASSWORD ENTRY USING VIRTUAL KEYBOARDS IN AN AUGMENTED REALITY WEARABLE: AN INITIAL PROOF OF CONCEPT

Wearable augmented reality (AR) devices provide users a way to utilize computing resources while taking advantage of the world around them through context sensitivity. These AR devices, utilizing traditional technologies such as wi-fi and webbrowsers, often rely on users to enter an alphanumeric username and password via a keyboard mechanism provided by the device. We explore the security of a head-worn wearable AR device and keyboard mechanism available in the Microsoft Hololens. Specifically, we explore the feasibility of password compromise through a shoulder surfing attack, the unknown observation of a user during the password entry process. We find that from a set of commonly used passwords, it is relatively easy to identify the password the user entered through recorded observation of the process. Additionally, when it was attempted to obfuscate the finger used to select the character in the AR keyboard, it was still possible to develop a guess as to what password was entered, as the user’s head motions used in the character selection process were still observable

Information Security Principles for Electronic Medical Record (EMR) Systems

A growing number of healthcare organizations are replacing their traditional record keeping methods with the electronic medical record (EMR) systems as part of an on-going effort toward the digitization of healthcare. With the growing use of this digital information system, concerns about the state of security for the EMR systems have also increased. In recent years, a large number of academic and non-academic research activities are directed toward the use and implementation of EMR, however, very few of these studies are focused on the issue of security within the EMR systems. This paper explores the basics of computer security and proposes security principles that should be considered as guidelines at the time of EMR systems implementations. Our analysis of the literature and theory provides new insight for researchers and assists healthcare practitioners with increased security for EMR adoption

A Framework for Cybersecurity Gap Analysis in Higher Education

The gap between those qualified for jobs in cybersecurity, and the needs of professionals remains an issue, despite the recent emergence of the importance of cybersecurity. Our project develops a holistic framework to perform a gap analysis by which institutes of higher education can start to understand and identify methods through which they can work to address this gap. While most existing frameworks focus purely on the curricular perspective, our framework extends this to also explore program capacity and the pipeline of incoming students

Quantifying Program Offerings with a Cybersecurity Education Maturity Model

The jobs gap is a problem in cybersecurity whereby there are insufficient number of qualified individuals to fill the jobs in this burgeoning area. Work has been done to understand this gap and close it. A framework for this gap analysis has been identified with 3 key dimensions: program offering, student pipeline and program capacity. This paper seeks to further explore the program offering dimension, developing a model for measuring academic program offerings. The purpose of this framework is to enable further research on efforts to decrease the jobs gap, specifically through state level initiatives and funding

Revisiting Request for Adminship (RfA) within Wikipedia: How Do User Contributions Instill Community Trust?

Research into successful Request for Adminship (RfA) within Wikipedia is primarily focused on the impact of the relationship between adminship candidates and voters on RfA success. Very few studies, however, have investigated how candidates’ contributions may predict their success in the RfA process. In this study, we examine the impact of content and social contributions as well as total contributions made by adminship candidates on the community\u27s overall decision as to whether to promote the candidate to administrator. We also assess the influence of clarity of contribution on RfA success. To do so, we collected data on 754 RfA cases and used logistic regression to test four hypotheses. Our results highlight the important role that user contribution behaviors and activity history have on the user’s success in the RfA process. The results also suggest that tenure and number of RfA attempts play a role in the RfA process. Our findings have implications for theory and practice

Reconceptualizing Knowledge Based Authentication for Augmented and Virtual Reality Contexts

Augmented and Virtual Reality (AR/VR) technology has advanced significantly in recent years, with recent applications in military, medicine, and education. Currently, most security artifacts utilized in AR/VR contexts are drawn from existing computing. These artifacts, however, were developed during the early ages of computing, to satisfy a completely different set of assumptions. In the context of AR/VR these assumptions have changed significantly. This research seeks to develop a general model of knowledge-based authentication (KBA). The model will be evaluated in the AR/VR context. This research will draw attention to the importance of considering security artifacts in the context for which they are being used, not for which they were originally developed. This work is expected to guide development of knowledge-based authentication in AR/VR, as well as provide guidance as future computing technologies are developed