Security And Privacy Of Medical Data:Challenges For Next-Generation Patient-Centric Healthcare Systems

This work has been supported by the EU H2020 grant Serums: Securing Medical Data in Smart Patient-Centric Healthcare Systems (code 826278).We describe the recently-started EU H2020 Serums: Securing Medical Data in Smart Patient-Centric Healthcare Systems project that aims to develop novel techniques for safe and secure collection, storage, exchange and analysis of medical data, allowing the patients of the next-generation smart healthcare centers to get the best possible treatment while respecting privacy and ownership of their sensitive personal data. Our goal is to significantly enhance trust in the new medical systems. We outline the techniques that will be extended/developed over the course of the project and describe the use cases that will be used to verify the effectiveness of these technologies in practice.Postprin

Towards a human-centered e-commerce personalization framework

This paper presents a personalization framework, namely PersonaWeb that adapts the visual and interaction design of E-Commerce Web environments based on human cognitive differences. In particular, it describes a user model formalization that incorporates a set of human cognitive factors (i.e., cognitive styles and working memory capacity) and an adaptation engine that personalizes the visual and interaction design attributes of E-Commerce product views. The proposed framework has been applied in a real-life E-Commerce Web-site and two subsequent user studies were conducted in which 135 users interacted with the personalized and the original (non-personalized) version of the same Web environment. Results indicate the added value of personalizing content and functionality of E-Commerce product views in terms of users' task completion performance

Integrating Human Factors and Semantic Mark-ups in Adaptive Interactive Systems

This paper focuses on incorporating individual differences in cognitive processing and semantic mark-ups in the context of adaptive interactive systems. In particular, a semantic Web-based adaptation framework is proposed that enables Web content providers to enrich content and functionality of Web environments with semantic mark-ups. The Web content is created using a Web authoring tool and is further processed and reconstructed by an adaptation mechanism based on cognitive factors of users. Main aim of this work is to investigate the added value of personalising content and functionality of Web environments based on the unique cognitive characteristics of users. Accordingly, a user study has been conducted that entailed a psychometric-based survey for extracting the users' cognitive characteristics, combined with a real usage scenario of an existing commercial Web environment that was enriched with semantic mark-ups and personalised based on different adaptation effects. The paper provides interesting insights in the design and development of adaptive interactive systems based on cognitive factors and semantic mark-ups

APPS 2021: Third International Workshop on Adaptive and Personalized Privacy and Security

The work has been partially supported by the EU Horizon 2020 Grant 826278 “Securing Medical Data in Smart Patient-Centric Healthcare Systems” (Serums), and by a new European project, TRUSTID - Intelligent and Continuous Online Student Identity Management for Improving Security and Trust in European Higher Education Institutions, which is funded by the European Commission within the Erasmus+ 2020 Programme.The Third International Workshop on Adaptive and Personalized Privacy and Security (APPS 2021) aims to bring together researchers and practitioners working on diverse topics related to understanding and improving the usability of privacy and security software and systems, by applying user modeling, adaptation and personalization principles. Our special focus in 2021 is on challenges and opportunities related to the Covid-19 outbreak, more specifically on ensuring security and privacy of sensitive data and secure user interactions in online systems. The third edition of the workshop includes interdisciplinary contributions from Belgium, Cyprus, Germany, Greece, Portugal, the Netherlands, and United Kingdom, that introduce new and disruptive ideas, suggest novel solutions, and present research results about various aspects (theory, applications, tools) for bringing user modeling, adaptation and personalization principles into privacy and systems security. This summary gives a brief overview of APPS 2021, held online in conjunction with the 29th ACM Conference on User Modeling, Adaptation and Personalization (ACM UMAP 2021).Postprin

A Human-Cognitive Perspective of Users’ Password Choices in Recognition-Based Graphical Authentication

Graphical password composition is an important part of graphical user authentication which affects the strength of the chosen password. Considering that graphical authentication is associated with visual search, perception, and information retrieval, in this paper we report on an eye-tracking study (N = 109) that aimed to investigate the effects of users’ cognitive styles toward the strength of the created passwords and shed light into whether and how the visual strategy of the users during graphical password composition is associated with the passwords’ strength. For doing so, we adopted Witkin’s Field Dependence-Independence theory, which underpins individual differences in visual information and cognitive processing, as graphical password composition tasks are associated with visual search. The analysis revealed that users with different cognitive processing characteristics followed different patterns of visual behavior during password composition which affected the strength of the created passwords. The findings underpin the need of considering human-cognitive characteristics as a design factor in graphical password schemes. The paper concludes by discussing implications for improving recognition-based graphical passwords through adaptation and personalization techniques based on individual cognitive characteristics

APPS 2020 : Second International Workshop on Adaptive and Personalized Privacy and Security

Funding: The work has been partially supported by the EU Horizon 2020 Grant 826278 “Securing Medical Data in Smart Patient-Centric Healthcare Systems”(Serums).The Second International Workshop on Adaptive and Personalized Privacy and Security (APPS 2020) aims to bring together researchers and practitioners working on diverse topics related to understanding and improving the usability of privacy and security software and systems, by applying user modeling, adaptation and personalization principles. Our special focus in 2020 is on healthcare systems, more specifically on ensuring security and privacy of medical data in smart patient-centric healthcare systems. The second edition of the workshop includes interdisciplinary contributions from Austria, Canada, China, Cyprus, Denmark, Germany, Greece, Israel, the Netherlands, Turkey and the UK that introduce new and disruptive ideas, suggest novel solutions, and present research results about various aspects (theory, applications, tools) for bringing user modeling, adaptation and personalization principles into privacy and systems security. This summary gives a brief overview of APPS 2020, held online in conjunction with the 28th ACM Conference on User Modeling, Adaptation and Personalization (ACM UMAP 2020).Postprin

The Interplay between Humans, Technology and User Authentication: A Cognitive Processing Perspective

This paper investigates the interplay among human cognitive processing differences (field dependence vs. field independence), alternative interaction device types (desktop vs. touch) and user authentication schemes (textual vs. graphical) towards task completion efficiency and effectiveness. A four-month user study (N=164) was performed under the light of the field dependence-independence theory which underpins human cognitive differences in visual perceptiveness as well as differences in handling contextual information in a holistic or analytic manner. Quantitative and qualitative analysis of results revealed that field independent (FI) users outperformed field dependent users (FD) in graphical authentication, FIs authenticated similarly well on desktop computers as on touch devices, while touch devices negatively affected textual password entry performance of FDs. Users’ feedback from a post-study survey further showed that FD users had memorability issues with graphical authentication and perceived the added difficulty when interacting with textual passwords on touch devices, in contrast to FI users that did not have significant usability and memorability issues on both authentication and interaction device types. Findings highlight the necessity to improve current approaches of knowledge-based user authentication research by incorporating human cognitive factors in both design and run-time. Such an approach is also proposed in this paper

Picture Passwords in Mixed Reality

We present HoloPass, a mixed reality application for the HoloLens wearable device, which allows users to perform user authentication tasks through gesture-based interaction. In particular, this paper reports the implementation of picture passwords for mixed reality environments, and highlights the development procedure, lessons learned from common design and development issues, and how they were addressed. It further reports a between-subjects study (N=30) which compared usability, security, and likeability aspects of picture passwords in mixed reality vs. traditional desktop contexts aiming to investigate and reason on the viability of picture passwords as an alternative user authentication approach for mixed reality. This work can be of value for enhancing and driving future implementations of picture passwords in mixed reality since initial results are promising towards following such a research line

Security and usability of a personalized user authentication paradigm : insights from a longitudinal study with three healthcare organizations

Funding information: This research has been partially supported by the EU Horizon 2020 Grant 826278 "Securing Medical Data in Smart Patient-Centric Healthcare Systems" (Serums) , and the Research and Innovation Foundation (Project DiversePass: COMPLEMENTARY/0916/0182).This paper proposes a user-adaptable and personalized authentication paradigm for healthcare organizations, which anticipates to seamlessly reflect patients’ episodic and autobiographical memories to graphical and textual passwords aiming to improve the security strength of user-selected passwords and provide a positive user experience. We report on a longitudinal study that spanned over three years in which three public European healthcare organizations participated in order to design and evaluate the aforementioned paradigm. Three studies were conducted (n=169) with different stakeholders: i) a verification study aiming to identify existing authentication practices of the three healthcare organizations with diverse stakeholders (n=9); ii) a patient-centric feasibility study during which users interacted with the proposed authentication system (n=68); and iii) a human guessing attack study focusing on vulnerabilities among people sharing common experiences within location-aware images used for graphical passwords (n=92). Results revealed that the suggested paradigm scored high with regards to users’ likeability, perceived security, usability and trust, but more importantly it assists the creation of more secure passwords. On the downside, the suggested paradigm introduces password guessing vulnerabilities by individuals sharing common experiences with the end-users. Findings are expected to scaffold the design of more patient-centric knowledge-based authentication mechanisms within nowadays dynamic computation realms.PostprintPeer reviewe