International Journal of Human–Computer Interaction, 2021
Iterative design, implementation, and evaluation of prototype systems is a common approach in Hum... more Iterative design, implementation, and evaluation of prototype systems is a common approach in Human-Computer Interaction (HCI) and Usable Privacy and Security (USEC); however, research involving physical prototypes can be particularly challenging. We report on twelve interviews with established and nascent USEC researchers who prototype security and privacy-protecting systems and have published work in top-tier venues. Our interviewees range from professors to senior PhD candidates, and researchers from industry. We discussed their experiences conducting USEC research that involves prototyping, opinions on the challenges involved, and the ecological validity issues surrounding current evaluation approaches. We identify the challenges faced by researchers in this area such as the high costs of conducting field studies when evaluating hardware prototypes, the scarcity of open-source material, and the resistance to novel prototypes. We conclude with a discussion of how the USEC community currently supports researchers in overcoming these challenges and places to potentially improve support.
While extended reality (XR) research usually takes place in a controlled lab setting, the COVID-1... more While extended reality (XR) research usually takes place in a controlled lab setting, the COVID-19 pandemic has forced many researchers to move their research out of the lab and conduct so called “Remote XR Research”. Our position for the workshop is two-fold: First, there is a need to define what the term “Remote XR Research” means and identify the key challenges in validating remote XR research as a methodology. This enables researchers to understand the advantages (e.g., better representation of demographics, remote in-situ experiments) and the potential pitfalls of this research method for HCI research. Second, remote XR research (however it is defined) can be particularly helpful in situations where researchers aim to study real-world systems or user behaviour that are usually challenging to study or require a significant amount of effort and resources. Remote XR studies can and should, if the research question(s) and research aim(s) allow it, be applied to different fields of ...
Proceedings of the 13th Biannual Conference of the Italian SIGCHI Chapter: Designing the next interaction, 2019
This paper describes the first edition of the Human-Centered Cybersecurity workshop, held in conj... more This paper describes the first edition of the Human-Centered Cybersecurity workshop, held in conjunction with CHItaly 2019. Cyber attacks have been increasing in the recent years. Although users have been identified as one of the major security weaknesses in today's technologies, many cyber-attack preventions focus on systems and technology without addressing user-related issues. The workshop aims at attracting researchers and practitioners whose research addresses human related topics of cybersecurity. This paper also reports a brief description of the accepted contributions.
Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia, 2018
Most of the already existing authentication schemes are subject to multiple types of side-channel... more Most of the already existing authentication schemes are subject to multiple types of side-channel attacks such as shoulder surfing, smudge attacks, and thermal attacks. Meanwhile, motion sensors and eye trackers are becoming more accurate. We propose a novel authentication technique that leverages a combination of mid-air gestures and gaze input for shoulder surfing resilient authentication. The aim is to complicate shoulder surfing attacks by dividing the attacker's attention onto 1) the user's eyes, 2) hand-gestures, and 3) the screen. We report on the concept and implementation of the approach using both random and fixed layouts.
A study was conducted to evaluate the effect of three mixed rations formulated using locally avai... more A study was conducted to evaluate the effect of three mixed rations formulated using locally available feed resources on growth performance, carcass characteristic and the potential revenue returns from goats fattening enterprise in Zanzibar. Seventy two un-castrated local goats (9 – 12 months old) with initial body weight of 14.24 ± 1.39 to 14.59 ± 3.7 kg were divided into three groups of 24 animals each and were randomly allocated into three dietary treatments (D1, D2 and D3) for 90 days. Each treatment was replicated three times with eight (8) animals per replication. The three diets contained 30% concentrates and 70% roughages from three species (Gliricidia sepium, Tripsicum laxum. and Cynodon dactylon). The roughages were mixed at 10:25:35 of respectively Gliricidia Sepium, Tripsicum . Laxum and C.dactylon for D1. In D2 the corresponding mixture was 10:35:25 while for D3 it was 10:30:30. The concentrate part was formed by combination of Rice polish: Maize bran at respectively 1...
25th ACM Symposium on Virtual Reality Software and Technology, 2019
Cutscenes in Virtual Reality (VR) games enhance story telling by delivering output in the form of... more Cutscenes in Virtual Reality (VR) games enhance story telling by delivering output in the form of visual, auditory, or haptic feedback (e.g., using vibrating handheld controllers). Since they lack interaction in the form of user input, cutscenes would significantly benefit from improved feedback. We introduce the concept and implementation of ElectroCutscenes, where Electric Muscle Stimulation (EMS) is leveraged to elicit physical user movements to different body parts to correspond to those of personal avatars in cutscenes of VR games while the user stays passive. Through a user study (N=22) in which users passively received kinesthetic feedback resulting in involuntarily movements, we show that Elec-troCutscenes significantly increases perceived presence and realism compared to controller-based vibrotactile and no haptic feedback.
Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society, 2020
There may be differences between this version and the published version. You are advised to consu... more There may be differences between this version and the published version. You are advised to consult the publisher's version if you wish to cite from it.
Proceedings of the International Conference on Advanced Visual Interfaces, 2020
This paper investigates how smartphone users perceive switching from their primary authentication... more This paper investigates how smartphone users perceive switching from their primary authentication mechanism to a fallback one, based on the context. This is useful in cases where the primary mechanism fails (e.g., wet fingers when using fingerprint). While prior work introduced the concept, we are the first to investigate its perception by users and their willingness to follow a system's suggestion for a switch. We present findings from a two-week field study (N=29) using an Android app, showing that users are willing to adopt alternative mechanisms when prompted. We discuss how context-awareness can improve the perception of authentication reliability and potentially improve usability and security. CCS CONCEPTS • Human-centered computing → Field studies; Smartphones; • Security and privacy → Biometrics.
Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, 2017
Figure 1: In this work we investigate thermal attacks against PINs and patterns on mobile devices... more Figure 1: In this work we investigate thermal attacks against PINs and patterns on mobile devices. After entering PINs (a-c) or patterns (d-f) on a touch screen, a heat trace remains on the screen and can be made visible via thermal imaging.
Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems, 2018
Similar to research in behavioral psychology, research in privacy and usable security has focused... more Similar to research in behavioral psychology, research in privacy and usable security has focused mainly on Western, Educated, Industrialized, Rich, and Democratic (WEIRD) societies. This excludes a large portion of the population affected by privacy implications of technology. In this work, we report on a survey (N=117) in which we studied technologyrelated privacy concerns of users from different countries, including developing countries such as Egypt, and Saudi Arabia, and developed countries such as Germany. By comparing results from those countries, and relating our findings to previous work, we brought forth multiple novel insights that are specific to privacy of users from underinvestigated countries. We discuss the implications of our findings on the design of privacy protection mechanisms.
Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, 2018
We present Pocket Transfers: interaction techniques that allow users to transfer content from sit... more We present Pocket Transfers: interaction techniques that allow users to transfer content from situated displays to a personal mobile device while keeping the device in a pocket or bag. Existing content transfer solutions require direct manipulation of the mobile device, making interaction slower and less flexible. Our introduced techniques employ touch, midair gestures, gaze, and a multimodal combination of gaze and mid-air gestures. We evaluated the techniques in a novel user study (N=20), where we considered dynamic scenarios where the user approaches the display, completes the task, and leaves. We show that all pocket transfer techniques are fast and seen as highly convenient. Mid-air gestures are the most efficient touchless method for transferring a single item, while the multimodal method is the fastest touchless method when multiple items are transferred. We provide guidelines to help researchers and practitioners choose the most suitable content transfer techniques for their systems.
Companion Proceedings of the 2020 Conference on Interactive Surfaces and Spaces, 2020
Established as separate disciplines, Augmented Reality (AR) and Virtual Reality (VR) have already... more Established as separate disciplines, Augmented Reality (AR) and Virtual Reality (VR) have already positioned themselves as strong research disciplines. However, being part of the same Reality-Virtuality continuum, as presented by Paul Milgram, it is possible to envision (i) a smooth transition between systems using different degrees of virtuality or (ii) collaboration between users using different systems with different degrees of virtuality. We refer to these types of systems as cross-reality (XR) systems, which can better fulfil different modalities for a given task or context of use, and potentially enable rich applications in training, education, remote assistance, or emergency response compared to individual closed systems. This workshop will bring together researchers and practitioners that are interested in XR to identify current issues and future directions of research while the long-term goal is to create a strong interdisciplinary research community and foster future development of the discipline and collaborations.
Proceedings of the 6th ACM International Symposium on Pervasive Displays, 2017
As public displays continue to deliver increasingly private and personalized content, there is a ... more As public displays continue to deliver increasingly private and personalized content, there is a need to ensure that only the legitimate users can access private information in sensitive contexts. While public displays can adopt similar authentication concepts like those used on public terminals (e.g., ATMs), authentication in public is subject to a number of risks. Namely, adversaries can uncover a user's password through (1) shoulder surfing, (2) thermal attacks, or (3) smudge attacks. To address this problem we propose GTmoPass, an authentication architecture that enables Multi-factor user authentication on public displays. The first factor is a knowledge-factor: we employ a shoulder-surfing resilient multimodal scheme that combines gaze and touch input for password entry. The second factor is a possession-factor: users utilize their personal mobile devices, on which they enter the password. Credentials are securely transmitted to a server via Bluetooth beacons. We describe the implementation of GTmoPass and report on an evaluation of its usability and security, which shows that although authentication using GTmoPass is slightly slower than traditional methods, it protects against the three aforementioned threats.
Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, 2020
Figure 1. We explore whether field studies on public displays can be conducted in virtual reality... more Figure 1. We explore whether field studies on public displays can be conducted in virtual reality. In two user studies we compare user behavior between a real public space (left) and a virtual public space (middle). For one study, we developed a gesture-controlled display for both environments (right).
This paper contributes an in-depth understanding of privacy concerns and perceptions of Arab user... more This paper contributes an in-depth understanding of privacy concerns and perceptions of Arab users. We report on the first comparison of privacy perceptions among 1) users from high socioeconomic groups in Arab countries (HSA), 2) users from medium to low socioeconomic groups in Arab countries (LSA), and 3) as a baseline, users from high socioeconomic groups in Germany (HSG). Our work is motivated by the fact that most research in privacy focused on Western, Educated, Industrialized, Rich, and Democratic (WEIRD) societies. This excludes a segment of the population whose cultural norms and socioeconomic status influence privacy perception and needs. We report on multiple novel findings and unexpected similarities and differences across the user groups. For example, shoulder surfing is more common across LSA and HSG, and defamation is a major threat in LSA. We discuss the implications of our findings on the design of privacy protection measures for investigated groups.
Figure 1: We investigate the impact of an avatar's fidelity on a bystander's performance when ide... more Figure 1: We investigate the impact of an avatar's fidelity on a bystander's performance when identifying the avatar's touch, mid-air, and eye gaze gestures. We had an abstract avatar (➋) and two more realistic avatars (➌, ➍), which are provided by Microsoft Research [24] and modified based on our investigation. We use touch, mid-air, and eye gaze gestures performed by a human in the real world (➊) as our baseline.
Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia, 2018
Users often need to authenticate at situated displays in order to, for example, make purchases, a... more Users often need to authenticate at situated displays in order to, for example, make purchases, access sensitive information, or confirm an identity. However, the exposure of interactions in public spaces introduces a large attack surface (e.g., observation, smudge or thermal attacks). A plethora of authentication models and input modalities that aim at disguising users' input has been presented in the past. However, a comprehensive analysis on the requirements for secure and usable authentication on public displays is still missing. This work presents 13 design consideration suitable to inform practitioners and researchers during the development process of authentication systems for situated displays in public spaces. It draws on a comprehensive analysis of prior literature and subsequent discussion with five experts in the field of pervasive displays, human-computer-interaction and usable security.
Technology-Augmented Perception and Cognition, 2021
In this chapter we present a privacy and security framework for designers of technologies that au... more In this chapter we present a privacy and security framework for designers of technologies that augment humans' cognitive and perceptive capabilities. The framework consists of several groups of questions, meant to guide designers during the different stages of the design process. The objective of our work is to support the need for considering implications of novel technologies with regard to privacy and security early in the design process rather than post-hoc. The framework is based on a thorough review of the technologies presented earlier on in this book as well as of prior research in the field of technology augmentation. From this review we derived several themes that are not only valuable pointers for future work but also serve as a basis for the subsequent framework. We point out the need to focus on the following aspects: data handling, awareness, user consent, and the design of the user interface. OpenSim is an open-source platform for hosting virtual worlds. It was used for many years by Second Life and forms the basis of the US Military MOSES project.
ACM Transactions on Computer-Human Interaction, 2021
There is a growing need for usable and secure authentication in immersive virtual reality (VR). E... more There is a growing need for usable and secure authentication in immersive virtual reality (VR). Established concepts (e.g., 2D authentication schemes) are vulnerable to observation attacks, and most alternatives are relatively slow. We present RubikAuth, an authentication scheme for VR where users authenticate quickly and secure by selecting digits from a virtual 3D cube that leverages coordinated 3D manipulation and pointing. We report on results from three studies comparing how pointing using eye gaze, head pose, and controller tapping impact RubikAuth’s usability, memorability, and observation resistance under three realistic threat models. We found that entering a four-symbol RubikAuth password is fast: 1.69–3.5 s using controller tapping, 2.35–4.68 s using head pose and 2.39 –4.92 s using eye gaze, and highly resilient to observations: 96–99.55% of observation attacks were unsuccessful. RubikAuth also has a large theoretical password space: 45 n for an n -symbols password. Our ...
International Journal of Human–Computer Interaction, 2021
Iterative design, implementation, and evaluation of prototype systems is a common approach in Hum... more Iterative design, implementation, and evaluation of prototype systems is a common approach in Human-Computer Interaction (HCI) and Usable Privacy and Security (USEC); however, research involving physical prototypes can be particularly challenging. We report on twelve interviews with established and nascent USEC researchers who prototype security and privacy-protecting systems and have published work in top-tier venues. Our interviewees range from professors to senior PhD candidates, and researchers from industry. We discussed their experiences conducting USEC research that involves prototyping, opinions on the challenges involved, and the ecological validity issues surrounding current evaluation approaches. We identify the challenges faced by researchers in this area such as the high costs of conducting field studies when evaluating hardware prototypes, the scarcity of open-source material, and the resistance to novel prototypes. We conclude with a discussion of how the USEC community currently supports researchers in overcoming these challenges and places to potentially improve support.
While extended reality (XR) research usually takes place in a controlled lab setting, the COVID-1... more While extended reality (XR) research usually takes place in a controlled lab setting, the COVID-19 pandemic has forced many researchers to move their research out of the lab and conduct so called “Remote XR Research”. Our position for the workshop is two-fold: First, there is a need to define what the term “Remote XR Research” means and identify the key challenges in validating remote XR research as a methodology. This enables researchers to understand the advantages (e.g., better representation of demographics, remote in-situ experiments) and the potential pitfalls of this research method for HCI research. Second, remote XR research (however it is defined) can be particularly helpful in situations where researchers aim to study real-world systems or user behaviour that are usually challenging to study or require a significant amount of effort and resources. Remote XR studies can and should, if the research question(s) and research aim(s) allow it, be applied to different fields of ...
Proceedings of the 13th Biannual Conference of the Italian SIGCHI Chapter: Designing the next interaction, 2019
This paper describes the first edition of the Human-Centered Cybersecurity workshop, held in conj... more This paper describes the first edition of the Human-Centered Cybersecurity workshop, held in conjunction with CHItaly 2019. Cyber attacks have been increasing in the recent years. Although users have been identified as one of the major security weaknesses in today's technologies, many cyber-attack preventions focus on systems and technology without addressing user-related issues. The workshop aims at attracting researchers and practitioners whose research addresses human related topics of cybersecurity. This paper also reports a brief description of the accepted contributions.
Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia, 2018
Most of the already existing authentication schemes are subject to multiple types of side-channel... more Most of the already existing authentication schemes are subject to multiple types of side-channel attacks such as shoulder surfing, smudge attacks, and thermal attacks. Meanwhile, motion sensors and eye trackers are becoming more accurate. We propose a novel authentication technique that leverages a combination of mid-air gestures and gaze input for shoulder surfing resilient authentication. The aim is to complicate shoulder surfing attacks by dividing the attacker's attention onto 1) the user's eyes, 2) hand-gestures, and 3) the screen. We report on the concept and implementation of the approach using both random and fixed layouts.
A study was conducted to evaluate the effect of three mixed rations formulated using locally avai... more A study was conducted to evaluate the effect of three mixed rations formulated using locally available feed resources on growth performance, carcass characteristic and the potential revenue returns from goats fattening enterprise in Zanzibar. Seventy two un-castrated local goats (9 – 12 months old) with initial body weight of 14.24 ± 1.39 to 14.59 ± 3.7 kg were divided into three groups of 24 animals each and were randomly allocated into three dietary treatments (D1, D2 and D3) for 90 days. Each treatment was replicated three times with eight (8) animals per replication. The three diets contained 30% concentrates and 70% roughages from three species (Gliricidia sepium, Tripsicum laxum. and Cynodon dactylon). The roughages were mixed at 10:25:35 of respectively Gliricidia Sepium, Tripsicum . Laxum and C.dactylon for D1. In D2 the corresponding mixture was 10:35:25 while for D3 it was 10:30:30. The concentrate part was formed by combination of Rice polish: Maize bran at respectively 1...
25th ACM Symposium on Virtual Reality Software and Technology, 2019
Cutscenes in Virtual Reality (VR) games enhance story telling by delivering output in the form of... more Cutscenes in Virtual Reality (VR) games enhance story telling by delivering output in the form of visual, auditory, or haptic feedback (e.g., using vibrating handheld controllers). Since they lack interaction in the form of user input, cutscenes would significantly benefit from improved feedback. We introduce the concept and implementation of ElectroCutscenes, where Electric Muscle Stimulation (EMS) is leveraged to elicit physical user movements to different body parts to correspond to those of personal avatars in cutscenes of VR games while the user stays passive. Through a user study (N=22) in which users passively received kinesthetic feedback resulting in involuntarily movements, we show that Elec-troCutscenes significantly increases perceived presence and realism compared to controller-based vibrotactile and no haptic feedback.
Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society, 2020
There may be differences between this version and the published version. You are advised to consu... more There may be differences between this version and the published version. You are advised to consult the publisher's version if you wish to cite from it.
Proceedings of the International Conference on Advanced Visual Interfaces, 2020
This paper investigates how smartphone users perceive switching from their primary authentication... more This paper investigates how smartphone users perceive switching from their primary authentication mechanism to a fallback one, based on the context. This is useful in cases where the primary mechanism fails (e.g., wet fingers when using fingerprint). While prior work introduced the concept, we are the first to investigate its perception by users and their willingness to follow a system's suggestion for a switch. We present findings from a two-week field study (N=29) using an Android app, showing that users are willing to adopt alternative mechanisms when prompted. We discuss how context-awareness can improve the perception of authentication reliability and potentially improve usability and security. CCS CONCEPTS • Human-centered computing → Field studies; Smartphones; • Security and privacy → Biometrics.
Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, 2017
Figure 1: In this work we investigate thermal attacks against PINs and patterns on mobile devices... more Figure 1: In this work we investigate thermal attacks against PINs and patterns on mobile devices. After entering PINs (a-c) or patterns (d-f) on a touch screen, a heat trace remains on the screen and can be made visible via thermal imaging.
Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems, 2018
Similar to research in behavioral psychology, research in privacy and usable security has focused... more Similar to research in behavioral psychology, research in privacy and usable security has focused mainly on Western, Educated, Industrialized, Rich, and Democratic (WEIRD) societies. This excludes a large portion of the population affected by privacy implications of technology. In this work, we report on a survey (N=117) in which we studied technologyrelated privacy concerns of users from different countries, including developing countries such as Egypt, and Saudi Arabia, and developed countries such as Germany. By comparing results from those countries, and relating our findings to previous work, we brought forth multiple novel insights that are specific to privacy of users from underinvestigated countries. We discuss the implications of our findings on the design of privacy protection mechanisms.
Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, 2018
We present Pocket Transfers: interaction techniques that allow users to transfer content from sit... more We present Pocket Transfers: interaction techniques that allow users to transfer content from situated displays to a personal mobile device while keeping the device in a pocket or bag. Existing content transfer solutions require direct manipulation of the mobile device, making interaction slower and less flexible. Our introduced techniques employ touch, midair gestures, gaze, and a multimodal combination of gaze and mid-air gestures. We evaluated the techniques in a novel user study (N=20), where we considered dynamic scenarios where the user approaches the display, completes the task, and leaves. We show that all pocket transfer techniques are fast and seen as highly convenient. Mid-air gestures are the most efficient touchless method for transferring a single item, while the multimodal method is the fastest touchless method when multiple items are transferred. We provide guidelines to help researchers and practitioners choose the most suitable content transfer techniques for their systems.
Companion Proceedings of the 2020 Conference on Interactive Surfaces and Spaces, 2020
Established as separate disciplines, Augmented Reality (AR) and Virtual Reality (VR) have already... more Established as separate disciplines, Augmented Reality (AR) and Virtual Reality (VR) have already positioned themselves as strong research disciplines. However, being part of the same Reality-Virtuality continuum, as presented by Paul Milgram, it is possible to envision (i) a smooth transition between systems using different degrees of virtuality or (ii) collaboration between users using different systems with different degrees of virtuality. We refer to these types of systems as cross-reality (XR) systems, which can better fulfil different modalities for a given task or context of use, and potentially enable rich applications in training, education, remote assistance, or emergency response compared to individual closed systems. This workshop will bring together researchers and practitioners that are interested in XR to identify current issues and future directions of research while the long-term goal is to create a strong interdisciplinary research community and foster future development of the discipline and collaborations.
Proceedings of the 6th ACM International Symposium on Pervasive Displays, 2017
As public displays continue to deliver increasingly private and personalized content, there is a ... more As public displays continue to deliver increasingly private and personalized content, there is a need to ensure that only the legitimate users can access private information in sensitive contexts. While public displays can adopt similar authentication concepts like those used on public terminals (e.g., ATMs), authentication in public is subject to a number of risks. Namely, adversaries can uncover a user's password through (1) shoulder surfing, (2) thermal attacks, or (3) smudge attacks. To address this problem we propose GTmoPass, an authentication architecture that enables Multi-factor user authentication on public displays. The first factor is a knowledge-factor: we employ a shoulder-surfing resilient multimodal scheme that combines gaze and touch input for password entry. The second factor is a possession-factor: users utilize their personal mobile devices, on which they enter the password. Credentials are securely transmitted to a server via Bluetooth beacons. We describe the implementation of GTmoPass and report on an evaluation of its usability and security, which shows that although authentication using GTmoPass is slightly slower than traditional methods, it protects against the three aforementioned threats.
Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, 2020
Figure 1. We explore whether field studies on public displays can be conducted in virtual reality... more Figure 1. We explore whether field studies on public displays can be conducted in virtual reality. In two user studies we compare user behavior between a real public space (left) and a virtual public space (middle). For one study, we developed a gesture-controlled display for both environments (right).
This paper contributes an in-depth understanding of privacy concerns and perceptions of Arab user... more This paper contributes an in-depth understanding of privacy concerns and perceptions of Arab users. We report on the first comparison of privacy perceptions among 1) users from high socioeconomic groups in Arab countries (HSA), 2) users from medium to low socioeconomic groups in Arab countries (LSA), and 3) as a baseline, users from high socioeconomic groups in Germany (HSG). Our work is motivated by the fact that most research in privacy focused on Western, Educated, Industrialized, Rich, and Democratic (WEIRD) societies. This excludes a segment of the population whose cultural norms and socioeconomic status influence privacy perception and needs. We report on multiple novel findings and unexpected similarities and differences across the user groups. For example, shoulder surfing is more common across LSA and HSG, and defamation is a major threat in LSA. We discuss the implications of our findings on the design of privacy protection measures for investigated groups.
Figure 1: We investigate the impact of an avatar's fidelity on a bystander's performance when ide... more Figure 1: We investigate the impact of an avatar's fidelity on a bystander's performance when identifying the avatar's touch, mid-air, and eye gaze gestures. We had an abstract avatar (➋) and two more realistic avatars (➌, ➍), which are provided by Microsoft Research [24] and modified based on our investigation. We use touch, mid-air, and eye gaze gestures performed by a human in the real world (➊) as our baseline.
Proceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia, 2018
Users often need to authenticate at situated displays in order to, for example, make purchases, a... more Users often need to authenticate at situated displays in order to, for example, make purchases, access sensitive information, or confirm an identity. However, the exposure of interactions in public spaces introduces a large attack surface (e.g., observation, smudge or thermal attacks). A plethora of authentication models and input modalities that aim at disguising users' input has been presented in the past. However, a comprehensive analysis on the requirements for secure and usable authentication on public displays is still missing. This work presents 13 design consideration suitable to inform practitioners and researchers during the development process of authentication systems for situated displays in public spaces. It draws on a comprehensive analysis of prior literature and subsequent discussion with five experts in the field of pervasive displays, human-computer-interaction and usable security.
Technology-Augmented Perception and Cognition, 2021
In this chapter we present a privacy and security framework for designers of technologies that au... more In this chapter we present a privacy and security framework for designers of technologies that augment humans' cognitive and perceptive capabilities. The framework consists of several groups of questions, meant to guide designers during the different stages of the design process. The objective of our work is to support the need for considering implications of novel technologies with regard to privacy and security early in the design process rather than post-hoc. The framework is based on a thorough review of the technologies presented earlier on in this book as well as of prior research in the field of technology augmentation. From this review we derived several themes that are not only valuable pointers for future work but also serve as a basis for the subsequent framework. We point out the need to focus on the following aspects: data handling, awareness, user consent, and the design of the user interface. OpenSim is an open-source platform for hosting virtual worlds. It was used for many years by Second Life and forms the basis of the US Military MOSES project.
ACM Transactions on Computer-Human Interaction, 2021
There is a growing need for usable and secure authentication in immersive virtual reality (VR). E... more There is a growing need for usable and secure authentication in immersive virtual reality (VR). Established concepts (e.g., 2D authentication schemes) are vulnerable to observation attacks, and most alternatives are relatively slow. We present RubikAuth, an authentication scheme for VR where users authenticate quickly and secure by selecting digits from a virtual 3D cube that leverages coordinated 3D manipulation and pointing. We report on results from three studies comparing how pointing using eye gaze, head pose, and controller tapping impact RubikAuth’s usability, memorability, and observation resistance under three realistic threat models. We found that entering a four-symbol RubikAuth password is fast: 1.69–3.5 s using controller tapping, 2.35–4.68 s using head pose and 2.39 –4.92 s using eye gaze, and highly resilient to observations: 96–99.55% of observation attacks were unsuccessful. RubikAuth also has a large theoretical password space: 45 n for an n -symbols password. Our ...
Uploads
Papers by Mohamed Khamis