Privacy & Usable Security Human-centered Computing
Impact of Grid Size for Unlock Mechanisms on Mobile Devices
|
|
Mobile devices on the Android OS can be unlocked by “drawing” a pattern that connects a sequence of contact points arranged in a 3x3 grid. However, patterns selected for small grids are known to be guessable. We investigated whether increasing the grid size increases the security of human-generated patterns. Our findings suggest both yes and no.
|
Stroke based graphical pattern
|
Publications: ACSAC 2015, SOUPS 2015 Poster, IEEE Internet Computing 2017
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC) Students: Devon Budzitowski (USNA), Flynn Wolf (UMBC) |
H4Plock – A gestural and tactile solution to support mobile authentication
|
|
H4Plock aims to support authentication and better resist observer attacks. In order to authenticate, the user enters up to four pre-selected on-screen free-form gestures, informed by tactile prompts. The system has been designed in such a way that the sequence of gestures will vary on each authentication attempt, reducing the capability of a shoulder surfer to recreate entry.
|
Steps to authenticate using H4Plock
|
Publications: SOUPS 2015 Poster, iConference 2016
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC) Students: Abdullah Ali (UMBC) |
Brain Computer Interfaces for Authentication
|
|
Our research has examined the feasibility of Brain–Computer Interface (BCI) and gestural technologies to support the process of authentication. Unlike other input modalities, tokens detected using a BCI headset (e.g., “push,” “lift,” “excitement”), can overcome some of the security vulnerabilities associated with PIN authentication (e.g., observations from third parties). A study was conducted to compare performance against 4 digit PINs. The work was then extended to identify the benefits of these technologies for individuals who are blind.
|
Emotiv Epoc used for study
|
Publications: IJHCI 2017, ASSETS 2017
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC) Students: Charles Lechner (UMBC), Sidas Saulynas (UMBC) |
Supporting Non-Observable/Eyes-Free Authentication
|
|
When faced with the threat of observational attacks, mobile device users may attempt to mask the graphical interface to authenticate entry, to reduce the likelihood of third parties viewing and recreating the authentication sequence. A study was conducted examining the efficacy of authenticating entry using both PINs and graphical patterns when the mobile interface is outside of the line of sight of third parties and the user (termed: non-observable). A tactile aid to support assistive spatialization was also evaluated. A classification process has been conducted on gesture traces to identify strategies taken for unlocking and using tactile feedback.
|
Using interface while outside line of sight
|
Publications: SOUPS 2016 Poster, USEC 2016, ASSETS 2017, JISA 2018, USEC WIP 2018
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC) Students: Flynn Wolf (UMBC), KC Marume (UMBC) |
Developing Baseline Measurements for Shoulder Surfing Analysis
|
|
A comprehensive study of shoulder surfing was conducted based on video recordings of a victim authenticating, to better understand how attacks can be affected by different factors. Authentication type and length, observation angle, phone size and method of interaction were varied. Findings which can both help inform users to improve their security choices, as well as establish baselines for researchers.
|
Focused view shown to participants
|
Publications: ACSAC 2017, CHI 2017, ACSAC 2018
Faculty: Adam J Aviv (USNA), Ravi Kuber (UMBC) Students: John Davin (USNA), Flynn Wolf (UMBC), KC Marume (UMBC) |
Understanding User Selections of Passcodes
|
|
Studies have been undertaken to analyze the impact of collection methods and demographics, and examine the impact of alphabet and culture on graphical passcodes.
|
|
Publications: SOUPS 2016 Poster, SOUPS 2016 Workshop, USEC 2016
Faculty: Adam J Aviv (USNA) Students: Justin Maguire (USNA), Jeanne Luning Prak |
Attitudes Towards Security and Privacy
|
|
Empirical investigations have been undertaken to examine the difficulties balancing security and usability for mobile interactions. Our work has specifically examined the needs of security-conscious users, whose attitudes and usage behaviors differ to those with lower levels of security training/exposure, and examined adoption of technologies such as biometrics. Our research has also examined the ways in which user attitudes towards privacy and security relating to mobile devices and the data stored thereon may impact the strength of unlock authentication, focusing on Android’s graphical unlock patterns.
|
|
Dr. Adam J. Aviv
Associate Professor George Washington University E: aaviv@gwu.edu W: https://www.adamaviv.com |
Research interests are primarily in the area of computer and network security/cybersecurity, privacy, usable security of smartphone and tablets, and mobile authentication.
|
Areas of interest include HCI and accessibility. More specifically, examining ways to support authentication when the visual channel is blocked, restricted or overloaded.
|
|
Research interests include examining challenges associated with authentication, designing for eyes-free interactions and for heightening situational awareness.
|
|
Research interests include examining perceptions of privacy and security among different user groups.
|
UNDERGRADUATE
|
GRADUATE
|
ONR High School SEAP Interns
|
5 Incredibly Stupid Security Mistakes You Make Every Day
Published by: Gizmodo |
|
For the Love of All That Is Holy, Stop Using Pattern Unlock
Published by: Gizmodo |
|
Don't Rely On An Unlock Pattern To Secure Your Android Phone
Published by: Wired |