Personal and Ubiquitous Computing

, Volume 19, Issue 5–6, pp 941–954 | Cite as

Only play in your comfort zone: interaction methods for improving security awareness on mobile devices

  • Peter Riedl
  • Rene Mayrhofer
  • Andreas Möller
  • Matthias Kranz
  • Florian Lettner
  • Clemens Holzmann
  • Marion Koelle
Original Article

Abstract

In this paper, we study the concept of security zones as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. From a user point of view, they represent different contexts of use for the device, e.g., to distinguish between gaming (private context), payment transactions (secure context), and company-related email (enterprise context). We propose multiple visualization methods for conveying the current security zone information to the user, and interaction methods for switching between zones. Based on an online and a laboratory user study, we evaluated these concepts from a usability point of view. One important result is that in the tension field between security and usability, additional hardware can support the user’s awareness toward their zone context.

Keywords

Mobile security Security zones Sandboxing Separation Compartmentalization 

References

  1. 1.
    Adams FM, Osgood CE (1973) A cross-cultural study of the affective meanings of color. Cross-Cultural Psychol 135–156. doi:10.1177/002202217300400201. http://jcc.sagepub.com/content/4/2/135.abstract
  2. 2.
    Albrechtsen E (2007) A qualitative study of users’ view on information security. Comput Secur 276–289. doi:10.1016/j.cose.2006.11.004. http://www.sciencedirect.com/science/article/pii/S0167404806002033
  3. 3.
    Becher M, Freiling F, Hoffmann J, Holz T, Uellenbeck S, Wolf C (2011) Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: IEEE symposium on security and privacy, pp 96–111. doi:10.1109/SP.2011.29
  4. 4.
    Blickenstorfer CH (1995) Graffiti: Wow!. Pen Comput Mag 1:30–31MATHGoogle Scholar
  5. 5.
    Bornstein MH (1973) Color vision and color naming: a psychophysiological hypothesis of cultural difference. Psychol Bull 257–285. http://www.biomedsearch.com/nih/Color-vision-color-naming-psychophysiological/4742311.html
  6. 6.
    Bragdon A, Nelson E, Li Y, Hinckley K (2011) Experimental analysis of touch-screen gesture designs in mobile environments. In: Proceedings of the CHI. ACM, pp 403–412. doi:10.1145/1978942.1979000
  7. 7.
    Brakensiek J, Dröge A, Botteck M, Härtig H, Lackorzynski A (2008) Virtualization as an enabler for security in mobile devices. In: Proceedings of the IIES. ACM, pp 17–22. doi:10.1145/1435458.1435462
  8. 8.
    Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi AR, Shastry B (2011) Practical and lightweight domain isolation on android. In: Proceedings of the SPSM’11. ACM, pp 51–62. doi:10.1145/2046614.2046624
  9. 9.
    Cisco (2013) Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2012–2017. Tech. repGoogle Scholar
  10. 10.
    Davi L, Dmitrienko A, Sadeghi AR, Winandy M (2011) Privilege escalation attacks on android. In: Proceedings of the ICS. Springer, pp 346–360. http://dl.acm.org/citation.cfm?id=1949317.1949356
  11. 11.
    De Luca A, von Zezschwitz E, Nguyen NDH, Maurer ME, Rubegni E, Scipioni MP, Langheinrich M (2013) Back-of-device authentication on smartphones. In: Proceedings of the CHI. ACM, pp 2389–2398. doi:10.1145/2470654.2481330
  12. 12.
    Dhamija R, Tygar JD (2005) The battle against phishing: dynamic security skins. In: Proceedings of the SOUPS. ACM, pp 77–88. doi:10.1145/1073001.1073009
  13. 13.
    Egners A, Marschollek B, Meyer U (2012) Hackers in your pocket: a survey of smartphone security across platforms. Tech. rep. http://itsec.rwth-aachen.de/publications/ae_hacker_in_your_pocket.pdf
  14. 14.
    Egners A, Meyer U, Marschollek B (2012) Messing with android’s permission model. In: Proceedings of the TrustCom. IEEE. 2012, pp 505–514. doi:10.1109/TrustCom.203
  15. 15.
    Felt AP, Ha E, Egelman S, Haney A, Chin E, Wagner D (2012) Android permissions: user attention, comprehension, and behavior. In: Proceedings of the SOUPS. ACM, pp 3:1–3:14. doi:10.1145/2335356.2335360
  16. 16.
    Feske N, Helmuth C (2005) A nitpicker’s guide to a minimal-complexity secure GUI. In: Proceedings of the ACSAC, pp 85–94Google Scholar
  17. 17.
    Höbarth S, Mayrhofer RA (2011) Framework for on-device privilege escalation exploit execution on android. In: Proceedings of the IWSSI/SPMU, pp 1–6Google Scholar
  18. 18.
    Huang DL, Rau PL, Salvendy G (2007) A survey of factors influencing people’s perception of information security. In: Human–computer interaction: applications and services, LNCS. Springer, pp 906–915. doi:10.1007/978-3-540-73111-5_100
  19. 19.
    Hwang JY, Suh SB, Heo SK, Park CJ, Ryu JM, Park SY (2008) Xen on arm: system virtualization using xen hypervisor for ARM-based secure mobile phones. In: Proceedings of the CCNC. IEEE, pp 257–261. doi:10.1109/ccnc08.2007.64
  20. 20.
    Karlson AK, Brush AB, Schechter S (2009) Can I borrow your phone?: Understanding concerns when sharing mobile phones. In: Proceedings of the CHI. ACM, pp 1647–1650. doi:10.1145/1518701.1518953
  21. 21.
    Kranz M, Murmann L, Michahelles F (2013) Research in the large: challenges for large-scale mobile application research—a case study about NFC adoption using gamification via an App store. IJMHCI 5(1), 45–61. doi:10.4018/jmhci.2013010103. http://www.igi-global.com/article/research-large-challenges-large-scale/76334
  22. 22.
    Lettner F, Holzmann C (2012) Automated and unsupervised user interaction logging as basis for usability evaluation of mobile applications. In: Proceedings of the MOMM. ACM, pp 118–127. doi:10.1145/2428955.2428983
  23. 23.
    Luo XR, Brody R, Seazzu AF, Burd SD (2011) Social engineering: the neglected human factor for information security management. IRMJ 24(3):1–8. doi:10.4018/irmj.2011070101 Google Scholar
  24. 24.
    Maurer ME, De Luca A, Stockinger T (2011) Shining chrome: using web browser personas to enhance SSL certificate visualization. In: Proceedings of the INTERACT, LNCS. Springer, pp 44–51. doi:10.1007/978-3-642-23768-3_4
  25. 25.
    Mayrhofer R (2013) When users cannot verify digital signatures: on the difficulties of securing mobile devices. In: Proceedings of the TSP. IEEEGoogle Scholar
  26. 26.
    Möller A, Michahelles F, Diewald S, Roalter L, Kranz M (2012) Update behavior in app markets and security implications: a case study in google play. In: Poppinga B (ed) Proceedings of the 3rd international workshop on research in the large. Held in Conjunction with Mobile HCI, pp 3–6Google Scholar
  27. 27.
    Polla ML, Martinelli F, Sgandurra D (2013) A survey on security for mobile devices. IEEE Communications Surveys & Tutorials, pp 446–471. doi:10.1109/SURV.2012.013012.00028
  28. 28.
    Riedl P, Koller P, Mayrhofer R, Möller A, Koelle M, Kranz M (2013) Visualizations and switching mechanisms for security zones. In: Proceedings of international conference on advances in mobile computing & multimedia, MoMM ’13, pp 278:278–278:281. ACM, New York. doi:10.1145/2536853.2536948
  29. 29.
    Segall MH, Campbell DT, Herskovits MJ (1966) The influence of culture on visual perception. Bobbs-Merrill, New YorkGoogle Scholar
  30. 30.
    Seifert J, De Luca A, Conradi B, Hussmann H (2010) TreasurePhone: context-sensitive user data protection on mobile phones. In: Proceeding of the pervasive, LNCS. Springer, pp 130–137. doi:10.1007/978-3-642-12654-3_8
  31. 31.
    Stajano F (2006) One user, many hats; and, sometimes, no hat: towards a secure yet usable PDA. In: Proceedings of the SP. Springer, pp 51–64. doi:10.1007/11861386_6
  32. 32.
    Stoll J, Tashman CS, Edwards WK, Spafford K (2008) Sesame: informing user security decisions with system visualization. In: Proceedings of the CHI. ACM, pp 1045–1054. doi:10.1145/1357054.1357217
  33. 33.
    Wald G, Brown PK (1965) Human color vision and color blindness. In: Symposium on quantitative biology, vol 30, Cold Spring Harbor, pp 345–361Google Scholar
  34. 34.
    Wolf K, McGee-Lennon MR, Brewster SA (2012) A study of on-device gestures. In: Proceedings of the mobile HCI (Companion), pp 11–16. doi:10.1145/2371664.2371669

Copyright information

© Springer-Verlag London 2015

Authors and Affiliations

  • Peter Riedl
    • 1
  • Rene Mayrhofer
    • 2
  • Andreas Möller
    • 5
  • Matthias Kranz
    • 3
  • Florian Lettner
    • 4
  • Clemens Holzmann
    • 4
  • Marion Koelle
    • 3
  1. 1.JRC u’smileUniversity of Applied Sciences Upper AustriaHagenbergAustria
  2. 2.JRC u’smile and Institute of Networks and SecurityJohannes Kepler UniversitätLinzAustria
  3. 3.Embedded Interactive Systems LabUniversität PassauPassauGermany
  4. 4.Department of Mobile ComputingUniversity of Applied Sciences Upper AustriaHagenbergAustria
  5. 5.Metaio GmbHMunichGermany

Personalised recommendations