Abstract
In this paper, we study the concept of security zones as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. From a user point of view, they represent different contexts of use for the device, e.g., to distinguish between gaming (private context), payment transactions (secure context), and company-related email (enterprise context). We propose multiple visualization methods for conveying the current security zone information to the user, and interaction methods for switching between zones. Based on an online and a laboratory user study, we evaluated these concepts from a usability point of view. One important result is that in the tension field between security and usability, additional hardware can support the user’s awareness toward their zone context.
Similar content being viewed by others
Notes
By the end of 2013, the number of mobile-connected devices is expected to exceed the number of people on earth [9].
http://www.telekom.com/media/enterprise-solutions/200664, last visited 09/09/2013.
References
Adams FM, Osgood CE (1973) A cross-cultural study of the affective meanings of color. Cross-Cultural Psychol 135–156. doi:10.1177/002202217300400201. http://jcc.sagepub.com/content/4/2/135.abstract
Albrechtsen E (2007) A qualitative study of users’ view on information security. Comput Secur 276–289. doi:10.1016/j.cose.2006.11.004. http://www.sciencedirect.com/science/article/pii/S0167404806002033
Becher M, Freiling F, Hoffmann J, Holz T, Uellenbeck S, Wolf C (2011) Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: IEEE symposium on security and privacy, pp 96–111. doi:10.1109/SP.2011.29
Blickenstorfer CH (1995) Graffiti: Wow!. Pen Comput Mag 1:30–31
Bornstein MH (1973) Color vision and color naming: a psychophysiological hypothesis of cultural difference. Psychol Bull 257–285. http://www.biomedsearch.com/nih/Color-vision-color-naming-psychophysiological/4742311.html
Bragdon A, Nelson E, Li Y, Hinckley K (2011) Experimental analysis of touch-screen gesture designs in mobile environments. In: Proceedings of the CHI. ACM, pp 403–412. doi:10.1145/1978942.1979000
Brakensiek J, Dröge A, Botteck M, Härtig H, Lackorzynski A (2008) Virtualization as an enabler for security in mobile devices. In: Proceedings of the IIES. ACM, pp 17–22. doi:10.1145/1435458.1435462
Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi AR, Shastry B (2011) Practical and lightweight domain isolation on android. In: Proceedings of the SPSM’11. ACM, pp 51–62. doi:10.1145/2046614.2046624
Cisco (2013) Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2012–2017. Tech. rep
Davi L, Dmitrienko A, Sadeghi AR, Winandy M (2011) Privilege escalation attacks on android. In: Proceedings of the ICS. Springer, pp 346–360. http://dl.acm.org/citation.cfm?id=1949317.1949356
De Luca A, von Zezschwitz E, Nguyen NDH, Maurer ME, Rubegni E, Scipioni MP, Langheinrich M (2013) Back-of-device authentication on smartphones. In: Proceedings of the CHI. ACM, pp 2389–2398. doi:10.1145/2470654.2481330
Dhamija R, Tygar JD (2005) The battle against phishing: dynamic security skins. In: Proceedings of the SOUPS. ACM, pp 77–88. doi:10.1145/1073001.1073009
Egners A, Marschollek B, Meyer U (2012) Hackers in your pocket: a survey of smartphone security across platforms. Tech. rep. http://itsec.rwth-aachen.de/publications/ae_hacker_in_your_pocket.pdf
Egners A, Meyer U, Marschollek B (2012) Messing with android’s permission model. In: Proceedings of the TrustCom. IEEE. 2012, pp 505–514. doi:10.1109/TrustCom.203
Felt AP, Ha E, Egelman S, Haney A, Chin E, Wagner D (2012) Android permissions: user attention, comprehension, and behavior. In: Proceedings of the SOUPS. ACM, pp 3:1–3:14. doi:10.1145/2335356.2335360
Feske N, Helmuth C (2005) A nitpicker’s guide to a minimal-complexity secure GUI. In: Proceedings of the ACSAC, pp 85–94
Höbarth S, Mayrhofer RA (2011) Framework for on-device privilege escalation exploit execution on android. In: Proceedings of the IWSSI/SPMU, pp 1–6
Huang DL, Rau PL, Salvendy G (2007) A survey of factors influencing people’s perception of information security. In: Human–computer interaction: applications and services, LNCS. Springer, pp 906–915. doi:10.1007/978-3-540-73111-5_100
Hwang JY, Suh SB, Heo SK, Park CJ, Ryu JM, Park SY (2008) Xen on arm: system virtualization using xen hypervisor for ARM-based secure mobile phones. In: Proceedings of the CCNC. IEEE, pp 257–261. doi:10.1109/ccnc08.2007.64
Karlson AK, Brush AB, Schechter S (2009) Can I borrow your phone?: Understanding concerns when sharing mobile phones. In: Proceedings of the CHI. ACM, pp 1647–1650. doi:10.1145/1518701.1518953
Kranz M, Murmann L, Michahelles F (2013) Research in the large: challenges for large-scale mobile application research—a case study about NFC adoption using gamification via an App store. IJMHCI 5(1), 45–61. doi:10.4018/jmhci.2013010103. http://www.igi-global.com/article/research-large-challenges-large-scale/76334
Lettner F, Holzmann C (2012) Automated and unsupervised user interaction logging as basis for usability evaluation of mobile applications. In: Proceedings of the MOMM. ACM, pp 118–127. doi:10.1145/2428955.2428983
Luo XR, Brody R, Seazzu AF, Burd SD (2011) Social engineering: the neglected human factor for information security management. IRMJ 24(3):1–8. doi:10.4018/irmj.2011070101
Maurer ME, De Luca A, Stockinger T (2011) Shining chrome: using web browser personas to enhance SSL certificate visualization. In: Proceedings of the INTERACT, LNCS. Springer, pp 44–51. doi:10.1007/978-3-642-23768-3_4
Mayrhofer R (2013) When users cannot verify digital signatures: on the difficulties of securing mobile devices. In: Proceedings of the TSP. IEEE
Möller A, Michahelles F, Diewald S, Roalter L, Kranz M (2012) Update behavior in app markets and security implications: a case study in google play. In: Poppinga B (ed) Proceedings of the 3rd international workshop on research in the large. Held in Conjunction with Mobile HCI, pp 3–6
Polla ML, Martinelli F, Sgandurra D (2013) A survey on security for mobile devices. IEEE Communications Surveys & Tutorials, pp 446–471. doi:10.1109/SURV.2012.013012.00028
Riedl P, Koller P, Mayrhofer R, Möller A, Koelle M, Kranz M (2013) Visualizations and switching mechanisms for security zones. In: Proceedings of international conference on advances in mobile computing & multimedia, MoMM ’13, pp 278:278–278:281. ACM, New York. doi:10.1145/2536853.2536948
Segall MH, Campbell DT, Herskovits MJ (1966) The influence of culture on visual perception. Bobbs-Merrill, New York
Seifert J, De Luca A, Conradi B, Hussmann H (2010) TreasurePhone: context-sensitive user data protection on mobile phones. In: Proceeding of the pervasive, LNCS. Springer, pp 130–137. doi:10.1007/978-3-642-12654-3_8
Stajano F (2006) One user, many hats; and, sometimes, no hat: towards a secure yet usable PDA. In: Proceedings of the SP. Springer, pp 51–64. doi:10.1007/11861386_6
Stoll J, Tashman CS, Edwards WK, Spafford K (2008) Sesame: informing user security decisions with system visualization. In: Proceedings of the CHI. ACM, pp 1045–1054. doi:10.1145/1357054.1357217
Wald G, Brown PK (1965) Human color vision and color blindness. In: Symposium on quantitative biology, vol 30, Cold Spring Harbor, pp 345–361
Wolf K, McGee-Lennon MR, Brewster SA (2012) A study of on-device gestures. In: Proceedings of the mobile HCI (Companion), pp 11–16. doi:10.1145/2371664.2371669
Acknowledgments
Part of this work has been carried out within the scope of u’smile, the Josef Ressel Center for User-Friendly Secure Mobile Environments. We gratefully acknowledge funding and support by the Christian Doppler Gesellschaft, A1 Telekom Austria AG, Drei-Banken-EDV GmbH, LG Nexera Business Solutions AG, and NXP Semiconductors Austria GmbH. Part of this work has been carried out within the project “AUToMAte – Automatic Usability Testing of Mobile Applications” funded by the Austrian Research Promotion Agency (FFG) under Contract Number 839094.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Riedl, P., Mayrhofer, R., Möller, A. et al. Only play in your comfort zone: interaction methods for improving security awareness on mobile devices. Pers Ubiquit Comput 19, 941–954 (2015). https://doi.org/10.1007/s00779-015-0840-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-015-0840-5