Skip to main content
SpringerLink
Log in

Only play in your comfort zone: interaction methods for improving security awareness on mobile devices

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

In this paper, we study the concept of security zones as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. From a user point of view, they represent different contexts of use for the device, e.g., to distinguish between gaming (private context), payment transactions (secure context), and company-related email (enterprise context). We propose multiple visualization methods for conveying the current security zone information to the user, and interaction methods for switching between zones. Based on an online and a laboratory user study, we evaluated these concepts from a usability point of view. One important result is that in the tension field between security and usability, additional hardware can support the user’s awareness toward their zone context.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. By the end of 2013, the number of mobile-connected devices is expected to exceed the number of people on earth [9].

  2. http://www.telekom.com/media/enterprise-solutions/200664, last visited 09/09/2013.

References

  1. Adams FM, Osgood CE (1973) A cross-cultural study of the affective meanings of color. Cross-Cultural Psychol 135–156. doi:10.1177/002202217300400201. http://jcc.sagepub.com/content/4/2/135.abstract

  2. Albrechtsen E (2007) A qualitative study of users’ view on information security. Comput Secur 276–289. doi:10.1016/j.cose.2006.11.004. http://www.sciencedirect.com/science/article/pii/S0167404806002033

  3. Becher M, Freiling F, Hoffmann J, Holz T, Uellenbeck S, Wolf C (2011) Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: IEEE symposium on security and privacy, pp 96–111. doi:10.1109/SP.2011.29

  4. Blickenstorfer CH (1995) Graffiti: Wow!. Pen Comput Mag 1:30–31

    MATH  Google Scholar 

  5. Bornstein MH (1973) Color vision and color naming: a psychophysiological hypothesis of cultural difference. Psychol Bull 257–285. http://www.biomedsearch.com/nih/Color-vision-color-naming-psychophysiological/4742311.html

  6. Bragdon A, Nelson E, Li Y, Hinckley K (2011) Experimental analysis of touch-screen gesture designs in mobile environments. In: Proceedings of the CHI. ACM, pp 403–412. doi:10.1145/1978942.1979000

  7. Brakensiek J, Dröge A, Botteck M, Härtig H, Lackorzynski A (2008) Virtualization as an enabler for security in mobile devices. In: Proceedings of the IIES. ACM, pp 17–22. doi:10.1145/1435458.1435462

  8. Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi AR, Shastry B (2011) Practical and lightweight domain isolation on android. In: Proceedings of the SPSM’11. ACM, pp 51–62. doi:10.1145/2046614.2046624

  9. Cisco (2013) Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2012–2017. Tech. rep

  10. Davi L, Dmitrienko A, Sadeghi AR, Winandy M (2011) Privilege escalation attacks on android. In: Proceedings of the ICS. Springer, pp 346–360. http://dl.acm.org/citation.cfm?id=1949317.1949356

  11. De Luca A, von Zezschwitz E, Nguyen NDH, Maurer ME, Rubegni E, Scipioni MP, Langheinrich M (2013) Back-of-device authentication on smartphones. In: Proceedings of the CHI. ACM, pp 2389–2398. doi:10.1145/2470654.2481330

  12. Dhamija R, Tygar JD (2005) The battle against phishing: dynamic security skins. In: Proceedings of the SOUPS. ACM, pp 77–88. doi:10.1145/1073001.1073009

  13. Egners A, Marschollek B, Meyer U (2012) Hackers in your pocket: a survey of smartphone security across platforms. Tech. rep. http://itsec.rwth-aachen.de/publications/ae_hacker_in_your_pocket.pdf

  14. Egners A, Meyer U, Marschollek B (2012) Messing with android’s permission model. In: Proceedings of the TrustCom. IEEE. 2012, pp 505–514. doi:10.1109/TrustCom.203

  15. Felt AP, Ha E, Egelman S, Haney A, Chin E, Wagner D (2012) Android permissions: user attention, comprehension, and behavior. In: Proceedings of the SOUPS. ACM, pp 3:1–3:14. doi:10.1145/2335356.2335360

  16. Feske N, Helmuth C (2005) A nitpicker’s guide to a minimal-complexity secure GUI. In: Proceedings of the ACSAC, pp 85–94

  17. Höbarth S, Mayrhofer RA (2011) Framework for on-device privilege escalation exploit execution on android. In: Proceedings of the IWSSI/SPMU, pp 1–6

  18. Huang DL, Rau PL, Salvendy G (2007) A survey of factors influencing people’s perception of information security. In: Human–computer interaction: applications and services, LNCS. Springer, pp 906–915. doi:10.1007/978-3-540-73111-5_100

  19. Hwang JY, Suh SB, Heo SK, Park CJ, Ryu JM, Park SY (2008) Xen on arm: system virtualization using xen hypervisor for ARM-based secure mobile phones. In: Proceedings of the CCNC. IEEE, pp 257–261. doi:10.1109/ccnc08.2007.64

  20. Karlson AK, Brush AB, Schechter S (2009) Can I borrow your phone?: Understanding concerns when sharing mobile phones. In: Proceedings of the CHI. ACM, pp 1647–1650. doi:10.1145/1518701.1518953

  21. Kranz M, Murmann L, Michahelles F (2013) Research in the large: challenges for large-scale mobile application research—a case study about NFC adoption using gamification via an App store. IJMHCI 5(1), 45–61. doi:10.4018/jmhci.2013010103. http://www.igi-global.com/article/research-large-challenges-large-scale/76334

  22. Lettner F, Holzmann C (2012) Automated and unsupervised user interaction logging as basis for usability evaluation of mobile applications. In: Proceedings of the MOMM. ACM, pp 118–127. doi:10.1145/2428955.2428983

  23. Luo XR, Brody R, Seazzu AF, Burd SD (2011) Social engineering: the neglected human factor for information security management. IRMJ 24(3):1–8. doi:10.4018/irmj.2011070101

    Google Scholar 

  24. Maurer ME, De Luca A, Stockinger T (2011) Shining chrome: using web browser personas to enhance SSL certificate visualization. In: Proceedings of the INTERACT, LNCS. Springer, pp 44–51. doi:10.1007/978-3-642-23768-3_4

  25. Mayrhofer R (2013) When users cannot verify digital signatures: on the difficulties of securing mobile devices. In: Proceedings of the TSP. IEEE

  26. Möller A, Michahelles F, Diewald S, Roalter L, Kranz M (2012) Update behavior in app markets and security implications: a case study in google play. In: Poppinga B (ed) Proceedings of the 3rd international workshop on research in the large. Held in Conjunction with Mobile HCI, pp 3–6

  27. Polla ML, Martinelli F, Sgandurra D (2013) A survey on security for mobile devices. IEEE Communications Surveys & Tutorials, pp 446–471. doi:10.1109/SURV.2012.013012.00028

  28. Riedl P, Koller P, Mayrhofer R, Möller A, Koelle M, Kranz M (2013) Visualizations and switching mechanisms for security zones. In: Proceedings of international conference on advances in mobile computing & multimedia, MoMM ’13, pp 278:278–278:281. ACM, New York. doi:10.1145/2536853.2536948

  29. Segall MH, Campbell DT, Herskovits MJ (1966) The influence of culture on visual perception. Bobbs-Merrill, New York

    Google Scholar 

  30. Seifert J, De Luca A, Conradi B, Hussmann H (2010) TreasurePhone: context-sensitive user data protection on mobile phones. In: Proceeding of the pervasive, LNCS. Springer, pp 130–137. doi:10.1007/978-3-642-12654-3_8

  31. Stajano F (2006) One user, many hats; and, sometimes, no hat: towards a secure yet usable PDA. In: Proceedings of the SP. Springer, pp 51–64. doi:10.1007/11861386_6

  32. Stoll J, Tashman CS, Edwards WK, Spafford K (2008) Sesame: informing user security decisions with system visualization. In: Proceedings of the CHI. ACM, pp 1045–1054. doi:10.1145/1357054.1357217

  33. Wald G, Brown PK (1965) Human color vision and color blindness. In: Symposium on quantitative biology, vol 30, Cold Spring Harbor, pp 345–361

  34. Wolf K, McGee-Lennon MR, Brewster SA (2012) A study of on-device gestures. In: Proceedings of the mobile HCI (Companion), pp 11–16. doi:10.1145/2371664.2371669

Download references

Acknowledgments

Part of this work has been carried out within the scope of u’smile, the Josef Ressel Center for User-Friendly Secure Mobile Environments. We gratefully acknowledge funding and support by the Christian Doppler Gesellschaft, A1 Telekom Austria AG, Drei-Banken-EDV GmbH, LG Nexera Business Solutions AG, and NXP Semiconductors Austria GmbH. Part of this work has been carried out within the project “AUToMAte – Automatic Usability Testing of Mobile Applications” funded by the Austrian Research Promotion Agency (FFG) under Contract Number 839094.

Author information

Authors and Affiliations

  1. JRC u’smile, University of Applied Sciences Upper Austria, Softwarepark 11, 4232, Hagenberg, Austria

    Peter Riedl

  2. JRC u’smile and Institute of Networks and Security, Johannes Kepler Universität, Altenbergerstraße 69, 4040, Linz, Austria

    Rene Mayrhofer

  3. Embedded Interactive Systems Lab, Universität Passau, Innstraße 43, 94032, Passau, Germany

    Matthias Kranz & Marion Koelle

  4. Department of Mobile Computing, University of Applied Sciences Upper Austria, Softwarepark 11, 4232, Hagenberg, Austria

    Florian Lettner & Clemens Holzmann

  5. Metaio GmbH, Hackerbrücke 6, 80335, Munich, Germany

    Andreas Möller

Authors
  1. Peter Riedl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rene Mayrhofer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Möller
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Matthias Kranz
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Florian Lettner
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Clemens Holzmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Marion Koelle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matthias Kranz.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Riedl, P., Mayrhofer, R., Möller, A. et al. Only play in your comfort zone: interaction methods for improving security awareness on mobile devices. Pers Ubiquit Comput 19, 941–954 (2015). https://doi.org/10.1007/s00779-015-0840-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-015-0840-5

Keywords

Search

Navigation