Usable secure interfaces for mobile devices

The aim of this thesis is to address and contribute to the research evidence on what it means to implement usable security interfaces in mobile devices given their increasing importance in our daily lives. We focused on user interfaces for authentication while incorporating HCI principles to develop and explore design and usability issues. We have done so by directly observing and reporting on our three different works, with special attention given to the user practices that create security lapses and usability drawbacks. The novelty of this research is the confirmation of the integral relationship across our three works showing that understanding and exploiting inherent human-factors such as memorability, tactile attributes, kinesiology and other inherent properties for human computer interface (HCI) designs improves security, usability and acceptance. One of our tasks is re-conceptualizing mobile device interfaces to make them both secure and usable. Our research indicates that interfaces that combine tactile and behavioural human characteristics into their basic design paradigm are more usable, and systems based on core graphical tokens with mnemonic properties result in higher memorability and familiarity values, while error recovery is strongly influenced by system design. Therefore system interfaces that can accommodate other familiar compound activities by users greatly reduce errors. One of our works proposes a new graphical authentication prototype interface to evaluate our research questions empirically. Our findings indicated that our first work, SemanticLock, had superior performance on key metrics such as password entry speed, memorability, encumbrance, user acceptance, usability, and likeability when compared with the PATTERN and PIN authentication techniques. Secondly, we explored the acceptable levels of complexity an interface could have in order to be secure and yet still usable by shifting the focus of our second work to the popular virtual reality device (VR) ecosystem. This work involved immersing participants in a virtual reality environment where they created passwords on virtual reality versions of popular mobile device authentication systems with different virtual reality interaction methods. The virtual reality system allowed us to evaluate the interface and interaction challenges by providing numerous heterogeneous interaction methods. We explored the outcome of porting the popular PATTERN authentication system into the virtual reality environment. We used the mobile device version of PATTERN as a control and the report indicates that PATTERN in VR is moderately fast, functionally usable and highly resistant to shoulder-surfing. For our third work, we examined various technological impediments that make it difficult to develop secure interfaces and proposed alternatives such as transparent interfaces that rely solely on the user's biometric signatures. We explored this challenge with a virtual reality (VR) based prototype based on kinesiology, effectively capturing the biometric movement of the participants in VR, and collecting the discerning identifying factors from each person via machine-learning assisted processes. We evaluated large datasets of head, eyes and hand movements using machine learning to create a continuous transparent biometric authentication system. We attained a classification accuracy of 99.7% and determined that kinesiologically replicating a valid participant with false-positive data is extremely difficult, thus making this system highly secure and usable. Our three major works conceptually explore the significant effects of user interactions on the effective security of their mobile devices. In our first study we determined various baselines in HCI that were used across the other works. The second work examined the practical effect of different interaction modes, while the third work explored using the interactions itself as a resultant effect of security. The compounding relevance among the works is the user.