000000352 001__ 352
000000352 005__ 20220926131307.0
000000352 037__ $$aLERSSE-THESIS-2022-003
000000352 100__ $$aMasoud Mehrabi Koushki
000000352 245__ $$aToward understanding and improving the user experience with smartphone physical security
000000352 260__ $$c2022-09-26
000000352 300__ $$amult. p
000000352 520__ $$aThe incumbent physical security system on smartphones is known to dissatisfy users. It comprises explicit authentication (e.g., passcode), which imposes high time and cognitive overhead, and all-or-nothing authorization, which limits flexibility. Consequently, an estimated 20% of users have decided to forgo physical security entirely. In response, alternative solutions have been proposed by researchers. These include implicit authentication (IA) solutions, which harnesses behavioural data for user identification, and finer-grain (e.g., app-level) authorization solutions, which are more accurate. However, several important aspects of these alternatives are understudied. Firstly, it is unclear how widely users would adopt IA, and whether they can understand its semantics well enough to avoid dangerous security errors when using it. Secondly, it is unknown how well can the proposed authorization schemes balance usability with security. These unknowns bring into question whether the alternatives can, in fact, improve the user experience (UX) or, conversely, disservice users by providing a false sense of security. This dissertation contributes insights from several studies that aim at bridging these knowledge gaps. Regarding IA, we took Smart Lock (SL)—currently the most-widely-available solution—as a case. We conducted cognitive walkthroughs, think-aloud sessions, and online surveys to understand how users perceive and understand SL. Regarding authorization, we conducted a longitudinal diary study to obtain a detailed view on users' needs and how well existing solutions meet them. Results show that SL is not widely adopted, which correlates to its perceived lack of usefulness and security. Regarding semantics, we found users often confused about IA's capabilities and the nature of the data it harnesses. To avoid these issues, we provide UX design recommendations for better communication of the value and intricacies of IA. Regarding authorization, we found app-level schemes to outperform other solutions; hence we argue for wider deployment of them. However, we also found that users' needs vary significantly based on individual preferences and the functionality being protected; hence we argue for adaptable granularity in authorization. Overall, our studies demonstrate the inadequacy of the incumbent system, show how current deployment of alternatives potentially disserves users, and provide recommendations for improved deployment in the future.
000000352 6531_ $$asmartphone security
000000352 6531_ $$aimplicit authentication
000000352 6531_ $$aaccess control
000000352 6531_ $$acognitive walkthrough
000000352 6531_ $$athink-aloud
000000352 6531_ $$asurvey
000000352 6531_ $$adiary study
000000352 6531_ $$alongitudinal study
000000352 8560_ $$flersse-it@ece.ubc.ca
000000352 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/352/files/ubc_2022_november_mehrabi_koushki_masoud.pdf
000000352 909C4 $$pMasoud Mehrabi Koushki, "Toward understanding and improving the user experience with smartphone physical security", PhD Dissertation, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, September, 2022
000000352 980__ $$aTHESIS