skip to main content
10.1145/3461778.3462027acmconferencesArticle/Chapter ViewAbstractPublication PagesdisConference Proceedingsconference-collections
research-article
Public Access

Spidey Sense: Designing Wrist-Mounted Affective Haptics for Communicating Cybersecurity Warnings

Published: 28 June 2021 Publication History

Abstract

Improving end-users’ awareness of cybersecurity warnings (e.g., phishing and malware alerts) remains a longstanding problem in usable security. Prior work suggests two key weaknesses with existing warnings: they are primarily communicated via saturated communication channels (e.g., visual, auditory, and vibrotactile); and, they are communicated rationally, not viscerally. We hypothesized that wrist-based affective haptics should address both of these weaknesses in a form-factor that is practically deployable: i.e., as a replaceable wristband compatible with modern smartwatches like the Apple Watch. To that end, we designed and implemented Spidey Sense, a wristband that produces customizable squeezing sensations to alert users to urgent cybersecurity warnings. To evaluate Spidey Sense, we applied a three-phased ‘Gen-Rank-Verify’ study methodology with 48 participants. We found evidence that, relative to vibrotactile alerts, Spidey Sense was considered more appropriate for the task of alerting people to cybersecurity warnings.

Supplementary Material

Videos and supplements (p125-do-supplements.zip)

References

[1]
Anne Adams and Martina Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42, 12 (1999), 40–46.
[2]
Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). USENIX, Washington, D.C., 257–272. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/akhawe
[3]
Bonnie Brinton Anderson, C Brock Kirwan, Jeffrey L Jenkins, David Eargle, Seth Howard, and Anthony Vance. 2015. How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. 2883–2892.
[4]
Matthew A Baumann, Karon E MacLean, Thomas W Hazelton, and Ashley McKay. 2010. Emulating human attention-getting practices with wearable haptics. In 2010 IEEE Haptics Symposium. IEEE, 149–156.
[5]
Michael S Bernstein, Greg Little, Robert C Miller, Björn Hartmann, Mark S Ackerman, David R Karger, David Crowell, and Katrina Panovich. 2010. Soylent: a word processor with a crowd inside. In Proceedings of the 23nd annual ACM symposium on User interface software and technology. ACM, 313–322.
[6]
Leonardo Bonanni and Cati Vaucelle. 2006. A framework for haptic psycho-therapy. depression and anxiety 12 (2006), 24.
[7]
Cristian Bravo-Lillo, Lorrie Cranor, Julie Downs, Saranga Komanduri, Stuart Schechter, and Manya Sleeper. 2012. Operating system framed in case of mistaken identity: measuring the success of web-based spoofing attacks on OS password-entry dialogs. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 365–377.
[8]
Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor, Robert W. Reeder, Manya Sleeper, Julie Downs, and Stuart Schechter. 2013. Your Attention Please: Designing Security-decision UIs to Make Genuine Risks Harder to Ignore. In Proceedings of the Ninth Symposium on Usable Privacy and Security (Newcastle, United Kingdom) (SOUPS ’13). ACM, New York, NY, USA, Article 6, 12 pages. https://doi.org/10.1145/2501604.2501610
[9]
Jeremy D Brown, Joshua N Fernandez, Sean P Cohen, and Katherine J Kuchenbecker. 2017. A wrist-squeezing force-feedback system for robotic surgery training. In 2017 IEEE World Haptics Conference (WHC). IEEE, 107–112.
[10]
Angela Chang, Ben Resner, Brad Koerner, XingChen Wang, and Hiroshi Ishii. 2001. LumiTouch: an emotional communication device. In CHI’01 extended abstracts on Human factors in computing systems. 313–314.
[11]
Gwénaël Changeon, Delphine Graeff, Margarita Anastassova, and José Lozada. 2012. Tactile emotions: A vibrotactile tactile gamepad for transmitting emotional messages to children with autism. In International conference on human haptic sensing and touch enabled computer applications. Springer, 79–90.
[12]
Guillaume Dezecache, Julie Grèzes, and Christoph D. Dahl. 2017. The nature and distribution of affiliative behaviour during exposure to mild threat. Royal Society Open Science 4, 8 (2017), 170265. https://doi.org/10.1098/rsos.170265 arXiv:https://royalsocietypublishing.org/doi/pdf/10.1098/rsos.170265
[13]
Paul Dourish, E Grinter, Jessica Delgado De La Flor, and Melissa Joseph. 2004. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal and Ubiquitous Computing 8, 6 (2004), 391–401.
[14]
Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You’Ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Florence, Italy) (CHI ’08). ACM, New York, NY, USA, 1065–1074. https://doi.org/10.1145/1357054.1357219
[15]
Serge Egelman, Janice Y. Tsai, and Lorrie F. Cranor. 2010. Tell Me Lies: A Methodology for Scientifically Rigorous Security User Studies. In Proceedings of the Workshop on Studying Online Behavior (Atlanta, Georgia, USA) (CHI ’10 Workshop). ACM, New York, NY, USA, 4 pages.
[16]
Mohamad A Eid and Hussein Al Osman. 2015. Affective haptics: Current research and future directions. IEEE Access 4(2015), 26–40.
[17]
Seyedeh Maryam Fakhrhosseini and Myounghoon Jeon. 2017. Affect/emotion induction methods. In Emotions and Affect in Human Factors and Human-Computer Interaction. Elsevier, 235–253.
[18]
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android Permissions: User Attention, Comprehension, and Behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (Washington, D.C.) (SOUPS ’12). ACM, New York, NY, USA, Article 3, 14 pages. https://doi.org/10.1145/2335356.2335360
[19]
Jack Forman, Taylor Tabb, Youngwook Do, Meng-Han Yeh, Adrian Galvin, and Lining Yao. 2019. ModiFiber: Two-Way Morphing Soft Thread Actuators for Tangible Interaction. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 660.
[20]
William Gardner, Edward P Mulvey, and Esther C Shaw. 1995. Regression analyses of counts and rates: Poisson, overdispersed Poisson, and negative binomial models.Psychological bulletin 118, 3 (1995), 392.
[21]
Matthew J Hertenstein, Rachel Holmes, Margaret McCullough, and Dacher Keltner. 2009. The communication of emotion via touch.Emotion 9, 4 (2009), 566.
[22]
Matthew J Hertenstein, Dacher Keltner, Betsy App, Brittany A Bulleit, and Ariane R Jaskolka. 2006. Touch communicates distinct emotions.Emotion 6, 3 (2006), 528.
[23]
J. Hong. 2017. The Privacy Landscape of Pervasive Computing. IEEE Pervasive Computing 16, 3 (2017), 40–48. https://doi.org/10.1109/MPRV.2017.2940957
[24]
Da-Yuan Huang, Ruizhen Guo, Jun Gong, Jingxian Wang, John Graham, De-Nian Yang, and Xing-Dong Yang. 2017. RetroShape: Leveraging rear-surface shape displays for 2.5 D interaction on smartwatches. In Proceedings of the 30th Annual ACM Symposium on User Interface Software and Technology. 539–551.
[25]
Gijs Huisman. 2017. Social touch technology: extending the reach of social touch through haptic technology. Ph.D. Dissertation. University of Twente. https://doi.org/10.3990/1.9789036543095
[26]
Alexandra Ion, Edward Jay Wang, and Patrick Baudisch. 2015. Skin Drag Displays: Dragging a Physical Tactor Across the User’s Skin Produces a Stronger Tactile Stimulus Than Vibrotactile. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). ACM, New York, NY, USA, 2501–2504. https://doi.org/10.1145/2702123.2702459
[27]
Kinga Jurásová and Marián Špajdel. 2013. Development and assessment of film excerpts used for emotion elicitation. Activitas Nervosa Superior Rediviva 55 (01 2013), 135–140.
[28]
Irene Kotsia, Stefanos Zafeiriou, and Spiros Fotopoulos. 2013. Affective gaming: A comprehensive survey. In Proceedings of the IEEE conference on computer vision and pattern recognition workshops. 663–670.
[29]
K. Krol, M. Moroz, and M. A. Sasse. 2012. Don’t work. Can’t work? Why it’s time to rethink security warnings. In 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS). 1–8. https://doi.org/10.1109/CRISIS.2012.6378951
[30]
Kat Krol, Jonathan M. Spring, Simon Parkin, and M. Angela Sasse. 2016. Towards Robust Experimental Design for User Studies in Security and Privacy. In The LASER Workshop: Learning from Authoritative Security Experiment Results (LASER 2016). USENIX Association, San Jose, CA, 21–31. https://www.usenix.org/conference/laser2016/program/presentation/krol
[31]
B. W. Lampson. 2004. Computer security in the real world. Computer 37, 6 (June 2004), 37–46. https://doi.org/10.1109/MC.2004.17
[32]
Jaeyeon Lee and Geehyuk Lee. 2016. Designing a Non-contact Wearable Tactile Display Using Airflows. In Proceedings of the 29th Annual Symposium on User Interface Software and Technology (Tokyo, Japan) (UIST ’16). ACM, New York, NY, USA, 183–194. https://doi.org/10.1145/2984511.2984583
[33]
Sang-won Leigh and Pattie Maes. 2016. Body Integrated Programmable Joints Interface. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI ’16). ACM, New York, NY, USA, 6053–6057. https://doi.org/10.1145/2858036.2858538
[34]
Sang-won Leigh, Kush Parekh, Timothy Denton, William S. Peebles, Magnus H. Johnson, and Pattie Maes. 2017. Morphology Extension Kit: A Modular Robotic Platform for Customizable and Physically Capable Wearables. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI EA ’17). ACM, New York, NY, USA, 397–400. https://doi.org/10.1145/3027063.3052969
[35]
Nicholas Micallef, Mike Just, Lynne Baillie, and Maher Alharby. 2017. Stop Annoying Me!: An Empirical Investigation of the Usability of App Privacy Notifications. In Proceedings of the 29th Australian Conference on Computer-Human Interaction (Brisbane, Queensland, Australia) (OZCHI ’17). ACM, New York, NY, USA, 371–375. https://doi.org/10.1145/3152771.3156139
[36]
Tyler Moore. 2010. The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection 3, 3(2010), 103 – 117. https://doi.org/10.1016/j.ijcip.2010.10.002
[37]
Steven Musil. 2020. Apple still dominates growing global smartwatch sector. https://www.cnet.com/news/apple-still-dominates-growing-global-smartwatch-sector/
[38]
Daniela Napoli, Sebastian Navas Chaparro, Sonia Chiasson, and Elizabeth Stobert. [n.d.]. Something Doesn’t Feel Right: Using Thermal Warnings to Improve User Security Awareness. ([n. d.]).
[39]
Chris Nodder. 2005. Users and trust: A microsoft case study. Security and Usability(2005), 589–606.
[40]
Marianna Obrist, Sriram Subramanian, Elia Gatti, Benjamin Long, and Thomas Carter. 2015. Emotions Mediated Through Mid-Air Haptics. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). ACM, New York, NY, USA, 2053–2062. https://doi.org/10.1145/2702123.2702361
[41]
Evan Pezent, Ali Israr, Majed Samad, Shea Robinson, Priyanshu Agarwal, Hrvoje Benko, and Nick Colonnese. 2019. Tasbi: Multisensory squeeze and vibrotactile wrist haptics for augmented and virtual reality. In 2019 IEEE World Haptics Conference (WHC). IEEE, 1–6.
[42]
Henning Pohl and Kasper Hornbæk. 2018. ElectricItch: Skin Irritation As a Feedback Modality. In Proceedings of the 31st Annual ACM Symposium on User Interface Software and Technology (Berlin, Germany) (UIST ’18). ACM, New York, NY, USA, 765–778. https://doi.org/10.1145/3242587.3242647
[43]
Alireza Sahami Shirazi, Niels Henze, Tilman Dingler, Martin Pielot, Dominik Weber, and Albrecht Schmidt. 2014. Large-scale assessment of mobile notifications. In Proceedings of the SIGCHI conference on Human factors in computing systems. 3055–3064.
[44]
Bahador Saket, Chrisnawan Prasojo, Yongfeng Huang, and Shengdong Zhao. 2013. Designing an Effective Vibration-based Notification Interface for Mobile Phones. In Proceedings of the 2013 Conference on Computer Supported Cooperative Work (San Antonio, Texas, USA) (CSCW ’13). ACM, New York, NY, USA, 149–1504. https://doi.org/10.1145/2441776.2441946
[45]
Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A Design Space for Effective Privacy Notices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). USENIX Association, Ottawa, 1–17. https://www.usenix.org/conference/soups2015/proceedings/presentation/schaub
[46]
Stuart E Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. 2007. The emperor’s new security indicators. In 2007 IEEE Symposium on Security and Privacy (SP’07). IEEE, 51–65.
[47]
David Sharek, Cameron Swofford, and Michael Wogalter. 2008. Failure to recognize fake internet popup warning messages. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 52. SAGE Publications Sage CA: Los Angeles, CA, 557–560.
[48]
Sunghyun Song, Geeyoung Noh, Junwoo Yoo, Ian Oakley, Jundong Cho, and Andrea Bianchi. 2015. Hot & tight: exploring thermo and squeeze cues recognition on wrist wearables. In Proceedings of the 2015 ACM International Symposium on Wearable Computers. 39–42.
[49]
Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In USENIX security symposium. Montreal, Canada, 399–416.
[50]
Dzmitry Tsetserukou, Alena Neviarouskaya, Helmut Prendinger, Naoki Kawakami, and Susumu Tachi. 2009. Affective haptics in emotional communication. In 2009 3rd international conference on affective computing and intelligent interaction and workshops. IEEE, 1–6.
[51]
Anthony Vance, David Eargle, Jeffrey L Jenkins, C Brock Kirwan, and Bonnie Brinton Anderson. 2019. The fog of warnings: how non-essential notifications blur with security warnings. In Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019).
[52]
Wikipedia. 2021. Public key certificate — Wikipedia, The Free Encyclopedia. http://en.wikipedia.org/w/index.php?title=Public%20key%20certificate&oldid=1019769813. [Online; accessed 26-April-2021].
[53]
Graham Wilson, Harry Maxwell, and Mike Just. 2017. Everything’s Cool: Extending Security Warnings with Thermal Feedback. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems(Denver, Colorado, USA) (CHI EA ’17). ACM, New York, NY, USA, 2232–2239. https://doi.org/10.1145/3027063.3053127
[54]
Anusha Withana, Daniel Groeger, and Jürgen Steimle. 2018. Tacttoo: A Thin and Feel-Through Tattoo for On-Skin Tactile Output. In Proceedings of the 31st Annual ACM Symposium on User Interface Software and Technology (Berlin, Germany) (UIST ’18). ACM, New York, NY, USA, 365–378. https://doi.org/10.1145/3242587.3242645

Cited By

View all
  • (2024)Can a Smartwatch Move Your Fingers? Compact and Practical Electrical Muscle Stimulation in a SmartwatchProceedings of the 37th Annual ACM Symposium on User Interface Software and Technology10.1145/3654777.3676373(1-15)Online publication date: 13-Oct-2024
  • (2024)BiasBuzz: Combining Visual Guidance with Haptic Feedback to Increase Awareness of Analytic Behavior during Visual Data AnalysisExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651064(1-7)Online publication date: 11-May-2024
  • (2024)NetworkTouch: A vibrotactile check-in device for cyberattack detection and monitoring2024 IEEE Haptics Symposium (HAPTICS)10.1109/HAPTICS59260.2024.10520845(341-346)Online publication date: 7-Apr-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
DIS '21: Proceedings of the 2021 ACM Designing Interactive Systems Conference
June 2021
2082 pages
ISBN:9781450384766
DOI:10.1145/3461778
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 June 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Haptics
  2. Security Warnings.
  3. Usable Security Privacy
  4. Wearable Device

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

Conference

DIS '21
Sponsor:
DIS '21: Designing Interactive Systems Conference 2021
June 28 - July 2, 2021
Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,158 of 4,684 submissions, 25%

Upcoming Conference

DIS '25
Designing Interactive Systems Conference
July 5 - 9, 2025
Funchal , Portugal

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)318
  • Downloads (Last 6 weeks)40
Reflects downloads up to 28 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Can a Smartwatch Move Your Fingers? Compact and Practical Electrical Muscle Stimulation in a SmartwatchProceedings of the 37th Annual ACM Symposium on User Interface Software and Technology10.1145/3654777.3676373(1-15)Online publication date: 13-Oct-2024
  • (2024)BiasBuzz: Combining Visual Guidance with Haptic Feedback to Increase Awareness of Analytic Behavior during Visual Data AnalysisExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651064(1-7)Online publication date: 11-May-2024
  • (2024)NetworkTouch: A vibrotactile check-in device for cyberattack detection and monitoring2024 IEEE Haptics Symposium (HAPTICS)10.1109/HAPTICS59260.2024.10520845(341-346)Online publication date: 7-Apr-2024
  • (2023)TactorBots: A Haptic Design Toolkit for Out-of-lab Exploration of Emotional Robotic TouchProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3580799(1-19)Online publication date: 19-Apr-2023

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media