Mixed Reality presents novel challenges but also opportunities for Usable Security. In our work we are interested in three aspects:
Novel security and privacy mechanisms: Mixed Reality (MR) headsets are enabling a wide range of new opportunities for the user. For example, in the near future users may be able to visit virtual shopping malls and virtually join international conferences. These and many other scenarios pose new questions with regards to privacy and security, in particular authentication of users within the virtual environment. In our work we investigate how such mechanisms can be designed.
Mixed Reality as Research Method: Introducing security and privacy mechanisms into new settings and testing them may pose considerable challenges to researchers. For example, consider a gaze-based authentication system in a smart home where the password consists of looking at the last three used home appliances. While equipping the user and home with the required gaze and object tracking technology requires considerable effort, such a mechanism can easily be prototyped in Mixed Reality. In particular, our work focuses on how we can leverage Mixed Reality to serve as test bed for ecologically valid studies of novel security and privacy mechanisms.
Privacy Considerations: Mixed Reality headsets move sensing close to the human body. With sensors such as eye trackers as well as through telemetry data, sensitive data about the user can be collected and analyzed by different stakeholders, including app developers, platform providers and headset manufacturers. We look into privacy challenges emerging in Mixed Reality as well as how user interfaces can be built that inform users about these challenges and provide means for mitigation.
