A PIN-Entry Method Resilient Against Shoulder Surfing, CCS, 04
The authors propose two variants of a cognitive trapdoor game to defend against shoulder surfing attack on PIN entry. First variant, defends against human observer and is based on the premise that human short term memory is limited. For each digit of the PIN, the user has to play several rounds. During each round, the 10 digits (0-9) on the PIN pad are divided into two groups and shown in two colors: black and white. Depending on white or black, to which group the current PIN digit belongs, the user clicks one of two buttons. The verifier, e.g. the ATM machine, knows which digit the user has input by taking intersection of the rounds. There were two sub-variants: immediate oracle choice and delayed oracle choice.
The second variant, to some extent, defends against video recording of the entire PIN entry process, recording of multiple sessions can still reveal the PIN. In this variant, the intersection of the rounds does not reveal a unique digit.
In comparison to traditional 4-digit PIN entry, it takes about 10 times longer to log in using these methods. Lab-based user studies show that perceived security was higher, but usability of the methods were rated lower in comparison to the traditional PIN entry method. The proposed methods also caused more fatigue. The users seem to accept the oracle methods despite their being slow and strenuous, may be, they would not accept it so well in real life where the PIN entry is a secondary task.
The authors claim that even if the attacker uses pen and pencil, he cannot determine the PIN in the first variant. However, the black (or white) digits form convenient cluster and the attacker can quickly record the pattern of the cluster on the paper. Latter he will have enough information to figure out the correct PIN.
Citation (ACM Ref): Volker Roth, Kai Richter, and Rene Freidinger. 2004. A PIN-entry method resilient against shoulder surfing. In Proceedings of the 11th ACM conference on Computer and communications security (CCS '04). ACM, New York, NY, USA, 236-245. DOI=10.1145/1030083.1030116 http://doi.acm.org/10.1145/1030083.1030116
The second variant, to some extent, defends against video recording of the entire PIN entry process, recording of multiple sessions can still reveal the PIN. In this variant, the intersection of the rounds does not reveal a unique digit.
In comparison to traditional 4-digit PIN entry, it takes about 10 times longer to log in using these methods. Lab-based user studies show that perceived security was higher, but usability of the methods were rated lower in comparison to the traditional PIN entry method. The proposed methods also caused more fatigue. The users seem to accept the oracle methods despite their being slow and strenuous, may be, they would not accept it so well in real life where the PIN entry is a secondary task.
The authors claim that even if the attacker uses pen and pencil, he cannot determine the PIN in the first variant. However, the black (or white) digits form convenient cluster and the attacker can quickly record the pattern of the cluster on the paper. Latter he will have enough information to figure out the correct PIN.
Citation (ACM Ref): Volker Roth, Kai Richter, and Rene Freidinger. 2004. A PIN-entry method resilient against shoulder surfing. In Proceedings of the 11th ACM conference on Computer and communications security (CCS '04). ACM, New York, NY, USA, 236-245. DOI=10.1145/1030083.1030116 http://doi.acm.org/10.1145/1030083.1030116
Undercover: Authentication Usable in Front of Prying Eyes, CHI, 08
The basic assumption is multi-sensory processing (dissociation and recombination of different sensory inputs) capability of humans is good. A prototype bank-terminal was built requiring 4-digit PIN-level security (probability of 1 in 10,000). The user's PIN consists of 5 images (called user's portfolio) of his choosing. In order to input his PIN, the user is presented with a series of 7 screens. Each screen consists of 5 images, 0 or 1 of which is from the user's portfolio. A trackball capable of 5 distinct movements (roll up, right, down, left and vibration) remains under the user's palm. For each screen the trackball makes one of the 5 possible movements and the user then responds by pushing one of the 5 buttons. Say, the third image from the left belongs to user's portfolio, then the user should have pushed the third button from the left, but here, the trackball's movement acts like a random key with which the user xor's the "right" answer and inputs the result, like a one-time pad. The attacker fails to see the trackball's movement and thus has no idea which one among the presented 5 images belong to user's portfolio.
C(7, 5) * 4^5 is larger than 10^4, that is why the method needs 7 screens. More images per screen would have reduced the number of screens (equivalently number of user interactions) but that would have complicated the instrument and also the user's cognitive load would be higher. The authors performed usability and security analysis based on a lab study with 38 participants (4 students and the rest government employee). The login median login time is 32 seconds, 15 participants suggested that login time should be below 15 seconds. Overall failure rate is 26%. Younger users are faster and more accurate. The authors noted that comparison of a novel system with the traditional PIN entry is difficult due to the extended experience the users have with the PIN system.
There were two video cameras in the room. Many users failed to cover the trackball. Some points to the map, some moves their hands to better feel the trackball's movement, and some talk out loud. All these leak information. 9 out of the 38 users leaked information in some way. Some of the users saw the experiment as an exam and probably behaved unrealistically.
The bank-terminal could be a fake and the whole process would then fail. Very high quality sound capture, e.g., with a prabolic microphone may leak information due to variation in the instrument's (motor's) noise. All legacy deployments have to be modified significantly. Interestingly, the paper is devoid of any statistical test. Social engineering attacks might be possible due to the user's self-selection of portfolio images.
Citation (ACM Ref): Hirokazu Sasamoto, Nicolas Christin, and Eiji Hayashi. 2008. Undercover: authentication usable in front of prying eyes. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08). ACM, New York, NY, USA, 183-192. DOI=10.1145/1357054.1357085 http://doi.acm.org/10.1145/1357054.1357085
C(7, 5) * 4^5 is larger than 10^4, that is why the method needs 7 screens. More images per screen would have reduced the number of screens (equivalently number of user interactions) but that would have complicated the instrument and also the user's cognitive load would be higher. The authors performed usability and security analysis based on a lab study with 38 participants (4 students and the rest government employee). The login median login time is 32 seconds, 15 participants suggested that login time should be below 15 seconds. Overall failure rate is 26%. Younger users are faster and more accurate. The authors noted that comparison of a novel system with the traditional PIN entry is difficult due to the extended experience the users have with the PIN system.
There were two video cameras in the room. Many users failed to cover the trackball. Some points to the map, some moves their hands to better feel the trackball's movement, and some talk out loud. All these leak information. 9 out of the 38 users leaked information in some way. Some of the users saw the experiment as an exam and probably behaved unrealistically.
The bank-terminal could be a fake and the whole process would then fail. Very high quality sound capture, e.g., with a prabolic microphone may leak information due to variation in the instrument's (motor's) noise. All legacy deployments have to be modified significantly. Interestingly, the paper is devoid of any statistical test. Social engineering attacks might be possible due to the user's self-selection of portfolio images.
Citation (ACM Ref): Hirokazu Sasamoto, Nicolas Christin, and Eiji Hayashi. 2008. Undercover: authentication usable in front of prying eyes. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08). ACM, New York, NY, USA, 183-192. DOI=10.1145/1357054.1357085 http://doi.acm.org/10.1145/1357054.1357085
VibraPass - Secure Authentication Based on Shared Lies, CHI, 09
The authors propose to add noise to the entered PIN or password to combat observation attacks. The noise here is "lies" communicated over Bluetooth to the user as vibrations of his mobile phone (in pocket). For example, if user's PIN is 9362 and the lie sequence is <0, 1, 0, 0>, the user may enter 9[5]62 where 5 is the "lied" digit.
A user study with 24 participants (average age 23 yrs, 8 females) reveals that error rates increase with higher lie overhead and longer password. Interaction time increases with higher lie overhead and longer password.
To simulate attack two video camera and two microphones were employed and the study was performed in a quite environment. Out of 749 successful authentication sessions, 100% with a lie overhead of 0% could be broken and with lie overhead of 30%, 50%, or 100%, only 32.5% could be broken. Two main causes of successful attacks were: audible vibrations due to keys in the users' pockets and "bad lies". Bad lies include repeated pressing of the same key, confused waiting before pressing, and using characters as PINs. Lie overhead of 30% seems to be a good trade-off between security and usability, having error rates and interaction time close to those of PIN/password.
High quality sound recording, intersection attack from observation of multiple sessions (authors argue that compromised ATMs are replaced very quickly and thus multiple sessions are unlikely to be observed), compromised Bluetooth module, and timing attacks based on non-uniform user behavior (like "Breaking Undercover") could degrade security of VibraPass. From usability standpoint, the user may not have a pocket to hide the phone and he may fail to perceive a vibration.
Citation (ACM Ref): Alexander De Luca, Emanuel von Zezschwitz, and Heinrich Hußmann. 2009. Vibrapass: secure authentication based on shared lies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '09). ACM, New York, NY, USA, 913-916. DOI=10.1145/1518701.1518840 http://doi.acm.org/10.1145/1518701.1518840
A user study with 24 participants (average age 23 yrs, 8 females) reveals that error rates increase with higher lie overhead and longer password. Interaction time increases with higher lie overhead and longer password.
To simulate attack two video camera and two microphones were employed and the study was performed in a quite environment. Out of 749 successful authentication sessions, 100% with a lie overhead of 0% could be broken and with lie overhead of 30%, 50%, or 100%, only 32.5% could be broken. Two main causes of successful attacks were: audible vibrations due to keys in the users' pockets and "bad lies". Bad lies include repeated pressing of the same key, confused waiting before pressing, and using characters as PINs. Lie overhead of 30% seems to be a good trade-off between security and usability, having error rates and interaction time close to those of PIN/password.
High quality sound recording, intersection attack from observation of multiple sessions (authors argue that compromised ATMs are replaced very quickly and thus multiple sessions are unlikely to be observed), compromised Bluetooth module, and timing attacks based on non-uniform user behavior (like "Breaking Undercover") could degrade security of VibraPass. From usability standpoint, the user may not have a pocket to hide the phone and he may fail to perceive a vibration.
Citation (ACM Ref): Alexander De Luca, Emanuel von Zezschwitz, and Heinrich Hußmann. 2009. Vibrapass: secure authentication based on shared lies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '09). ACM, New York, NY, USA, 913-916. DOI=10.1145/1518701.1518840 http://doi.acm.org/10.1145/1518701.1518840
The Secure Haptic Keypad: A Tactile Password System, CHI, 10
The keypad has three buttons, each can vibrate with 1 Hz, 2 Hz, and continuously. These three kinds of vibration are called tactons. User's PIN is a sequence of tactons, e.g., <2, cont., 1>. The system assigns randomized tactons to the three buttons and the user needs to push the button with the correct tacton. Two modes called normal and hybrid were tested. The normal mode with 6 digits was found to perform better with a median authentication time of 22.2 seconds. However it has a small PIN space of 3^6 = 729. User study was conducted with 12 participants having mean age of 29.
Security hinges on the assumption that the observer will not be able to infer which button has which tacton, but high quality sound recording may render the assumption incorrect.
Citation (ACM Ref): Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2010. The secure haptic keypad: a tactile password system. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1089-1092. DOI=10.1145/1753326.1753488 http://doi.acm.org/10.1145/1753326.1753488
Security hinges on the assumption that the observer will not be able to infer which button has which tacton, but high quality sound recording may render the assumption incorrect.
Citation (ACM Ref): Andrea Bianchi, Ian Oakley, and Dong Soo Kwon. 2010. The secure haptic keypad: a tactile password system. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1089-1092. DOI=10.1145/1753326.1753488 http://doi.acm.org/10.1145/1753326.1753488
Multi-Touch Authentication on Tabletops, CHI, 10
A number of authentication schemes suitable for tabletops have been explored. Tabletops pose a unique problem for authentication because many people (e.g., friends) can be around the table and thus PIN or password entry is inherently vulnerable to observation attack. ShieldPIN allows user to use his one hand to create a crescent shaped shield and the other hand then inputs the PIN on a soft PIN-pad. The shield may not cover all directions and thus some people around the table may see the entered PIN. SlotPIN has 10 rows and 4 columns of digits. Except for the first column, the user can rotate the column like a wheel so that one of the 10 rows contains his PIN. As there are 9 other rows, the observer does not know which row is the PIN. This one is vulnerable to intersection attack where the attacker gather information from multiple sessions and the row that remains constant over all sessions must be the PIN. CuePIN is a mixure of the previous two, the user make a shield with his one hand and a letter between A and J appears inside his shield. Then the user rotates the column to put the current PIN digit in the letter's row. He has to do that for each digit of his PIN. As one letter is much easier to shield than an entire PIN-pad, this one is harder to break. But still it leaks information and an intersection attack over multiple sessions can break it. Color-Rings is similar to Convex Hull Click. The user has some circles. He has to place the circle so that his portfolio image is inside that circle. As there are multiple circles and there are multiple images per circle, an attacker cannot know the PIN from a single session, but intersection attack is still viable.
PressureGrid is an enhancement to the PassFaces system where the user does not directly clicks on his portfolio image, but he chooses the x and the y coordinate of the image in a grid of images (3 x 3) with his two hands. Now he uses three fingers per hand and which finger is actually selecting a coordinate of the image depends on the pressure applied by a finger. Hopefully the observer does not see the pressure difference across the fingers and he does not know which image was selected. Average duration of a login is 10.8 seconds.
Citation (ACM Ref): David Kim, Paul Dunphy, Pam Briggs, Jonathan Hook, John W. Nicholson, James Nicholson, and Patrick Olivier. 2010. Multi-touch authentication on tabletops. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1093-1102. DOI=10.1145/1753326.1753489 http://doi.acm.org/10.1145/1753326.1753489
PressureGrid is an enhancement to the PassFaces system where the user does not directly clicks on his portfolio image, but he chooses the x and the y coordinate of the image in a grid of images (3 x 3) with his two hands. Now he uses three fingers per hand and which finger is actually selecting a coordinate of the image depends on the pressure applied by a finger. Hopefully the observer does not see the pressure difference across the fingers and he does not know which image was selected. Average duration of a login is 10.8 seconds.
Citation (ACM Ref): David Kim, Paul Dunphy, Pam Briggs, Jonathan Hook, John W. Nicholson, James Nicholson, and Patrick Olivier. 2010. Multi-touch authentication on tabletops. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1093-1102. DOI=10.1145/1753326.1753489 http://doi.acm.org/10.1145/1753326.1753489
ColorPIN - Securing PIN Entry through Indirect Input, CHI, 10
The idea is to defend against observation attacks on PIN input at ATM terminals while keeping time to login comparable to standard PIN method. You need to interact with 4 screens to input 4 digits of your ColorPIN. Each screen contains 9 digits arranged in a 3x3 grid and each digit has 3 letters in 3 different colors just below it. On a screen there are 9 letters in total which means a letter occurs at 3 random positions on the screen having distinct colors. In addition to the PIN, you need to remember a color sequence, which means your ColorPIN = PIN + Color sequence. To enter a digit, you choose a letter below the digit having the right color (which you remembered).
The space of ColorPIN is 3^4/27^4 = 9^4. If an attacker records the keypad entries only, he does not know your PIN. On the other hand, if he records both screen as well as the keypad, he may perform an intersection attack. If the attacker knew your PIN is your birth year and if he could see one entry process, he still has 81 choices, which makes ColorPIN more robust. But the cognitive load can be high because the user has to look at the screen and find out the appropriate letter and input that on the keypad. The legacy ATM deployments have to change.
A user study (lab based) was performed with 24 volunteers (18 males) having average age of 28 yrs. Average login time was 13.33 seconds, which decreased to 3.5 seconds after 4 authentication sessions implying that with experience the user could enter his ColorPIN quickly. Error rate was not significantly high. Only 2 out of 38 ColorPIN sessions were compromised by single session observing which is significantly better than regular PIN. In those two cases, the user actually pointed to the digit on the screen with his other hand so that he can input the correct letter on the keypad.
Citation (ACM Ref): Alexander De Luca, Katja Hertzschuch, and Heinrich Hussmann. 2010. ColorPIN: securing PIN entry through indirect input. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1103-1106. DOI=10.1145/1753326.1753490 http://doi.acm.org/10.1145/1753326.1753490
The space of ColorPIN is 3^4/27^4 = 9^4. If an attacker records the keypad entries only, he does not know your PIN. On the other hand, if he records both screen as well as the keypad, he may perform an intersection attack. If the attacker knew your PIN is your birth year and if he could see one entry process, he still has 81 choices, which makes ColorPIN more robust. But the cognitive load can be high because the user has to look at the screen and find out the appropriate letter and input that on the keypad. The legacy ATM deployments have to change.
A user study (lab based) was performed with 24 volunteers (18 males) having average age of 28 yrs. Average login time was 13.33 seconds, which decreased to 3.5 seconds after 4 authentication sessions implying that with experience the user could enter his ColorPIN quickly. Error rate was not significantly high. Only 2 out of 38 ColorPIN sessions were compromised by single session observing which is significantly better than regular PIN. In those two cases, the user actually pointed to the digit on the screen with his other hand so that he can input the correct letter on the keypad.
Citation (ACM Ref): Alexander De Luca, Katja Hertzschuch, and Heinrich Hussmann. 2010. ColorPIN: securing PIN entry through indirect input. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1103-1106. DOI=10.1145/1753326.1753490 http://doi.acm.org/10.1145/1753326.1753490
GesturePIN: Using Discrete Gestures for Associating Mobile Devices, MHCI, 10
An easy-to-use device association (pairing with many devices) scheme has been proposed. 10 simple and distinct gestures correspond to 10 PIN digits. You perform four gestures and your phone translates them into four digits and you share the generated PIN with the people with whom you want to associate your devices. The peers enter your PIN in their devices to complete the pairings.
The GeturePIN took 9.53 seconds on an average and it was significantly more error-prone than the regular PIN. It is easy to see and perform the gestures and find out the PIN and thus an attacker can pair his device to yours.
Citation (ACM Ref): Ming Ki Chong, Gary Marsden, and Hans Gellersen. 2010. GesturePIN: using discrete gestures for associating mobile devices. In Proceedings of the 12th international conference on Human computer interaction with mobile devices and services (MobileHCI '10). ACM, New York, NY, USA, 261-264. DOI=10.1145/1851600.1851644 http://doi.acm.org/10.1145/1851600.1851644
The GeturePIN took 9.53 seconds on an average and it was significantly more error-prone than the regular PIN. It is easy to see and perform the gestures and find out the PIN and thus an attacker can pair his device to yours.
Citation (ACM Ref): Ming Ki Chong, Gary Marsden, and Hans Gellersen. 2010. GesturePIN: using discrete gestures for associating mobile devices. In Proceedings of the 12th international conference on Human computer interaction with mobile devices and services (MobileHCI '10). ACM, New York, NY, USA, 261-264. DOI=10.1145/1851600.1851644 http://doi.acm.org/10.1145/1851600.1851644
Breaking Undercover: Exploiting Design Flaws and Nonuniform Human Behavior, SOUPS, 11
Two attacks on Undercover are reported, analyzed, and evaluated. First attack utilizes nonuniform human behavior. The button layout corresponding to "Upward rotation" of the trackball was <1, 2, 3, 4, 5> which allowed the user to respond quickly, as they do not have to mentally account for a rotation in the layout. This time difference in response was exploited successfully. The authors proposed to modify the layouts so that each of them requires the same amount of mental effort for the user to respond. They also found out that if the 5 pass-images have already been shown and there remains another or two screens to show, the user knows by that time that the remaining screens will not have a pass-image and thus responds more quickly. They modified the system so that the last screen always had a pass-image in it. The modified system has a lower entropy but still it is higher than 4-digit PIN. The second was an intersection attack. Each public challenge (each screen) in Undercover contains at most one pass-image. From the attacker's point of view, if more than two images in a candidate 5-image password appears on a screen he can immediately discard the password as invalid, reducing the effective password space.
Citation (ACM Ref): Toni Perković, Shujun Li, Asma Mumtaz, Syed Ali Khayam, Yousra Javed, and Mario Čagalj. 2011. Breaking undercover: exploiting design flaws and nonuniform human behavior. InProceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS '11). ACM, New York, NY, USA, , Article 5 , 15 pages. DOI=10.1145/2078827.2078834 http://doi.acm.org/10.1145/2078827.2078834
Citation (ACM Ref): Toni Perković, Shujun Li, Asma Mumtaz, Syed Ali Khayam, Yousra Javed, and Mario Čagalj. 2011. Breaking undercover: exploiting design flaws and nonuniform human behavior. InProceedings of the Seventh Symposium on Usable Privacy and Security (SOUPS '11). ACM, New York, NY, USA, , Article 5 , 15 pages. DOI=10.1145/2078827.2078834 http://doi.acm.org/10.1145/2078827.2078834
PassChords: Secure Multi-Touch Authentication for Blind People, ASSETS, 12
For blind people, a smartphone PIN entry method utilizing multi-touch enabled screen has been proposed to defend against aural and visual attacks. The user places his four fingers on the screen to mark reference points. Then he touch with one or more fingers to enter one digit. The PassChords algorithm uses Maximum Likelihood to determine which fingers touched the screen. No audio or video feedback is provided, only vibration feedback is given after referencing. Proprioception removes need for further feedbacks.
Theoretical entropy of PassChords is 4*lg(15) = 15.6 bits, because any combination of four fingers can be touching the screen. Effective entropy is lower because some finger combinations are more likely than others due to the physiology of the hand, e.g., simultaneously tapping the middle and pinky fingers is more difficult than tapping the index finger.
A user study with 16 legally blind, smartphone using user with average age of 51 years was conducted. The mean authentication time for PassChords was 2.67 seconds whereas VoiceOverPIN tool 7.52 seconds on an average. Index finger was most frequent (66.5%) and the most common length was 3 taps. Empirical first-order entropy was 12.6 bits for PassChords and was 12.7 bits for VoiceOverPIN.
PassChords may be vulnerable to shoulder-surfing attack on finger movements.
Citation (ACM Ref): Shiri Azenkot, Kyle Rector, Richard Ladner, and Jacob Wobbrock. 2012. PassChords: secure multi-touch authentication for blind people. In Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility (ASSETS '12). ACM, New York, NY, USA, 159-166. DOI=10.1145/2384916.2384945 http://doi.acm.org/10.1145/2384916.2384945
Theoretical entropy of PassChords is 4*lg(15) = 15.6 bits, because any combination of four fingers can be touching the screen. Effective entropy is lower because some finger combinations are more likely than others due to the physiology of the hand, e.g., simultaneously tapping the middle and pinky fingers is more difficult than tapping the index finger.
A user study with 16 legally blind, smartphone using user with average age of 51 years was conducted. The mean authentication time for PassChords was 2.67 seconds whereas VoiceOverPIN tool 7.52 seconds on an average. Index finger was most frequent (66.5%) and the most common length was 3 taps. Empirical first-order entropy was 12.6 bits for PassChords and was 12.7 bits for VoiceOverPIN.
PassChords may be vulnerable to shoulder-surfing attack on finger movements.
Citation (ACM Ref): Shiri Azenkot, Kyle Rector, Richard Ladner, and Jacob Wobbrock. 2012. PassChords: secure multi-touch authentication for blind people. In Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility (ASSETS '12). ACM, New York, NY, USA, 159-166. DOI=10.1145/2384916.2384945 http://doi.acm.org/10.1145/2384916.2384945
Force Code: A New Interaction Technique Using Tangential Force Input, MHCI, 12
The user of a smartphone put his finger on the screen and without moving the finger pushes in one of four directions: up, down, left, and right to enter one digit of his passcode. If there are 4 digits in his passcode, the passcode space is 4^4 = 256 which is lot less than the regular PIN. This motivation is to defend against observation attack.
Tekscan Flexiforce Model A201 was used as a sensing unit. A user study with six participants revealed that the users would like to use less force and more directions, e.g., diagonal.
Citation (ACM Ref): Hyunjoeng Lee, Bhoram Lee, and Joonah Park. 2012. Force code: a new interaction technique using tangential force input. In Proceedings of the 14th international conference on Human-computer interaction with mobile devices and services companion (MobileHCI '12). ACM, New York, NY, USA, 77-82. DOI=10.1145/2371664.2371680 http://doi.acm.org/10.1145/2371664.2371680
Tekscan Flexiforce Model A201 was used as a sensing unit. A user study with six participants revealed that the users would like to use less force and more directions, e.g., diagonal.
Citation (ACM Ref): Hyunjoeng Lee, Bhoram Lee, and Joonah Park. 2012. Force code: a new interaction technique using tangential force input. In Proceedings of the 14th international conference on Human-computer interaction with mobile devices and services companion (MobileHCI '12). ACM, New York, NY, USA, 77-82. DOI=10.1145/2371664.2371680 http://doi.acm.org/10.1145/2371664.2371680