Farzand, Habiba (2025) Understanding shoulder surfing and informing the design of protection mechanisms. PhD thesis, University of Glasgow.
Full text available as:![[thumbnail of 2025FarzandPhD.pdf]](https://theses.gla.ac.uk/style/images/fileicons/other.png) |
PDF
Download (9MB) |
Abstract
Shoulder surfing, the act of looking at the screen of someone’s device without their consent, is a ubiquitous threat when accessing information on personal devices like smartphones. With the rapid increase in the use of smartphones, the threat of shoulder surfing is also increasing. This thesis first contributes a systematic literature analysis that focuses on the resources required for targeted attacks against mobile devices and finds that shoulder surfing, which belongs to the novice attacks category, is one of the most accessible attacks. This is because it requires no sophisticated setup. An attacker must only be near a user to observe the device’s screen. Considering the ease of execution of shoulder surfing, we investigated shoulder surfing more in-depth through two studies, which are this thesis’s second and third contributions. First, we conducted a one-month diary study to understand how shoulder surfing happens in the real world. We found that shoulder surfing can happen anywhere, anytime, without the users realising it. Further, our results showed that content such as text and photos are shoulder surfed more frequently than authentication credentials. Second, to examine the impact and importance of addressing shoulder surfing, we conducted an online survey asking participants how it impacted their social lives, perceptions of privacy, and interactions with their mobile devices. We discovered that shoulder surfing is a deep concern among users, affecting their perception of privacy. It was seen as the gateway to threats like identity or device theft. Based on the empirical discoveries around how shoulder surfing happens and impacts users’ privacy perceptions, the fourth contribution of this thesis looks into uncovering a user-centred approach to designing protection mechanisms. For this, we designed and validated a scientific instrument, the Out-of-Device Privacy Scale (ODPS), to measure users’ privacy regarding threats in the physical world. ODPS fills the gap between protection mechanisms and users’ perceptions of privacy. The fifth contribution presents an exploratory study to explore correlations between personal attributes such as ODPS and user preferences for privacy mechanisms extracted from the literature. The results proved that user preferences for protection mechanisms highly correlate with ODPS. Overall, the results help understand the relationship between a user’s perception of privacy against device-external threats and the design of protection mechanisms. We conclude by discussing design recommendations to assist in developing novel protection mechanisms. Based on a series of empirical investigations, this thesis presents a user-tailored privacy investigation of shoulder surfing and informs the design of protection mechanisms.
| Item Type: | Thesis (PhD) |
|---|---|
| Qualification Level: | Doctoral |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Colleges/Schools: | College of Science and Engineering > School of Computing Science |
| Supervisor's Name: | Khamis, Dr. Mohamed, Marky, Professor Karola and Brewster, Professor Stephen |
| Date of Award: | 2025 |
| Depositing User: | Theses Team |
| Unique ID: | glathesis:2025-85064 |
| Copyright: | Copyright of this thesis is held by the author. |
| Date Deposited: | 24 Apr 2025 10:45 |
| Last Modified: | 24 Apr 2025 11:05 |
| Thesis DOI: | 10.5525/gla.thesis.85064 |
| URI: | https://theses.gla.ac.uk/id/eprint/85064 |
| Related URLs: |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year
Tools
Tools
