Concept of Using Eye Tracking Technology to Assess and Ensure Cybersecurity, Functional Safety and Usability

Concept of Using Eye Tracking Technology to Assess and Ensure Cybersecurity, Functional Safety and Usability

Oleksandr Gordieiev Vyacheslav Kharchenko Oleg IlliashenkoOlga Morozova Magomediemin Gasanov 

Banking University, 1, Andriivska str, Kiev 04070, Ukraine

National Aerospace University “KhAI”, 17, Chkalov str., Kharkiv 61070, Ukraine

National Technical University “Kharkiv Polytechnic Institute”, 2, Kyrpychova str., Kharkiv 61002, Ukraine

Corresponding Author Email: 
o.illiashenko@khai.edu
Page: 
361-367
|
DOI: 
https://doi.org/10.18280/ijsse.110409
Received: 
16 February 2021
|
Revised: 
10 July 2021
|
Accepted: 
23 July 2021
|
Available online: 
31 August 2021
| Citation

© 2021 IIETA. This article is published by IIETA and is licensed under the CC BY 4.0 license (http://creativecommons.org/licenses/by/4.0/).

OPEN ACCESS

Abstract: 

Eye tracking technology is based on tracking the trajectory of human eye movement. As a rule, it is implemented in the form of an additional device attached under the monitor or in the form of glasses. On the basis of a mathematical model, the focus of a person's attention is calculated and, accordingly, the user's visual route is built. Eye tracking technology is used to solve various problems, e.g. for marketing research, assessing the quality of user interfaces, developing simulators for operators, etc. The article discusses the concept of using eye tracking technology to assess and ensure cyber security, functional safety and usability. The possibility of using eye tracking technology (ETT) to solve the problem of identifying a person's personality is considered separately. The solution is achieved by reproducing a certain trajectory by a person's vision. This technique can be used as a basic or additional technique for identifying a person's personality. It also analyzes the results of using eye tracking to study the interface of an automated information system for operator support based on algorithms for symptom-oriented emergency instructions (ASOEI), which is used at nuclear power plants (NPP).

Keywords: 

eye tracking, cybersecurity, safety, usability, nuclear power plant, user identification

1. Introduction

The well-known eye tracking technology, which is based on the approach of human eye movement analysis [1-5], on the one hand, can be used to ensure cybersecurity (as a user identification tool) and on the other for assessing cybersecurity, functional safety and usability (as an assessment tool).

The eye tracking technology gained such versatility due to the fact that the user, firstly, receives most of the information through the eyes, and secondly, the user's vision in the overwhelming majority of cases is used to ensure and evaluate cybersecurity, functional safety and usability.

Most of the works consider the use of eye tracking technology to assess the usability of interfaces [6], in some articles the authors use eye tracking as a tool for marketing research [7], and others [8]. In addition, a number of papers have recently been published that consider the possibility and propose approaches for assessing and ensuring the required level of information security using this technology [9-11]. The variety of applications for eye tracking technology in existing works is not systematically considered. In this regard, the purpose of the article is the concept of using eye tracking technology in the tasks of assessing and ensuring cyber security, functional safety and usability.

 A methodology of research is based on experience with interfaces using eye tracking tool and analysis of connections between attributes of safety, security and usability taken into account an approach described in previous works [12, 13].

Structure of the paper is the following. Section 2 describes main conceptions and principles of application of eye tracking technology. Sections 3,4 discuss application of eye tracking technology to improve usability, safety and security. Case study to assess interface quality for NPP Instrumentation and Control System application is analysed in section 5. Section 6 summarizes recommendations on application of ETT to improve safety and security and discusses future research directions.

2. The Principles of an Eye Tracking Technology Application

2.1 Definitions

First of all, let’s specify the necessary definitions considering [1, 3-6]. Without these definitions, the understanding the principles of eye tracking technology and its application will be more difficult:

  • researcher - a participant in the research process who is engaged in planning and conducting research;
  • respondent - a user who takes part in the study of human-computer interaction;
  • user attention - selective focus of perception on a particular object;
  • attention - a special state of consciousness, due to which the subject directs and focuses cognitive processes for a more complete and clear reflection of reality. Attention is associated with all sensory and intellectual processes. This connection is most noticeable in sensations and perceptions;
  • sensor attention - attention that occurs when objects act on the senses;
  • visual attention - the process of consciously or unconsciously focusing on a part of the received visual information by moving the eyes from one place of the visual field to another;
  • upward attention - attention based on the respondent's desire to see something;
  • downward attention - attention that is stimulated by various factors (for example, a change in color or movement of an object);
  • area of interest (AOI) - a limited area (perimeter of a rectangle, circle, oval, etc.) of the object of interest (e.g. a website page) for which the eye tracking metrics will be calculated. This area could be a navigation bar, software, a paragraph of text, a product on a shelf, a billboard, or an airport sign;
  • stimulus - an object-observation that influences the respondent of the research, “stimulating” him to make one or another decision. For example, a request to perform some action on a web page;
  • saccades - fast, strictly coordinated eye movements occurring simultaneously and in one direction. Saccades take no more than 10% of the total time of eye movements, and 90% of the time the eyes are held at the fixation points. During saccades, the brain suppresses perception, so the person is not aware of the shift of the eyes from point to point;
  • fixation - a motionless state of the eyes, during which objects are recognized;
  • scenario of the study - a step-by-step algorithm for performing custom tasks assigned to the respondent, based on the goals of the project;
  • eye tracking - the process of determining the coordinates of the gaze, i.e. the point of intersection of the optical axis of the eyeball and the plane of the observed object or screen, which depicts some visual stimulus;
  • eye tracker - a device that supports the process of determining the orientation of the optical axis of the eyeball in space, that is, for eye tracking;
  • focus of attention - the part of an object or image (2-5 degrees) that falls on the eye fovea, and thus looks much sharper (clearer) and more colorful than images and objects that go beyond the fovea;
  • heatmap - graphical representation of data in which areas of the respondent's high attention (for example, the most visited areas of a web page) are displayed using color;
  • an opacity map - graphical representation of data similar to a negative heatmap image. On this map the areas where the respondents did not fix their eyes are darkened, only the areas that attracted the respondents' attention remain not darkened;
  • moderator, researcher - participant in the research process who is engaged in planning and conducting research. Its main task is to create testing conditions so that the respondent feels comfortable when interacting with the interface, i.e. as he used to do it in real life;
  • field of vision - the space perceived by the eye with a fixed gaze. The visual field is a function of the peripheral parts of the retina; his condition is largely determined by the ability of a person to navigate freely in space. It is 90 degrees to the left and 90 degrees to the right, and 90 degrees vertically;
  • gaze plot - a type of visualization of eye tracking data, which is a map showing the location, order, and time spent by a respondent in response to a stimulus, such as a web page, printed ad or video. The sequence of points of view is indicated by numbers. The time taken to look is expressed as the duration of fixation, the diameter of the fixation circles is shown, the longer you look, the larger the diameter of the circle;
  • research scenario - a step-by-step research plan developed in advance by the researcher.

The eye tracking process implies the presence of the eye tracker itself, the presence of the respondent and the researcher. The respondent, in accordance with a pre-developed scenario, performs actions at the computer, and the eye tracker records the movement of his eyes.

To do this, the eye tracker illuminates the respondent's eyes with infrared light, and then records the reflection of the infrared light from the respondent's retina.

This procedure allows the eye tracker to find the center of the respondent's pupil, as well as analyze the reflection of infrared light from the cornea.

Let's dwell on the structure of the human eye. The respondent's eye includes the retina, pupil and cornea (Figure 1):

  • the retina is a light-sensitive tissue in the back of the eye, which is illuminated by the eye tracker;
  • pupil allows infrared light to penetrate through it onto the retina of the eye, and after being reflected from it, again through the pupil, to get to the light-sensitive cameras of the eye tracker;
  • cornea - the transparent front of the eye.

Figure 1. General algorithm for justifying monitoring system composition and use planning

2.2 Principles

If you look at the respondent's eyes, one can see the reflection of light from the cornea in each of his eyes. If he holds his head still and looks to the left, right, up and down, the reflection moves, this is done by the pupil.

The ratio between the center of the pupil and the reflection of light changes in this case (Figure 2) [1].

Figure 2. Changing the relative position of the pupil and light reflection

It turns out that the point to which the respondent's gaze is directed can be determined from the position of the center of the pupil relative to the reflection of the cornea.

If the person moves his head looking at the same place, the relationship between the center of the pupil and the reflection of the cornea remains unchanged (Figure 3) [1]. Even if the person is moving, the eye tracker will determine that the person is looking at the same point.

Modern commercial eye trackers have two main components. The first is a light source close to infrared, and creates a reflection in the human eye (Figure 4). The second component is a video camera, which is sensitive to infrared light (Figure 4).

The camera focuses on the subject's eyes and records the reflection. Then, using software that supports the work of an eye tracker, the gaze position is calculated and superimposed on an object, for example, a web page.

Figure 3. The location of the pupil and corneal reflection does not change

The eye tracker uses a wavelength that is invisible to people, and therefore does not distract their attention, but is reflected by the eye. The infrared light source is not harmful to humans.

The respondent's eyes cover the field of view of about 180 degrees horizontally - this is the range of visual information (90 degrees to the left and 90 degrees to the right) and 90 degrees vertically (Figure 4).

Figure 4. Visual information range 180 degrees and focus (2 degrees)

Each time the respondent's eyes are open, the image of what he sees is projected onto the retina. The cells in the retina convert this image into signals, which are then transmitted to the brain.

The cells responsible for visual acuity are concentrated in the center of the retina called the fovea (Figure 1). When the respondent looks at an object, his image falls on the eye fovea, and thus it looks much sharper (clearer) and more colorful than images and objects that go beyond the fovea.

The area of the fovea is quite small - it covers only two degrees of the entire range of visual information (Figure 4). Very often, such proportions are compared to the size of a miniature at arm's length. Even if the respondent is usually not aware of it, the image becomes blurred just outside the fovea in an area called the focal point (2 degrees) (Figure 4) and even more blurry at the periphery (Figure 5).

Therefore, eye movements are necessary to keep things in focus. This is an important information-filtering substitution mechanism of a person, which helps to unload his brain. Otherwise, if the focus of attention occupied all 180 degrees, the human brain would be overloaded with information.

Figure 5. The real focus of the operator on the human-machine interface of the NPP control system

Figure 5 illustrates the real focus of the operator's attention on the man-machine interface of the NPP control system. The image in focus is always clear, and the farther from the focusing point, the less clear objects are. Figure 6 depicts an imaginary focus of attention due to eye movement and the work of the operator's brain, when the impression of clarity of the entire range of visual information is created.

The respondent's eyes move from place to place several times per second (on average, three to four times). Such fast movements are called saccades. They are the fastest movements produced by the outer parts of the human body. To prevent clouding, human vision is almost completely suppressed during saccades.

Figure 6. Imaginary focus of the operator's attention on the human-machine interface of the NPP control system

Visual information is perceived only when the eyes are relatively motionless and focused on an object (Figure 6) [14], i.e. the fixation is take place. It lasts from one tenth to half a second, after which the eyes move again (through saccades) to the next part of the field of view. Thus, human vision is in constant motion, from the current fixation of vision through the saccade to a new fixation.

3. Application of Eye Tracking for Security, Usability Assurance and Control

We consider the possible tasks applying eye tracking technology in the fields of cybersecurity, safety, usability and control (Figure 7).

Figure 7. Taxonomy of additional application tasks for eye tracking technology

All tasks can be divided into areas of assessment, assurance and control. Let’s look more detailed and give examples for each direction:

1.1         Assessment.

1.1.1     Cybersecurity (across usability). Eye tracking technology can be used for human-machine interfaces usability assessment of security control software.

1.1.2     Safety (across usability). Eye tracking technology can be used for human-machine interfaces usability assessment of, for example, driver and car.

1.1.3     Usability. Eye tracking technology can be used for software usability assessment in general.

1.2         Assurance.

1.2.1     Cybersecurity. Eye tracking technology can be used for analysis of retina to control access to the systems. Also, such technologies can be used for the graphical key, for example, for mobile phones.

1.2.2     Safety. Here eye tracking technology can be used for tracking driver's eyes and in case if driver falls asleep can wake him up by special signal.

1.2.3     Usability. Eye tracking can be used for evaluation the usability of interfaces of software in general.

1.3         Control.

1.3.1     User interfaces. The eye tracking technology assists people with disabilities to manage software interfaces and enter the information using the view, i. e., with the help of movement and concentration of their gaze.

A separate area for research is a relatively new area that has been crystallized and is located at the junction of the two areas (properties) usability and cybersecurity. This area is called the usable cybersecurity or usability of security [3]. Such combinations of characteristics are based on their competition. Depending on the task, usability or cybersecurity can prevail on each other. The formulation of goals for information systems with such a combination of areas can be interpreted as follows: achieving the maximum level of usability with a sufficient level of cybersecurity, or vice versa. It should also be noted that in the National Institute of Standards and Technologies includes special unit Usability of Cybersecurity Team [4].

Here are some examples and describe in more detail usable cybersecurity. Usability and cybersecurity complement one another. A well-designed system needs to make it easy for the user to do the right thing, hard to do the wrong thing, and easy to recover when the wrong things happen anyway. Another term for this is «user-centered security».

However, accomplishing this is easier said than done. Passwords provide an example of the challenges involved in creating usable cybersecurity measures. From a usability perspective, passwords should be easy to remember, changed infrequently, and reusable across multiple systems. From a security perspective, passwords should be long and random, changed on a regular basis, and not reused across multiple systems.

In general, the best way to ensure usability in a system is to test it with real users prior to full implementation. In other respects, however, testing for and implementing usability in any kind of system is not always straightforward.

There are three factors that make it challenging to design systems for usability:

1. Cybersecurity usability is a multidisciplinary field that involves experts from domains such as computer science, cognitive psychology, HCI, and (of course) cybersecurity. Since experts from these domains use different terminology and practices, it can be difficult for them to coordinate with each other.

2. As a relatively young field, cybersecurity usability has little empirical data from which to develop usability best practices (although this is changing).

3. Usability is very context-specific and influenced by a number of factors, such as the nature of the user population, organizational culture, and the specifications of the organization’s systems and cybersecurity measures themselves.

4. ETT Application for User Identification

For personal identification, along with long-used approaches, biometric identification technologies are widely used. These include fingerprint, face, iris, hand geometry, gait, body volume and shape, acoustic characteristics and vein patterns. (ETT) can be used as an additional tool for user identification. Let us present an example of application of eye tracking technology for user identification.

The main idea is that in order to gain access to the information system, the user must pass identification by repeating the necessary, predetermined trajectory of the visual route. For example, it can be a circle, square, rhombus or more complex trajectories (word), or complex figure (Figure 8), etc.

Figure 8. Different types of personal identification along the various paths of the visual route

It should be noted that the eye tracking technology can be used in combination with other biometric identification technologies (fingerprint, retinal scanning, etc.) as the main or as an additional one.

Usually, several techniques are used for personal identification: basic and additional.

As the main or permanent technique, any of the above can be used, and an additional one, if necessary, if the results of the main personality identification raise certain doubts.

To implement this technique of personal identification, it is necessary to determine the values of the following initial data:

  • the starting point of the focus of human attention - the beginning of the visual route;
  • direction of the visual route;
  • additional trajectories of the visual route.
5. Case Study of Application of ETT for ASOEI Interface

The eye tracking technology was applied in the study of the symptom-oriented emergency instructions (ASOEI) interface used at nuclear power plants in Ukraine [15]. It is known that the concentration of the operator's attention during the day with concentrated work with the ASOEI interface deteriorates. An aggravating factor in this case may be the poor quality of the usability of the software interface.

The purpose of the study was to determine the most attractive (interesting) areas of the ASOEI software interface for the respondent's attention. It is believed that in the first 5 seconds of focused attention, the user pays attention to the most interesting areas of the interface. The study involved 25 respondents who had not previously worked with the ASOEI software and had not seen its interface.

Figure 9. Visual routes of respondents in the study of the interface of the ASOEI software

Figure 10. Heatmaps of respondents and area of interests in the study of the ASOEI software interface

Figure 9 shows the visual route of the respondents who look at the ASOEI software interface. Quantity of colors define quantity of respondents, i.e. one color – is one respondent. Fixations are shown as points, and saccades are shown as lines connecting the points (fixations). The size of the dot is proportional to the duration of the hold.

Eye tracking does not mean interactively evaluating the entire user interface, but a limited area of the user interface, such as an image, text box, control, etc. Such an area is called an Area of Interest (AOI). One object of such areas can have several AOI1, AOI2 (Figure 10).

As a result of the study, two areas of interest (Figures 9, 10) were identified that attracted the attention of the research participants the most. It has also been found that such areas of interest are not of primary concern to the operator.

Therefore, it was suggested that each time when paying attention to the interface of the ASOEI software, the operator does not focus on the primary elements of the interface.

The experiment was complicated by the fact that the screen form is practically not filled with operational data, so the question of determining the most important interface element on which the operator should focus his attention remains open. The answer to this question is possible in the process of further research using an eye tracker.

6. Conclusions

6.1 Summarized recommendations

The use of ETT allows one to improve the quality characteristics of software interfaces, primarily usability for commercial projects. However, it is very important that this technology is useful and promising for information and information management systems with complex human-computer interaction, for which functional safety, cybersecurity, availability and so on are the key characteristics. In this article, the concept and cases of using ETT to assess and ensure cybersecurity, functional safety and usability of information systems has been proposed. Recommendations and possibilities of ETT application are the following.

1. Safety. For safety-critical systems are possible two options. The first one is assessment of HCI usability in point of reaction of operator on information related to pre- or post-accident situations (systems ASOEI for NPP descried in section 5). Second option is assessing of operator condition considering time and adequacy of reaction on any information presented by HCI concerning changing of states of controlled system. A study of the ASOEI software interface was carried out, the results of which made it possible to identify potential shortcomings in the software interfaces, which affect the decrease in operator's concentration.

2. Cybersecurity. There are two options as well as in case of safety. First on is the following. Vulnerabilities in the context of cybersecurity can be related to the user interface. For example, a certain sequence of use of controls can lead to the manifestation of such vulnerabilities. ETT allows tracking such sequences based on visual paths and left mouse button presses. In the future, the activities recorded in this way make it possible to reproduce the actions for the manifestation of the vulnerability. In other words, it is possible to analyze NSI from the point of view of detecting potential vulnerabilities or prerequisites for their existence in the system. The second option is simpler, described in section 4. In this case, ETT provides the ability to develop and use a main or additional channel for user identification, password protection for access to resources, etc.

6.2 Future research

In fact, described options allow improving other characteristics related to system dependability, in particular, availability because ETT can indirectly provide decreasing time of failure detection and recovery. Such application of ETT should be researched and assessed.

Besides, further research should be directed to the detailing of the proposed concept in terms of the application of eye tracking technology, development of metrics and tool for assessment and assurance of balanced usable, secure and safe human-machine interfaces.

It would be interesting and important to apply assurance case methodology to assess safety, security and quality as a whole in conditions of modern threats [16].

  References

[1] Bojko, A. (2013). Eye tracking the user experience: A practical guide to research. Rosenfeld Media. 457.

[2] Nielsen, J., Pernice, K. (2010). Eyetracking web usability. New Riders. 437.

[3] Bergstrom, J.R., Schall, A. (Eds.). (2014). Eye Tracking in User Experience Design. Elsevier. 362.

[4] Chamberlain, L. (2007). Eye tracking methodology; Theory and practice. Qualitative Market Research: An International Journal, 406.

[5] Holmqvist, K., Nyström, M., Andersson, R., Dewhurst, R., Jarodzka, H., Van de Weijer, J. (2011). Eye tracking: A comprehensive guide to methods and measures. OUP Oxford. 551.

[6] Arslan, O., Atik, O., Kahraman, S. (2021). Eye tracking in usability of electronic chart display and information system. The Journal of Navigation, 74(3): 594-604. https://doi.org/10.1017/ S0373463320000624.

[7] Wąsikowska, B. (2015). Barbara Wasikowska. Eye tracking w badaniach marketingowych, Studia informatica, 36: 177-192. https://doi.org/10.18276/si.2015.36-13

[8] Koc, E., Boz, H., Arslan, A. (2020). Eye tracking: evaluation, potential and limitations of field applications. In Eye Tracking in Tourism, 46-50. https://doi.org/10.1007/978-3-030-49709-5_4

[9] Shokishalov, Z.H., Wang, H. (2019). Applying eye tracking in information security. Procedia Computer Science, 150: 347-351. https://doi.org/10.1016/j.procs.2019.02.062

[10] Davis, D., Zhu, F. (2020). Understanding and improving secure coding behavior with eye tracking methodologies. In Proceedings of the 2020 ACM Southeast Conference, 2020: 107-114, https://doi.org/10.1145/3374135.3385293

[11] Shaker, S.H., Ali, E., Abdullah, I.A. (2018). Security Systems Based on Eye Movement Tracking Methods. Journal of AL-Qadisiyah for computer science and mathematics, 10(3): 70-78. https://doi.org/10.29304/jqcm.2018.10.3.439

[12] Gordieiev, O., Kharchenko, V., Leontiiev, K. (2018). Usability, security and safety interaction: profile and metrics based analysis. In International Conference on Dependability and Complex Systems, 761: 238-247. https://doi.org/10.1007/978-3-319-91446-6_23

[13] Gordieiev, O., Kharchenko, V.S., Vereshchak, K. (2017). Usable security versus secure usability: An assessment of attributes interaction. In ICTERI, 1844: 727-740. 

[14] I & C Energo a. s. – Stable supplier of maintenance for Czech nuclear power plants. https://www.ic-energo.com/news.

[15] Yastrebenetsky, M. (2014). Nuclear power plant instrumentation and control systems for safety and security. IGI Global. USA, 2020, 502.

[16] Лисенко, С.М., Харченко, В.С., Бобровнікова, К.Ю., Щука, Р.В. (2020). Computer systems resilience in the presence of cyber threats: Taxonomy and ontology. Radioelectronic and Computer Systems, 1(93): 17-28. https://doi.org/10.32620/reks.2020.1.02