Title: Physicalizing Security and Privacy against Privacy-Invasive Sensors in Everyday Environments

Date: Friday, December 2, 2022

Time: 9:00 AM - 11:00 AM ET

Location (in-person):  CODA C1215

Location (remote):  click here to join via Zoom 

 

Youngwook Do

PhD Student in Computer Science

School of Interactive Computing

Georgia Institute of Technology

 

Committee:

Dr. Gregory D. Abowd (co-advisor), College of Engineering, Northeastern University, USA and School of Interactive Computing, Georgia Institute of Technology, USA 

Dr. Sauvik Das (co-advisor), Human-Computer Interaction Institute, Carnegie Mellon University, USA and School of Interactive Computing, Georgia Institute of Technology, USA

Dr. Hyunjoo Oh, School of Interactive Computing & School of Industrial Design, Georgia Institute of Technology, USA 

Dr. Thad Starner, School of Interactive Computing, Georgia Institute of Technology, USA

Dr. Jason I. Hong, Human-Computer Interaction Institute, Carnegie Mellon University, USA

 

Abstract:

 

Security and privacy (S&P) operations of sensor-enabled devices in everyday environments often fail end-users. Specifically, the S&P operations are running inside the devices and are not apparent to end-users. For example, it is unclear to discern if a laptop webcam could be activated without turning on its associated LED indicator or if a smart speaker microphone could record the users’ conversation unwittingly. Moreover, despite claims that end-users’ data is not collected without their knowledge or consent, the users found evidence to the contrary. Owing to that, this creates a discrepancy between how S&P operations actually work and how end-users think they work. Due to this discrepancy, end-users have started losing their trust in using such sensor-enabled devices.

 

In my research, I aim to narrow the discrepancy by leveraging tangible and physical operations that allow end-users to physically perceive their S&P actions, which, in turn, helps improve trust in sensor-enabled devices. However, privacy concerns with different sensor-enabled devices need to be handled differently. As a metaphor, people could close their doors and perceptibly guarantee that no one can see inside their room. However, closing the door may not completely prevent a conversation sound from going outside the room as sound could propagate through. 

 

In my thesis proposal, I present a series of case studies and demonstrate how to approach such challenges according to various sensing system types. First, I present Smart Webcam Cover (IMWUT 2021), an intelligent physical barrier for a laptop webcam, and discuss design components that establish trust in using the laptop webcam. Second, I showcase Power for Privacy (under review) and explain how to design a physical S&P operation to address privacy concerns with a smart speaker microphone that cannot be completely blocked by a physical barrier. 

 

In my proposed work, I propose how to design a solution to address S&P concerns with passive RFID tags. Passive RFID information could be collected imperceptibly and passively by RFID transceivers without end-users’ knowledge or consent. Unlike a laptop webcam and smart speaker microphone that belong to end-users, the RFID transceiver device does not belong to end-users and they cannot control the RFID transceiver. This uniquely situated sensing system needs to be addressed differently from the webcam and microphone setups. Therefore, I will discuss consideration factors to address the concerns against the passive RFID setup and evaluation plans to assess trust in the effectiveness of the proposed  S&P solution. These design implications will contribute to S&P solution designs to address privacy concerns with various sensor-enabled devices situated in a variety of contexts.