Title: Physicalizing Security and Privacy: Exploring Physically Intuitive Design to Build Users Trust in Using Ubiquitous Sensors

Date: Monday, June 26, 2023

Time: 1:00 PM - 4:00 PM ET

Location (in-person):  Coda 1215

Location (remote):  click here to join via Zoom 

 

Youngwook Do

Ph.D. Candidate in Computer Science

School of Interactive Computing

Georgia Institute of Technology

 

Committee:

Dr. Gregory D. Abowd (co-advisor), College of Engineering, Northeastern University, USA and School of Interactive Computing, Georgia Institute of Technology, USA 

Dr. Sauvik Das (co-advisor), Human-Computer Interaction Institute, Carnegie Mellon University, USA and School of Interactive Computing, Georgia Institute of Technology, USA

Dr. Hyunjoo Oh, School of Interactive Computing & School of Industrial Design, Georgia Institute of Technology, USA 

Dr. Thad Starner, School of Interactive Computing, Georgia Institute of Technology, USA

Dr. Jason I. Hong, Human-Computer Interaction Institute, Carnegie Mellon University, USA

 

Abstract:

End-users often experience difficulties in using security and privacy (S&P) operations of sensor-enabled devices in everyday environments. Specifically, the S&P operations are running inside the devices and are not apparent to end-users. For example, it is challenging to discern with certainty if a laptop webcam could be activated without turning on its associated LED indicator, if a smart speaker microphone could record the users’ conversation unwittingly, and if a malicious actor surreptitiously carries an RFID reader around to covertly access data stored in a user’s passive RFID tags. Moreover, manufacturers assert that end-users’ data is not unwittingly collected. However, the users came across contradictory evidence. This results in creating a gulf between how S&P operations actually work and how end-users perceive they work and this gulf erodes end-users’ trust in using such sensor-enabled devices.

 

In my research, I aim to narrow this gulf by leveraging tangible and physical operations that allow end-users to physically perceive and intuitively understand their S&P actions, which, in turn, helps address S&P concerns against, and improve trust in, sensor-enabled devices. However, S&P concerns with different sensor-enabled devices are required to be managed differently. As a metaphor, people could close their doors and perceptibly guarantee that no one can see inside their room. However, closing the door may not completely prevent the sound of private conversations from going outside the room as sound could propagate through.

 

In my defense, I present a series of projects and demonstrate how to approach such challenges according to various sensing system types. First, I present Smart Webcam Cover, an intelligent physical barrier for a laptop webcam, and discuss design components that establish trust in using the laptop webcam. Second, I showcase Powering for Privacy and explain how to design a physical S&P operation to address privacy concerns with a smart speaker microphone that cannot be completely blocked by a physical barrier. Lastly, I introduce On-demand RFID, a new passive RFID design that allows end-users to perceptibly assure the RFID’s readability against unauthorized access attempts. The design implications I found from the projects will contribute to solution designs to address S&P concerns with various sensor-enabled devices situated in a variety of contexts.