Workshop on Usable Privacy & Security for wearable and domestic ubIquitous DEvices (UPSIDE)
The UPSIDE workshop is an opportunity for researchers and practitioners
to discuss research challenges and experiences around the usable privacy and security of
wearable devices and other consumer sensors and domestic devices (e.g., home automation systems; smart appliances in the home; smart meters; domestic healthcare devices).
The workshop was held on September 14, 2014 in conjunction with the UbiComp 2014 conference in Seattle, WA, USA (41+ attendees). The workshop proceedings are available here.
PROGRAM
morning keynote
discussion
session C
9:00am
Welcome and Opening Remarks
9:15am
Keynote
Augmented Reality + Internet of Devices + Big Data: The End of Privacy?
Blair MacIntyre (Georgia Tech)
Abstract: Augmented reality, for all it's hype, is still far from the magical technology many people imagine: it will be many years before the beautiful graphical integration of virtual and physical worlds seen on televised sports is possible in an always-worn personal display. On the other hand, the Internet-of-Devices is already arriving, as everything from televisions to fitness monitors to thermostats and door locks are rapidly become networked and sending streams of information to the cloud. Individually, each bit of data is unconcerning to most people, but taken together and combined with everything else that is known about us, they reveal a shocking amount about us. This consolidation is already beginning to happen, as big companies snap up companies like Nest and Moves. But the amount of information yielded by the IoD's about our homes, lives and those we pass by during the day pales in comparison to the data that will be generated and collected by the idealized Augmented Reality systems being imagined and developed. New technical, policy and business models are needed if the addition of such systems is not to lead to the end of privacy as we know it.
Bio: Blair MacIntyre is a Professor in the School of Interactive Computing in the College of Computing at the Georgia Institute of Technology. He directs the Augmented Environments Lab, the Argon AR-Web Project, and co-directs the GT Game Studio. He has been doing Augmented Reality research since 1991, with a research focus on the design and implementation of interactive mixed-reality and augmented-reality software, games and experiences. In his work he aims to understand the potential of AR as a new medium for games, entertainment, education and work, and the software architectures needed to make AR widely available.
A-1 (20 min): When Everyone's A Cyborg: Musings on Privacy and Security in The Age of Wearable Computing
Serge Egelman (ICSI & UC Berkeley)
Abstract: While the "wearable computer" started as an experimental research prototype in the late 1960s, the recent demand for devices like Google Glass, smart watches, and wearable fitness monitors suggests that wearable computers may soon become as ubiquitous as cellphones. These devices offer many benefits to end-users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. In this talk, I will discuss how wearable computing will pose several unique challenges and opportunities for usable security researchers. The continuous capture of audio and video will be a critical enabler of many use cases, while also opening up new attack vectors and concerns about user privacy. Thus, we find ourselves at the ideal time to be experimenting on these devices: their widespread adoption is imminent, yet there is still ample opportunity for platforms to integrate research findings.
A-2 (20 min): MarkIt: Privacy Markers for Protecting Visual Secrets
Abstract: The increasing popularity of wearable devices that continuously capture video, and the prevalence of third-party applications that utilize these feeds have resulted in a new threat to privacy. In many situations, sensitive objects/regions are maliciously (or accidentally) captured in a video frame by third-party applications. However, current solutions do not allow users to specify and enforce fine grained access control over video feeds.
In this paper, we describe MarkIt, a computer vision based privacy marker framework, that allows users to specify and enforce fine grained access control over video feeds. We present two example privacy marker systems - PrivateEye and WaveOff. We conclude with a discussion of the computer vision, privacy and systems challenges in building a comprehensive system for fine grained access control over video feeds.
A-3 (20 min): Reactive Security: Responding to Visual Stimuli from Wearable Cameras
Robert Templeman, Roberto Hoyle, David Crandall, and Apu Kapadia (Indiana University)
Abstract: Consumer electronic devices like smartphones increasingly feature arrays of sensors that can `see', `hear', and `feel' the environment around them. While these devices began with primitive capabilities, newer generations of electronics offer sophisticated sensing arrays that collect high-fidelity representations of the physical world. For example, wearable cameras are becoming more prevalent with new consumer life logging products including the Narrative Clip, Autographer, and Google Glass. These wearable cameras give computing devices a persistent sense of sight, raising important concerns about protecting people's privacy. At the same time, these devices also provide opportunities for enhancing security, by allowing trusted devices to observe and react to the physical environment surrounding the user and the device.
We propose Attribute Based Access Control (ABAC) to mediate access to sensors and their data using attributes of the context and content of sensor information. Attributes extracted from sensor data could be used to trigger policy actions ranging from sharing or not sharing images based on their content or context, to invoking system changes in reaction to outside visual stimuli such as automatically shutting down network interfaces when in the presence of unknown people.
While prior work has addressed some specific actions, like preventing potentially private images from being shared based on their content, in this paper we present and advocate for a more general working definition of ABAC that applies to sensors and sensor data. We also present use cases for how this reactive security approach may help protect the privacy
and security of users.
Florian Schaub (Carnegie Mellon University), Bastian Könings, and Michael Weber (Ulm University)
Abstract: Smart devices, such as smartphones or home automation systems, are frequently equipped with sensors that can be used to gather information about users, and hence pose privacy implications. However, the context awareness provided by such sensors also offers opportunities for dynamically supporting users in their privacy decision making and privacy regulation actions. We discuss how context awareness can be operationalized to support privacy and discuss two examples of context-adaptive privacy mechanisms in ubiquitous computing environments.
Paper: This paper is not available per the authors' request.
A-5 (20 min): Courteous Glass
Jaeyeon Jung, Matthai Philipose (Microsoft)
Abstract: Small and always-on, wearable video cameras disrupt social norms that have been established for traditional hand-held video cameras, which explicitly signal when and which subjects are being recorded to people around the camera-holder. We first discuss privacy-related social cues that people employ when recording other people (as a camera-holder) or when being recorded by others (as a bystander or a subject). We then discuss how low-fidelity sensors such as far-infrared imagers can be used to capture these social cues and to control video cameras accordingly in order to respect the privacy of others. We present a few initial steps toward implementing a fully functioning wearable camera that recognizes social cues related to video privacy and generates signals that can be used by others to adjust their privacy expectations.
B-1 (20 min): To Have and Have Not: Variations on secret sharing to model user presence
Quentin Stafford-Fraser, Frank Stajano, Chris Warrington, Graeme Jenkinson, Max Spencer, and Jeunese Payne (University of Cambridge Computer Lab)
Abstract: We address the problem of locking and unlocking a device, such as a laptop, a phone or a security token, based on the absence or presence of the user, which we detect by sensing the proximity of a subset of their possessions, making the process automatic and effortless. As in previous work, a master key unlocks the device and a secret-sharing scheme allows us to reconstruct this master key in the presence of k-out-of-n items.
We extend this basic scheme in various directions, e.g. by allowing items to issue a dynamically variable number of shares based on how confident they are that the user is present. The position we argue in this paper is that a multi-dimensional approach to authentication that fuses several contextual inputs, as already adopted by major web sites, can also bring advantages at the local scale.
B-2 (20 min): Exploring the Design Space for Geo-Fenced Connected Devices and Services at Home
Geert Vanderhulst, Marc Van den Broeck, and Fahim Kawsar (Bell Labs)
Abstract: This paper offers a reflection on the design space for a geo-fenced connected device and service (GFS) - a specification enforcing that a connected device can only be used within a virtual perimeter. Many connected devices are nowadays being accessed through applications running on mobile de- vices instead of tangible controls. Whilst this ubiquitous access is highly convenient, it is also making connected de- vices more vulnerable. As such, we reintroduce location-constrained interaction, adapted to connected devices present in a modern home, and explore three design cardinals: (i) spatial granularity, (ii) roles and delegation, and (iii) access control. We report on a qualitative study that explored this design space through a prototype geo-fenced connected light- ing system. Our findings suggest that users would like to have geo-fencing for a subset of connected devices, prefer to de- fine geo-fences statically but with different granularities for different devices, and desire access control through location verification and credentials.
Benjamin Johnson (Carnegie Mellon University), Thomas Maillart, and John Chuang (University of California, Berkeley)
Abstract: Authenticating users of computer systems based on their brainwave signals is now a realistic possibility, made possible by the increasing availability of EEG (electroencephalography) sensors in wireless headsets and wearable devices. This possibility is especially interesting because brainwave-based authentication naturally meets the criteria for two-factor authentication. To pass an authentication test using brainwave signals, a user must have both an inherence factor (his or her brain) and a knowledge factor (a chosen passthought). In this study, we investigate the extent to which both factors are truly necessary. In particular, we address the question of whether an attacker may gain advantage from information about a given target's secret thoughts.
Security and Privacy for Augmented Reality Systems
Franziska Roesner (University of Washington)
Abstract: Augmented Reality (AR) technologies sense properties of the physical world and overlay computer-generated visual, audio, and haptic signals onto real-world feedback in real time. These technologies are at the cusp of significant innovation and promise to enhance our perception of and interaction with the real world. However, these technologies may also bring unforeseen computer security and privacy risks. In this talk, I explore the new security and privacy research challenges that arise with AR systems and the technologies that support them, as well as the novel opportunities created by these technologies for improving security and privacy.
Bio: Franziska (Franzi) Roesner is an assistant professor in Computer Science and Engineering at the University of Washington. She received her PhD from the University of Washington and her BS from the University of Texas at Austin. Her research focuses on security and privacy in various existing and emerging technological contexts, including the web, smartphones, and most recently, emerging augmented reality platforms.
C-1 (20 min): Augmented Reality: Hard Problems of Law and Policy
Franziska Roesner, Tamara Denning, Bryce Clayton Newell, Tadayoshi Kohno, Ryan Calo (University of Washington)
Abstract: gmented reality (AR) technologies are poised to enter the commercial mainstream. Using an interdisciplinary research team, we describe our vision of AR and explore the unique and difficult problems AR presents for law and policy--including around privacy, free speech, discrimination, and safety.
C-2 (20 min): Privacy by Design for the Internet of Things: A Policy Translation
Janice Tsai (Microsoft Research)
Abstract: In the Internet of Things, we will see a proliferation of connected devices transmitting personal data about every facet of individual life. At the same time, a growing awareness of privacy and concerns pushes regulators to create policy to regulate this data flow. I evaluate the regulations created for the Smart Grid (smart electricity meters) and provide a high level how-to of privacy design requirements.
C-3 (10 min): Discussion
4:50pm
Closing Remarks (10 min)
CALL FOR PAPERS
SCOPE & FOCUS
The workshop seeks two types of original submissions: (1) short
papers describing research outcomes and (2) position papers
describing new research challenges and worthy topics to discuss in
all areas of usable privacy and security of wearables and
other consumer sensors and domestic devices.
Submissions should relate to both human factors and
either privacy or security properties of the devices in question.
Topics may include (but are not limited to):
potential security attacks against in-home technologies and their impact on residents
potential security attacks against wearable devices and their impact on people wearing them
access control for sharing data captured by these devices (e.g., photos, sensor data)
access control for shared data among neighbors (e.g., smart meter data, security camera data)
user authentication on devices
understanding user privacy concerns/expectations regarding consumer sensing systems
designing privacy notifications for recording devices
user testing of security or privacy features
Short papers may cover research results, work in progress,
or experience reports focused on any workshop topic.
Papers should describe the purpose and goals of the work,
cite related work, and clearly state the contributions to the field
(innovation, lessons learned). Position papers present an arguable
opinion about an issue. A position paper may include new ideas or
discussions of topics at various stages of completeness.
Position papers that present speculative or creative out-of-the-box ideas are welcome.
While completed work is not required, position papers should still provide
reasonable evidence to support their claims.
Workshop papers will be available on the UPSIDE website (if chosen by the authors),
and will be given an option to be included in the ACM Digital library. This means that
unless the authors choose to publish their work (opt-in), the work will not be considered
a peer-reviewed publication from the perspective of Ubicomp/UPSIDE and hence should not
preclude subsequent publication at another venue. Authors of accepted papers will be invited
to present their work at the workshop.
IMPORTANT DATES & REQUIREMENTS
Submission deadline: June 2 (Mon), 2014, 5pm PDT
Notification deadline: June 18 (Wed), 2014, 5pm PDT
Camera-ready due: July 2 (Wed), 2014, 5pm PDT
Anonymization: Papers are NOT to be anonymized
Papers: 6 pages or shorter excluding bibliography & appendices
Formatting: Use SIGCHI MS Word or LaTeX templates (Word, Latex)
Workshop date: September 14 (Sun), 2014
SUBMISSIONS
We invite authors to submit papers using the SIGCHI templates.
Submissions should be 2 to 6 pages in length, excluding references
and appendices (However, the maximum length including these is set to 10 pages). The paper should be self-contained without requiring
that readers also read the appendices.
All submissions must be in PDF format and should not be
blinded. Papers should be submitted here.
User experiments should follow the basic principles of ethical
research, e.g., beneficence (maximizing the benefits to an individual or
to society while minimizing harm to the individual), minimal risk (appropriateness
of the risk versus benefit ratio), voluntary consent, respect for privacy, and
limited deception. Authors may be asked to include explanation of how
ethical principles were followed in their final papers should questions arise
during the review process.
Email inquiries to: jjung at microsoft.com or yoshi at cs.washington.edu
PROGRAM COMMITTEE
Dirk Balfanz | Google, USA
Landon Cox | Duke University, USA
Serge Egelman | ICSI & UC Berkeley, USA
Jaeyeon Jung | Microsoft Research, USA (co-chair)
Apu Kapadia | Indiana University, USA
Tadayoshi Kohno | University of Washington, USA, (co-chair)
Ratul Mahajan | Microsoft Research, USA
Shwetak Patel | University of Washington, USA
Matthew Smith | Leibniz Universität Hannover, Germany
David Wagner | UC Berkeley, USA