[Also available in BibTeX] [See also: all keywords]
These papers relate to privacy in the context of computing.Papers are listed in reverse-chronological order;
click an entry to pop up the abstract.
For full information and pdf, please click Details link.
Follow updates with RSS.
In this paper we present MOAT, a system that leverages Wi-Fi sniffers to analyze the physical properties of a device's wireless transmissions to infer whether that device is located inside or outside of a home. MOAT can adaptively self-update to accommodate changes in the home indoor environment to ensure robust long-term performance. Notably, MOAT does not require prior knowledge of the home's layout or cooperation from target devices, and is easy to install and configure.
We evaluated MOAT in four different homes with 21 diverse commercial smart devices and achieved an overall balanced accuracy rate of up to 95.6%. Our novel periodic adaptation technique allowed our approach to maintain high accuracy even after rearranging furniture in the home. MOAT is a practical and efficient first step for monitoring and managing devices in a smart home.
In this thesis, we present an end-to-end solution for providing information provenance for mHealth data, which begins by securing mHealth data at its source: the mHealth device. To this end, we devise a memory-isolation method that combines compiler-inserted code and Memory Protection Unit (MPU) hardware to protect application code and data on ultra-low-power micro-controllers. Then we address the security of mHealth data outside of the source (e.g., data that has been uploaded to smartphone or remote-server) with our health-data system, Amanuensis, which uses Blockchain and Trusted Execution Environment (TEE) technologies to provide confidential, yet verifiable, data storage and computation for mHealth data. Finally, we look at identity privacy and data freshness issues introduced by the use of blockchain and TEEs. Namely, we present a privacy-preserving solution for blockchain transactions, and a freshness solution for data access-control lists retrieved from the blockchain.
We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device’s lifecycle. The SPLICEcube system consists of the following components: 1) a main cube, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a database that holds network data, and 3) a set of support cubelets that can be used to extend the range of the network and assist in gathering network data.
To deliver this vision of identifying, securing, and managing smart devices, we introduce an architecture that facilitates intelligent research applications (such as network anomaly detection, intrusion detection, device localization, and device firmware updates) to be integrated into the SPLICEcube. In this thesis, we design a general-purpose Wi-Fi architecture that underpins the SPLICEcube. The architecture specifically showcases the functionality of the cubelets (Wi-Fi frame detection, Wi-Fi frame parsing, and transmission to cube), the functionality of the cube (routing, reception from cubelets, information storage, data disposal, and research application integration), and the functionality of the database (network data storage). We build and evaluate a prototype implementation to demonstrate our approach is scalable to accommodate new devices and extensible to support different applications. Specifically, we demonstrate a successful proof-of-concept use of the SPLICEcube architecture by integrating a security research application: an "Inside-Outside detection" system that classifies an observed Wi-Fi device as being inside or outside the home.
To address this problem, in this paper, we investigate the use of vibration, generated by a smartRing, as an out-of-band communication channel to unobtrusively share a secret with a smartThing. This exchanged secret can be used to bootstrap a secure wireless channel over which the smartphone (or another trusted device) and the smartThing can communicate. We present the design, implementation, and evaluation of this system, which we call VibeRing. We describe the hardware and software details of the smartThing and smartRing. Through a user study we demonstrate that it is possible to share a secret with various objects quickly, accurately and securely as compared to several existing techniques. Overall, we successfully exchange a secret between a smartRing and various smartThings, at least 85.9% of the time. We show that VibeRing can perform this exchange at 12.5 bits/second at a bit error rate of less than 2.5%. We also show that VibeRing is robust to the smartThing’s constituent material as well as the holding style. Finally, we demonstrate that a nearby adversary cannot decode or modify the message exchanged between the trusted devices.
In this poster we report preliminary work in which we infer social interactions of individuals from Wi-Fi connection traces in the campus network at Dartmouth College. We make the following contributions: (i) we propose several definitions of a pseudocorrelation matrix from Wi-Fi connection traces, which measure similarity between devices or users according to their temporal association profile to the Access Points (APs); (ii) we evaluate the accuracy of these pseudo-correlation variants in a simulation environment; and (iii) we contrast results with those found on a real trace.
We address this problem of balancing disclosure and utility of personal information collected by mobile technologies. We believe subjects can decide how best to share their information if they are aware of the benefits and risks of sharing. We developed ShareBuddy, a privacy-aware architecture that allows recipients to request information and specify the benefits the subjects will receive for sharing each piece of requested information; the architecture displays these benefits and warns subjects about the risks of sharing. We describe the ShareBuddy architecture in this poster.
We conducted focus groups to understand the privacy concerns that patients have when they use mHealth devices. We conducted a user study to understand how willing patients are to share their personal health information that was collected using an mHealth device. To the best of our knowledge, ours is the first study that explores users’ privacy concerns by giving them the opportunity to actually share the information collected about them using mHealth devices. We found that patients tend to share more information with third parties than the public and prefer to keep certain information from their family and friends. Finally, based on these discoveries, we propose some guidelines to developing defaults for sharing settings in mHealth systems.
We make three contributions. First, we propose Adapt-lite, a set of two techniques that can be applied to existing wireless protocols to make them energy efficient without compromising their security or privacy properties. The techniques are: adaptive security, which dynamically modifies packet overhead; and MAC striping, which makes forgery difficult even for small-sized MACs. Second, we apply these techniques to an existing wireless protocol, and demonstrate a prototype on a Chronos wrist device. Third, we provide security, privacy, and energy analysis of our techniques.
We make three contributions. First, we propose an mHealth sensing protocol that provides strong security and privacy properties with low energy overhead, suitable for low-power sensors. The protocol uses three novel techniques: adaptive security, to dynamically modify transmission overhead; MAC striping, to make forgery difficult even for small-sized MACs; and an asymmetric resource requirement. Second, we demonstrate a prototype on a Chronos wrist device, and evaluate it experimentally. Third, we provide a security, privacy, and energy analysis of our system.
This poster describes a simple, flexible, and novel approach to protecting both the confidentiality and integrity medical sensing and data processing on vulnerable mobile phones, using plug-in smart cards---even a phone compromised by malware. We describe our design, implementation, and initial experimental results using real smart cards and Android smartphones.
In this chapter, we survey the growing body of research that addresses the risks, methods, and evaluation of network trace sanitization. Research on the risks of network trace sanitization attempts to extract information from published network traces, while research on sanitization methods investigates approaches that may protect against such attacks. Although researchers have recently proposed both quantitative and qualitative methods to evaluate the effectiveness of sanitization methods, such work has several shortcomings, some of which we highlight in a discussion of open problems. Sanitizing a network trace, however challenging, remains an important method for advancing network--based research.
We describe AnonySense, a privacy-aware architecture for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing tasks that will be distributed across anonymous participating mobile devices, later receiving verified, yet anonymized, sensor data reports back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our trust model, and the security properties that drove the design of the AnonySense system. We evaluate our prototype implementation through experiments that indicate the feasibility of this approach, and through two applications: a Wi-Fi rogue access point detector and a lost-object finder.
We propose SenseRight, the first architecture for high-integrity people-centric sensing. The SenseRight approach, which extends and enhances AnonySense, assures integrity of both the sensor data (through use of tamper-resistant sensor devices) and the sensor context (through a time-constrained protocol), maintaining anonymity if desired.
We propose AnonySense, a general-purpose architecture for leveraging users’ mobile devices for measuring context, while maintaining the privacy of the users. AnonySense features multiple layers of privacy protection---a framework for nodes to receive tasks anonymously, a novel blurring mechanism based on tessellation and clustering to protect users’ privacy against the system while reporting context, and k-anonymous report aggregation to improve the users’ privacy against applications receiving the context. We outline the architecture and security properties of AnonySense, and focus on evaluating our tessellation and clustering algorithm against real mobility traces.