This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others. This project is identifying the risks in greater depth and developing new technologies and techniques to protect against these risks. The project is building a scientific and engineering basis for making wearable computing trustworthy; the growing adoption of wearable computing makes this research important to society.
Several unique features of wearable computing pose new challenges that require novel research. It seems likely that continuous audio and video capture will enable many valuable uses of wearable computing, but they open up new attack vectors through these new input channels. Audio and video capture also present new privacy challenges; for instance, third-party applications may need access to this data, but the data is sometimes highly sensitive (e.g., capturing intimate moments, sensitive documents, embarrassing social situations, etc.). This project studies: how to empower users and enable them to control how apps on wearable devices can access audio and video resources, how to use privilege separation and the least-privilege principle to mitigate risks associated with third-party applications that run on wearable devices, how operating systems for wearable devices can be architected to prevent applications from collecting extraneous data, and new threats from wearable computing and how each of these threats could be countered with secure platform designs. To protect privacy, the researchers are conducting user studies to improve our understanding of what data users find most sensitive; the findings from these user studies is helping the researchers to design techniques to prevent applications from accessing sensitive data inappropriately.
Serge Egelman is Research Director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI) and also holds an appointment in the Department of Electrical Engineering and Computer Sciences (EECS) at the University of California, Berkeley. He leads the Berkeley Laboratory for Usable and Experimental Security (BLUES), which is the amalgamation of his ICSI and UCB research groups. Serge's research focuses on the intersection of privacy, computer security, and human-computer interaction, with the specific aim of better understanding how people make decisions surrounding their privacy and security, and then creating data-driven improvements to systems and interfaces. This has included human subjects research on social networking privacy, access controls, authentication mechanisms, web browser security warnings, and privacy-enhancing technologies. His work has received multiple best paper awards, including seven ACM CHI Honorable Mentions, the 2012 Symposium on Usable Privacy and Security (SOUPS) Distinguished Paper Award for his work on smartphone application permissions, as well as the 2017 SOUPS Impact Award, and the 2012 Information Systems Research Best Published Paper Award for his work on consumers' willingness to pay for online privacy. He received his PhD from Carnegie Mellon University and prior to that was an undergraduate at the University of Virginia. He has also performed research at NIST, Brown University, Microsoft Research, and Xerox PARC.
TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms