Knowledge-driven Biometric Authentication in Virtual Reality

With the increasing adoption of virtual reality (VR) in public spaces, protecting users from observation attacks is becoming essential to prevent attackers from accessing context-sensitive data or performing malicious payment transactions in VR. In this work, we propose RubikBiom, a knowledge-driven behavioural biometric authentication scheme for authentication in VR. We show that hand movement patterns performed during interactions with a knowledge-based authentication scheme (e.g., when entering a PIN) can be leveraged to establish an additional security layer. Based on a dataset gathered in a lab study with 23 participants, we show that knowledge-driven behavioural biometric authentication increases security in an unobtrusive way. We achieve an accuracy of up to 98.91% by applying a Fully Convolutional Network (FCN) on 32 authentications per subject. Our results pave the way for further investigations towards knowledge-driven behavioural biometric authentication in VR

Social Cybersecurity

Presented on August 31, 2018 at 12:00 p.m. in the Klaus Advanced Computing Building, Room 1116W.Sauvik Das is an assistant professor of Interactive Computing at the Georgia Institute of Technology. His research, which intersects human computer interaction (HCI), data science, and cybersecurity, aims to empower people with novel security systems that mitigate costs of time, effort, and social capital.Runtime: 45:56 minutesEntering an era of pervasive, connected smart things, our cybersecurity decisions increasingly interfere with our social lives. Yet, little is known of the complex social consequences of our security behaviors, and vice versa. Absent this knowledge, it is difficult to develop better, more socially intelligent security systems that are intuitive for the layperson. My work on social cybersecurity bridges this gap. First, I will highlight some data science work on how social factors affect security behaviors through two empirical analyses: (i) an exploratory analysis of how optional-use security tools diffused through the social networks of 1.5 million Facebook users and (ii) a randomized, controlled experiment with 50,000 people. I will then discuss Thumprint, an inclusive authentication system I created based on the results of the prior empirical analyses. Using techniques from both supervised and unsupervised machine learning, Thumprint authenticates and identifies individual members of small, local groups (e.g., families or small work teams) through the acoustic and acceleration profiles of a single, shared secret knock. Taken together, my work points towards a future of socially intelligent security systems that understand and accommodate basic human behaviors, desires, and capabilities

The Metabolic Cost of Overground and Treadmill Walking in Healthy Young and Older Adults

The Metabolic Cost of Walking (MCoW) is typically expressed either in terms of Gross Cost of Walking (GCoW) or Net Cost of Walking (NCoW). MCoW is defined as the metabolic energy expended per meter travelled and is an important variable in daily life. From the literature we can see that increased MCoW for elderly compared to young might lead to elderly becoming fatigued and sedentary. Increased fatigue and sedentarism limits their functional possibilities, thereby affecting the overall quality of life. The motivation for this doctoral project was that we wanted to know the reasons why elderly have a higher MCoW compared to young, especially during overground walking. We were interested in overground walking since it is the ecologically relevant mode of walking. However, before trying to know why elderly have a higher MCoW than young we wanted to see whether this finding of elevated MCoW for elderly was valid in the first place and if so, specifically for overground walking. To answer our research questions, we conducted three studies in this thesis. We started with a systematic review and meta-analysis and reported on this study in Chapter 1 of this thesis. Then we followed it up with two experimental studies and then reported on them in Chapters 2 and 3 of this thesis. To summarise, from the studies conducted in this thesis, we were able to show that the commonly reported elevation in MCoW for Older Adults (OA) over Young Adults (YA) is not due to age per se but is probably due to the differential reaction to treadmills by healthy YA and OA. In Chapters 2 and 3 we have shown that OA react differently to overground and treadmill walking (elevated MCoW on treadmills compared to overground) at their overground Preferred Walking Speed (PWS), which we directly imposed on the treadmills. YA do not react differently to overground and treadmill walking at the same speed as they have similar MCoW. Due to this differential reaction to overground and treadmill walking by YA and OA walking energetics are different between the two groups. In conclusion, through this thesis we have shown how to have age as the only differentiating factor between YA and OA while trying to learn about the differences in MCoW between the cohorts. There were no differences in anthropometrics, physical activity and fitness levels and overground PWS between our YA and OA. Our main finding is that we have shown there are no differences in overground MCoW between them. As overground walking is the ecologically relevant mode of walking, overground MCoW should be considered important. Due to the differential reaction of YA and OA to treadmills, treadmills are not suitable for comparison of MCoW between the two populations. The results of similar overground MCoW of YA and OA could have some clinical implications. For example, these results could be interpreted in the way that if people adopt a healthy and active lifestyle from an early age, when they grow old, they can have similar levels of PWS and MCoW like a young person. Comparable levels of PWS would generally mean that mobility and daily life gait will not be affected and similar levels of MCoW will mean that elderly will expend the same amount of energy after walking the same distance as a young person. Overall this will imply that elderly will be able to lead a normal healthy lifestyle, not become fatigued and sedentary, and we can achieve the goals of healthy aging in our society

Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior

<p>Despite substantial effort made by the usable security community at facilitating the use of recommended security systems and behaviors, much security advice is ignored and many security systems are underutilized. I argue that this disconnect can partially be explained by the fact that security behaviors have myriad unaccounted for social consequences. For example, by using two-factor authentication, one might be perceived as “paranoid”. By encrypting an e-mail correspondence, one might be perceived as having something to hide. Yet, to date, little theoretical work in usable security has applied theory from social psychology to understand how these social consequences affect people’s security behaviors. Likewise, little systems work in usable security has taken social factors into consideration. To bridge these gaps in literature and practice, I begin to build a theory of social cybersecurity and apply those theoretical insights to create systems that encourage better cybersecurity behaviors. First, through a series of interviews, surveys and a large-scale analysis of how security tools diffuse through the social networks of 1.5 million Facebook users, I empirically model how social influences affect the adoption of security behaviors and systems. In so doing, I provide some of the first direct evidence that security behaviors are strongly driven by social influence, and that the design of a security system strongly influences its potential for social spread. Specifically, security systems that are more observable, inclusive, and stewarded are positively affected by social influence, while those that are not are negatively affected by social influence. Based on these empirical results, I put forth two prescriptions: (i) creating socially grounded interface “nudges” that encourage better cybersecurity behaviors, and (ii) designing new, more socially intelligent end-user facing security systems. As an example of a social “nudge”, I designed a notification that informs Facebook users that their friends use optional security systems to protect their own accounts. In an experimental evaluation with 50,000 Facebook users, I found that this social notification was significantly more effective than a non-social control notification at attracting clicks to improve account security and in motivating the adoption of promoted, optional security tools. As an example of a socially intelligent cybersecurity system, I designed Thumprint: an inclusive authentication system that authenticates and identifies individual group members of a small, local group through a single, shared secret knock. Through my evaluations, I found that Thumprint is resilient to casual but motivated adversaries and that it can reliably differentiate multiple group members who share the same secret knock. Taken together, these systems point towards a future of socially intelligent cybersecurity that encourages better security behaviors. I conclude with a set of descriptive and prescriptive takeaways, as well as a set of open problems for future work. Concretely, this thesis provides the following contributions: (i) an initial theory of social cybersecurity, developed from both observational and experimental work, that explains how social influences affect security behaviors; (ii) a set of design recommendations for creating socially intelligent security systems that encourage better cybersecurity behaviors; (iii) the design, implementation and comprehensive evaluation of two such systems that leverage these design recommendations; and (iv) a reflection on how the insights uncovered in this work can be utilized alongside broader design considerations in HCI, security and design to create an infrastructure of useful, usable and socially intelligent cybersecurity systems.</p

Self-Censorship on Facebook

We report results from an exploratory analysis examining “last-minute” self-censorship, or content that is filtered after being written, on Facebook. We collected data from 3.9 million users over 17 days and associate self-censorship behavior with features describing users, their social graph, and the interactions between them. Our results indicate that 71% of users exhibited some level of last-minute self-censorship in the time period, and provide specific evidence supporting the theory that a user’s “perceived audience” lies at the heart of the issue: posts are censored more frequently than comments, with status updates and posts directed at groups censored most frequently of all sharing use cases investigated. Furthermore, we find that: people with more boundaries to regulate censor more; males censor more posts than females and censor even more posts with mostly male friends than do females, but censor no more comments than females; people who exercise more control over their audience censor more content; and, users with more politically and age diverse friends censor less, in general

Social Cybersecurity: Reshaping Security Through an Empirical Understanding of Human Social Behavior - Sauvik Das

Presented online at the Interaction of Privacy and Autonomy in the Digital Age Symposium, August 26, 2020, 10:30 a.m.-11:45 a.m. via the BlueJeans Event platform.The Interaction of Privacy and Autonomy in the Digital Age Symposium ; Session 2.This two day virtual symposium is hosted by the Georgia Tech Library to explore the concept of privacy and its interconnected relationship to autonomy. Privacy researchers and advocates will explore these concepts through the lens of their subject area.TITLE - European and American Approaches to Privacy and Autonomy. Peter Swire, Esq., Scheller College of Business, Georgia Institute of Technology.TITLE - Social Cybersecurity: Reshaping Security Through an Empirical Understanding of Human Social Behavior. Sauvik Das, Ph.D., School of Interactive Computing, Georgia Institute of Technology.Moderated by Cynthia Kutka, Business & Entrepreneurship Librarian, Georgia Institute of Technology Library.Runtime: 76:29 minutesSauvik Das - TITLE: "Social Cybersecurity: Reshaping Security Through an Empirical Understanding of Human Social Behavior". Little is known of the complex social consequences of our security behaviours, and vice versa. Sauvik Das’s work on social cybersecurity bridges this gap. He will present work describing how social influences affect end-user cybersecurity behaviors through a series of empirical studies, including an analysis of how cybersecurity behaviours diffused through the social networks of 1.5 million Facebook users.Peter Swire - TITLE: "European and American Approaches to Privacy and Autonomy"