Design Guidelines for Inclusive Speaker Verification Evaluation Datasets

Speaker verification (SV) provides billions of voice-enabled devices with access control, and ensures the security of voice-driven technologies. As a type of biometrics, it is necessary that SV is unbiased, with consistent and reliable performance across speakers irrespective of their demographic, social and economic attributes. Current SV evaluation practices are insufficient for evaluating bias: they are over-simplified and aggregate users, not representative of real-life usage scenarios, and consequences of errors are not accounted for. This paper proposes design guidelines for constructing SV evaluation datasets that address these short-comings. We propose a schema for grading the difficulty of utterance pairs, and present an algorithm for generating inclusive SV datasets. We empirically validate our proposed method in a set of experiments on the VoxCeleb1 dataset. Our results confirm that the count of utterance pairs/speaker, and the difficulty grading of utterance pairs have a significant effect on evaluation performance and variability. Our work contributes to the development of SV evaluation practices that are inclusive and fair

Ethical Hacking for IoT Security: A First Look into Bug Bounty Programs and Responsible Disclosure

The security of the Internet of Things (IoT) has attracted much attention due to the growing number of IoT-oriented security incidents. IoT hardware and software security vulnerabilities are exploited affecting many companies and persons. Since the causes of vulnerabilities go beyond pure technical measures, there is a pressing demand nowadays to demystify IoT "security complex" and develop practical guidelines for both companies, consumers, and regulators. In this paper, we present an initial study targeting an unexplored sphere in IoT by illuminating the potential of crowdsource ethical hacking approaches for enhancing IoT vulnerability management. We focus on Bug Bounty Programs (BBP) and Responsible Disclosure (RD), which stimulate hackers to report vulnerability in exchange for monetary rewards. We carried out a qualitative investigation supported by literature survey and expert interviews to explore how BBP and RD can facilitate the practice of identifying, classifying, prioritizing, remediating, and mitigating IoT vulnerabilities in an effective and cost-efficient manner. Besides deriving tangible guidelines for IoT stakeholders, our study also sheds light on a systematic integration path to combine BBP and RD with existing security practices (e.g., penetration test) to further boost overall IoT security.Comment: Pre-print version for conference publication at ICTRS 201

The Mobility Laws of Location-Based Games

Mobility is a fundamental characteristic of human society that shapes various aspects of our everyday interactions. This pervasiveness of mobility makes it paramount to understand factors that govern human movement and how it varies across individuals. Currently, factors governing variations in personal mobility are understudied with existing research focusing on explaining the aggregate behaviour of individuals. Indeed, empirical studies have shown that the aggregate behaviour of individuals follows a truncated Levy-flight model, but little understanding exists of the laws that govern intra-individual variations in mobility resulting from transportation choices, social interactions, and exogenous factors such as location-based mobile applications. Understanding these variations is essential for improving our collective understanding of human mobility, and the factors governing it. In this article, we study the mobility laws of location-based gaming-an emerging and increasingly popular exogenous factor influencing personal mobility. We analyse the mobility changes considering the popular PokemonGO application as a representative example of location-based games and study two datasets with different reporting granularity, one captured through location-based social media, and the other through smartphone application logging. Our analysis shows that location-based games, such as PokemonGO, increase mobility-in line with previous findings-but the characteristics governing mobility remain consistent with a truncated Levy-flight model and that the increase can be explained by a larger number of short-hops, i.e., individuals explore their local neighborhoods more thoroughly instead of actively visiting new areas. Our results thus suggest that intra-individual variations resulting from location-based gaming can be captured by re-parameterization of existing mobility models.Peer reviewe