The Persuasive Effect of Privacy Recommendations

Several researchers have recently suggested that in order to avoid privacy problems, location-sharing services should provide finer-grained methods of location-sharing. This may however turn each “check-in” into a rather complex decision that puts an unnecessary burden on the user. We present two studies that explore ways to help users with such location-sharing decisions. Study 1 shows that users’ evaluation of their activity is a good predictor of the sharing action they choose. Study 2 develops several “privacy recommenders” that tailor the list of sharing actions to this activity evaluation. We find that these recommenders have a strong persuasive effect, and that users find short lists of recommended actions helpful. We also find, however, that users ultimately find it more satisfying if we do not ask them to evaluate the activity

Secure Pick Up: Implicit Authentication When You Start Using the Smartphone

We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users' phone pick-up movements, the way they bend their arms when they pick up a smartphone to interact with the device, to authenticate the users. Our SPU outperforms the state-of-the-art implicit authentication mechanisms in three main aspects: 1) SPU automatically learns the user's behavioral pattern without requiring a large amount of training data (especially those of other users) as previous methods did, making it more deployable. Towards this end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW) algorithm to effectively quantify similarities between users' pick-up movements; 2) SPU does not rely on a remote server for providing further computational power, making SPU efficient and usable even without network access; and 3) our system can adaptively update a user's authentication model to accommodate user's behavioral drift over time with negligible overhead. Through extensive experiments on real world datasets, we demonstrate that SPU can achieve authentication accuracy up to 96.3% with a very low latency of 2.4 milliseconds. It reduces the number of times a user has to do explicit authentication by 32.9%, while effectively defending against various attacks.Comment: Published on ACM Symposium on Access Control Models and Technologies (SACMAT) 201