SaTC: CORE: Small: Corporeal Cybersecurity: Improving End-User Security and Privacy with Physicalized Computing Interface
Georgia Tech Research Corporation, Atlanta GA
Investigators
Abstract
Encouraging pro-cybersecurity and privacy (S&P) behaviors remains a persistently important societal challenge. Indeed, in 2018, McAfee estimated that the global economic damages caused by cybercrime was 600 billion USD, with as many as 2/3rds of all Internet users having been affected by personal data breaches. Moreover, many of these breaches were the result of human error. Prior work in usable privacy and security has identified three barriers that help explain why pro-S&P behaviors remain rare: awareness, motivation and ability. The overarching hypothesis of this proposal is that it should be possible to address these barriers to pro-S&P behaviors by creating corporeal security and privacy interfaces (CSPIs) that allow people to take advantage of their corporeal threat perception (e.g., intuitively understanding that walking in a dimly lit area is less safe than walking in a well-lit area) and their natural understanding of the physics-based affordances of the physical world (e.g., whispering to reduce the range of who can hear one’s voice) in digital S&P-relevant contexts. To test this hypothesis, this project proposes to design, implement and evaluate three novel CSPIs. First, Bit Whisperer is a wireless communication protocol that situates digital communications on physical surfaces to raise people’s awareness of the audience of and threats to their wireless communications. Second, Spidey Sense is a smartwatch wristband that delivers affective haptic feedback to motivate heightened responses to S&P warnings. Third, Horcrux is a tangible smart mat that improves people’s ability to collaboratively author access control policies for collectively owned and shared digital resources. This research, if successful, could significantly improve the widespread adoption of pro-S&P behaviors and, in turn, mitigate vulnerabilities that result from human error. This proposal marries ideas from tangible, wearable, and haptic computing with challenges in end-user cybersecurity and privacy. The proposed work will encompass some of the first attempts to integrate state-of-the-art tangible interaction techniques designed to address the awareness, ability and motivation barriers to pro-S&P behaviors, by asking research questions such as: (a) How might situated digital communications improve people’s awareness of the range of their wireless communications and the threats thereof? (b) How might affective haptics improve end-users’ motivation to respond to S&P warnings? (c) How might tangible user interfaces improve the ability of social groups to collaboratively author access control policies for shared accounts and resources? In exploring these questions, the research will make the following high-level intellectual contributions: (i) the iterative design and implementation of three CSPIs---Bit Whisperer, Spidey Sense and Horcrux; (ii) rigorous empirical studies in which we will explore the effectiveness of these CSPIs in addressing the awareness, motivation and ability barriers to pro-S&P behaviors; and (iii) a synthesized set of design opportunities and challenges for CSPIs in the context of usable S&P. The outputs of this project will serve as a foundation for a new cross-disciplinary collaboration between scholars in the HCI, S&P and Tangible Computing communities. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →