Speaker: Janne Lindqvist, Rutgers University
In this talk, we will discuss two of our recent and on-going works on using the knowledge of human behavior for systems security and privacy. First, we discuss Elastic Pathing, an algorithm that can deduce your driving locations just based on a starting location and the speed of your driving. This is an important result because several insurance companies claim that their approach to “usage-based automotive insurance” is privacy-preserving when they collect only speed data. Our work shows that this is not the case. Second, we will discuss a robust approach to mobile user authentication: user-generated free-form gestures. We will present the results of several lab and field studies (MobiSys’14, CHI’16, CHI’17, UbiComp’17) on studying usability and security of gesture passwords. We will also present the first approach for measuring the security of gestures with guessing attacks that model real-world attacker behavior. Our dictionary attack, tested on newly collected user data, achieves a cracking rate of 47.71% after two weeks of computation using 10^9 guesses. This is a difference of 35.78 percentage points compared to the 11.93% cracking rate of a benchmark brute-force attack. More details of secure gestures are available at securegestures.org.
Janne Lindqvist is an assistant professor of electrical and computer engineering at Rutgers University and a radiant member of WINLAB and DIMACS. His work is frequently featured in the popular media with close to thousand mentions so far including several times in Scientific American, IEEE Spectrum, MIT Technology Review, NPR, WHYY Radio, Yahoo! News, International Business Times, Daily Mail, and recently also in ABC News, CBS News, Fox News, CW, WPIX and WGN News, ABC News Radio, CBS Radio News, Fortune, Computerworld, Der Spiegel, London Times, New Scientist, Slashdot, The Register, Wired (UK). Janne directs the Rutgers Human-Computer Interaction and Security Engineering group. Janne’s work focuses on hard real-world problems, and currently his group and his colleagues work includes usable and secure authentication, mobile privacy, physical-world crowdsourcing, measuring implicit racism in situ, social protocols for wireless networking, and ecological field studies on non-suicidal self-injurious behavior. His awards include the Best Paper Award from MobiCom’12, the Best Paper Nominee Award from UbiComp’14, and Sustainable Jersey Creation & Innovation Award 2014.