Ensuring User Privacy in the World of Internet-of-Things
With the rapid development of the Internet of Things (IoT), there are many interacting devices and applications. These devices and applications usually need to collect data about users and the surrounding environment to operate. With so many data collection activities every day, one of the most critical challenges is how to ensure user privacy while facilitating expected devices' operations and user experience.
In this dissertation, we propose studies and techniques to better understand user expectations and protect user privacy in IoT environments. One popular and important feature of IoT is voice-controlled devices/applications, which provides convenience but also introduces privacy issues. First, we build a system to automatically interact with voice apps and analyze the resulting interactions to identify suspicious behaviors and investigate privacy risks, such as inappropriate content or personal data collection. Second, we conduct a rigorous systematic analysis on voice apps' dynamic behaviors that bypassed standard vetting/monitoring schemes and propose a privacy monitoring system to address these privacy issues. Third, we study users' perceptions of IoT data collection and notification preferences in large-scale IoT environments by conducting a user study with occupants who report working in smart commercial buildings regarding: 1) awareness and perception of data collection in smart commercial buildings, 2) privacy notification preferences, and 3) potential factors for the privacy notification preferences. Finally, we plan to build fast and easy-to-use tools to help users monitor their voice data privacy in real-time and evaluate the modality of notifications in real-world settings.
- Seongkook Heo, Committee Chair (CS/SEAS/UVA)
- Yuan Tian, Advisor (CS/UVA and ECE/UCLA)
- Yixin Sun (CS, ECE/SEAS/UVA)
- Sara Riggs (ESE/SEAS/UVA)
- Norman Sadeh (CS, Carnegie Mellon University)
- Danny Huang (ECE, New York University)