Human-Centric Security and Privacy for Emerging Technologies
MetadataShow full item record
The creation and adoption of connectivity-, sensor-, and actuator-rich emerging technologies alter the landscape for computer security and privacy. New technologies facilitate novel or amplified kinds of attacks on the financial, physical, and emotional wellbeing of users and people in other, non-user roles. Moreover, the fast rate at which the security landscape changes can often outpace the understanding of users and technologists. My work seeks to enhance people's security and privacy with emerging technologies. In particular, I take a human-centric approach to designing systems for security and privacy, and a human-centric approach to enabling people to achieve better outcomes. Effective security is not simply a technical challenge, but also a human one. Designing technical systems without considering the humans involved results in suboptimal or unacceptable security solutions. In addition to prioritizing usability, designing good security means designing effective systems that will be embraced by users, fit into the application context, and have minimal negative side effects; this approach requires a deeper understanding of the people in and around a system, their values, and the contexts of technology use. My thesis work contributes to security and privacy for emerging technologies in two ways: via inductive investigations to support designing security and privacy systems that respect a broader set of needs and values, and via designing and evaluating a tool to increase security awareness. I present my work in security for implantable cardiac devices, in which I use semi-structured interviews and group workshops to elicit contextual information from two different stakeholder groups: cardiac patients and medical providers. Second, I present my work investigating the perspectives of bystanders on augmented reality devices and lay out potential design axes for privacy-mediating technologies. I conclude by addressing the design, production, distribution, and evaluation of Control-Alt-Hack--a tabletop card game targeted to help disseminate high-level security concepts.