WEARABLE ACTIVITY TRACKERS AND PRIVACY: ASSESSMENT OF THE RISKS, THREATS, AND COUNTERMEASURES

Details

Ressource 1Download: thèse-ZN-OK.pdf (41814.86 [Ko])
State: Public
Version: After imprimatur
License: Not specified
Serval ID
serval:BIB_374AE52D5DAF
Type
PhD thesis: a PhD thesis.
Collection
Publications
Institution
Title
WEARABLE ACTIVITY TRACKERS AND PRIVACY: ASSESSMENT OF THE RISKS, THREATS, AND COUNTERMEASURES
Author(s)
ZUFFEREY Noé
Director(s)
Huguenin Kévin
Codirector(s)
Humbert Mathias
Institution details
Université de Lausanne, Faculté des hautes études commerciales
Publication state
Accepted
Issued date
2023
Language
english
Abstract
Wearable devices, such as wearable activity trackers (WATs), are increasing in popularity. Although they can help improve a person’s quality of life, they also raise serious privacy issues. Although security aspects of WATs have been widely studied (e.g., Bluetooth security, inference of password or biometrics), as well as privacy-related aspects such as users’ attitudes and concerns, we lack knowledge about the privacy of WAT users. Indeed, the security aspects that were studied in prior work are not enough to build a realistic adversary model, as these studies focus mostly on communication protocols and not on large- scale data collection. Furthermore, previous work related to data inference by using WATs focuses on only functionalities rather than on privacy (e.g., better monitoring of activity or health to improve user experience). Moreover, these studies focus only on the inference of behavioral patterns (e.g., activi- ties, consumption) or conditions (e.g., diseases), but none of them investigate the inference of users’ personal attributes (e.g., personality, religion, political views).
In this thesis, composed of three research papers and a literature review, we contribute to the WAT security & privacy research field by analyzing how the data of WAT users can be accessed at a large scale by many potential adversaries, by evaluating how such data can be used to infer users’ personal attributes and, finally, by proposing privacy enhancing technologies (PETs) to protect their privacy. Concretely, after analyzing the current literature about WAT security & privacy, we conduct a user-survey study to better under- stand the WAT user’s behaviors towards data sharing, especially with respect to third-party applications (TPAs) that can easily be used by adversaries to collect data. We then use a rigorous machine-learning approach to evaluate to what extent users’ psychological profiles (Big 5) can be inferred from WAT data, and we discuss the related consequences on the users’ privacy and society as a whole. Finally, to propose effective and likely-to-be-adopted protection mechanisms, we conduct a user-centered design study by using a participatory design methodology before analyzing and evaluating the proposed designs in order.
Funding(s)
Swiss National Science Foundation / Projects / 200021_178978
Armasuisse S+T / CYD-C-2020007
Create date
02/11/2023 10:50
Last modification date
13/11/2023 12:57
Usage data