WEARABLE ACTIVITY TRACKERS AND PRIVACY: ASSESSMENT OF THE RISKS, THREATS, AND COUNTERMEASURES
Détails
Télécharger: thèse-ZN-OK.pdf (41814.86 [Ko])
Etat: Public
Version: Après imprimatur
Licence: Non spécifiée
Etat: Public
Version: Après imprimatur
Licence: Non spécifiée
ID Serval
serval:BIB_374AE52D5DAF
Type
Thèse: thèse de doctorat.
Collection
Publications
Institution
Titre
WEARABLE ACTIVITY TRACKERS AND PRIVACY: ASSESSMENT OF THE RISKS, THREATS, AND COUNTERMEASURES
Directeur⸱rice⸱s
Huguenin Kévin
Codirecteur⸱rice⸱s
Humbert Mathias
Détails de l'institution
Université de Lausanne, Faculté des hautes études commerciales
Statut éditorial
Acceptée
Date de publication
2023
Langue
anglais
Résumé
Wearable devices, such as wearable activity trackers (WATs), are increasing in popularity. Although they can help improve a person’s quality of life, they also raise serious privacy issues. Although security aspects of WATs have been widely studied (e.g., Bluetooth security, inference of password or biometrics), as well as privacy-related aspects such as users’ attitudes and concerns, we lack knowledge about the privacy of WAT users. Indeed, the security aspects that were studied in prior work are not enough to build a realistic adversary model, as these studies focus mostly on communication protocols and not on large- scale data collection. Furthermore, previous work related to data inference by using WATs focuses on only functionalities rather than on privacy (e.g., better monitoring of activity or health to improve user experience). Moreover, these studies focus only on the inference of behavioral patterns (e.g., activi- ties, consumption) or conditions (e.g., diseases), but none of them investigate the inference of users’ personal attributes (e.g., personality, religion, political views).
In this thesis, composed of three research papers and a literature review, we contribute to the WAT security & privacy research field by analyzing how the data of WAT users can be accessed at a large scale by many potential adversaries, by evaluating how such data can be used to infer users’ personal attributes and, finally, by proposing privacy enhancing technologies (PETs) to protect their privacy. Concretely, after analyzing the current literature about WAT security & privacy, we conduct a user-survey study to better under- stand the WAT user’s behaviors towards data sharing, especially with respect to third-party applications (TPAs) that can easily be used by adversaries to collect data. We then use a rigorous machine-learning approach to evaluate to what extent users’ psychological profiles (Big 5) can be inferred from WAT data, and we discuss the related consequences on the users’ privacy and society as a whole. Finally, to propose effective and likely-to-be-adopted protection mechanisms, we conduct a user-centered design study by using a participatory design methodology before analyzing and evaluating the proposed designs in order.
In this thesis, composed of three research papers and a literature review, we contribute to the WAT security & privacy research field by analyzing how the data of WAT users can be accessed at a large scale by many potential adversaries, by evaluating how such data can be used to infer users’ personal attributes and, finally, by proposing privacy enhancing technologies (PETs) to protect their privacy. Concretely, after analyzing the current literature about WAT security & privacy, we conduct a user-survey study to better under- stand the WAT user’s behaviors towards data sharing, especially with respect to third-party applications (TPAs) that can easily be used by adversaries to collect data. We then use a rigorous machine-learning approach to evaluate to what extent users’ psychological profiles (Big 5) can be inferred from WAT data, and we discuss the related consequences on the users’ privacy and society as a whole. Finally, to propose effective and likely-to-be-adopted protection mechanisms, we conduct a user-centered design study by using a participatory design methodology before analyzing and evaluating the proposed designs in order.
Financement(s)
Fonds national suisse / Projets / 200021_178978
Armasuisse S+T / CYD-C-2020007
Création de la notice
02/11/2023 10:50
Dernière modification de la notice
13/11/2023 12:57