To register for CoSDEO2018 workshop, please register for the associated conference PerCom2018. Unfortunately, there is no workshop-only registration.
|09:00-10:00||Keynote (Florian Alt, LMU München)
This keynote will highlight challenges and opportunities in usable security as novel technologies, including but not limited to personal devices and sensors, are becoming ubiquitous. Such technologies, on one hand, strongly influence the way in which we access and interact with information, hence creating a need to fundamentally rethink how we design for usability. On the other hand, new sensing technologies, such as eye trackers and thermal cameras, may create considerable security threats. Through illustrative examples, the keynote will show how security and usability issues can both be identified and mitigated. In particular, opportunities of moving away from explicit authentication mechanisms as well as providing benefits of authentication mechanisms beyond mere security will be discussed.
|10:30-11:30||Session 1 (Secure IoT)
Lee, Chow, Haghighat, Patterson, Kobsa: IoT Service Store: A Web-based System for Privacy-aware IoT Service Discovery and Interaction
Internet of Things (IoT) services collect and analyze sensor data to provide users with intelligent functionality tailored to their needs. However, users are often unaware of privacy risks relating to sensor data collection and the inferences possible from this data. Even if aware of the data collection and possible inferences, users lack ways to manage the collection, processing, and transmission of the data about themselves. To tackle this problem, we designed and implemented a novel web-based system called IoT Service Store (ISS) that allows users to easily browse available IoT services at their current location, understand the privacy implications of these IoT services, and control the collection and usage of sensor data. First, each IoT service registered to ISS broadcasts its own information to nearby users. To better inform users about the potential privacy risks in using IoT services, ISS displays detailed information of what personal information might be inferred from the sensor data being collected. ISS also allows each user to give a rating or check other users' ratings about the utility-privacy tradeoff for each IoT service. ISS is designed to communicate with IoT services to modify their data collection and usage practices, according to a user's privacy preferences. Using the preferred privacy settings in the proposed system, users will be more confident in their decisions whether to subscribe to IoT services and less concerned with privacy risks in using the services.
Nowadays, the proliferation of smart, communication-enable devices is opening up many new opportunities of pervasive applications. A major requirement of pervasive applications is to be secured. The complexity to secure pervasive systems is to address a end-to-end security level: from the device to the services according to the entire life cycle of devices, applications and platform. In this article, we propose a solution combining both hardware and software elements to secure communications between devices and pervasive platform based on certificates issued from a Public Key Infrastructure. Our solution is implemented and validated with a real device extended by a secure element and our own Public Key Infrastructure.
We introduce context-based pairing protocols that integrate into common distributed device encryption schemes for device management and access control. In particular, we suggest three pairing protocols that integrate implicit proximity-based device pairing to increase convenience and security. From these protocols, we implemented a secure device pairing approach conditioned on natural, unconstrained spoken interaction in a smart environment. In particular, our approach exploits speech recognition to identify devices to pair from free-form spoken interaction and restricts the pairing to the right device in proximity by generating secure keys from audio fingerprints of the same spoken interaction.
|11:30-12:00||Invited Talk (Hien Truong, NEC Laboratories Europe)
This talk will present recent results from our research on device-proximity (co-presence) verification based on context sensing technologies to enhance security of mobile authentication systems while retaining their usability. Prior work demonstrated the effectiveness of context-centric sensor based approaches to defend such systems against relay attacks. Through a systematic assessment of those context-based verification systems by considering an adversary model that includes active attackers, we showed that it is possible to manipulate context from sensor readings. This consequently defeats the authentication systems. In the direction of mitigating such active context attackers, this talk will introduce a solution based on acoustic room impulse response.
|13:15-14:15||Keynote (Jan Lühr, AnderScore)
This keynote presentation will highlight the challenges of usable security in industrial context. It will discuss common problems faced and efficient solutions, exemplified from the perspective of anderScore. The speaker has more than 10 years of working experience in the field and has been involved in various projects in a vast number of business areas, such as finance, insurance, health, telecommunication and more. The talk will detail how anderScore is able to achieve the goals of usable security in real-life projects.
|14:15-14:30||Session 2 (Authentication)
Wajid, Kanhere: Wi-Access: Second Factor User Authentication leveraging WiFi Signals
Despite the fact that second factor authentication (2FA) provides improved security for the online accounts, the user adoption rate is rather limited because most 2FA implementations require a significant amount of interaction from the user. In this paper, we present a novel 2FA system, called Wi-Access that requires absolutely no explicit participation from the user. A user simply has to type his password, while Wi-Access detects the unique perturbations in WiFi signals as a result of fingers and hands motion and use these as a 2FA. Wi-Access detect these perturbations by measuring the fine-grained Channel State Information (CSI) of the ambient WiFi signals at the device from which user is attempting to log-in. The logic being that, while typing the password user's hands and fingers move in unique direction and formation, causing unique perturbations in CSI time-series related to each user. Wi-Access deploy a mechanism for precise estimation of start and end point of password in a recorded CSI stream. Subsequently, Wi-Access uses a One-Class Classifier based upon autoencoders and sets a local threshold for each user in order to make the authentication decision. We implement Wi-Access using commodity off-the-shelf 802.11n devices and evaluate its performance in a room by recruiting 10 volunteers. Our extensive 210 tests reveal that Wi-Access can on average achieve 91% authentication accuracy with 8% false positives. Moreover, Wi-Access is very robust in preventing attacks with a 92% attack detection accuracy.
Building upon the concept of collective computing, which combines cloud, crowd and shroud technologies, we propose a further application domain for the fourth generation of computing: Usable Security. Combining the three constituent technologies enables novel, stronger and personalized authentication mechanisms. In particular, we combine implicit memory of people (the crowd), obtained from wearable camera devices (the shroud) and supported by edge and cloud facility (the cloud) in order to generate image-based authentication challenges which are transient and personalized .
|14:30-15:00||Invited Talk (Dawud Gordon, twosen.se)
Behavioral Biometrics: From Research Hypothesis to Product
|15:30-16:00||Prototypes and Demos|
|16:00-16:30||Tutorial (Dominik Schürmann, TU Braunschweig)|
The 6th CoSDEO-workshop aims to bring together researchers and practitioners working on the design, implementation, and evaluation of systems, algorithms or models for usable security.
Recently, usable security receives a growing amount of attention in industry and from academia. This covers, for instance, novel pairing and security schemes for pervasive systems where identity cues are provided from sensor information as well as the discussion of novel sensor modalities or secure processing methodologies. The offensive side includes attacks on existing security mechanisms as well as entropy and statistical analysis of key sequences.
It is therefore the goal of this workshop to provide a publication and discussion platform for this growing community in which fundamental problems but also sophisticated approaches are presented and discussed.
Thus, we like to encourage practioners and scientists in all stages of their research, from first experiments to readily developed and evaluated systems, to submit their original work to allow a broad discussion with established field experts but also researchers relatively new to the field.
Even if work is in a very early stage all submitted work must conform to typical scientific requirements; showing a good overview of the field and the specific area of the context of interest. If the paper is based on a technical system the system should be described and discussed thoroughly.
Besides regular papers, we also encourage submission of visionary papers which need not describe completed research but contain ideas new to the field. These may be related to novel and convenient techniques for key generation and pairing, discussions on entropy and statistical properties of sensor- generated random sequences but also novel applications and designs of usable security systems. Topics of interest include but are not limited to:
CoSDEO is single-blind. Papers may be no more than 6 pages in length (including references). Papers in excess of page limits shall not be considered for review or publication. All papers must be typeset in double-column IEEE format using 10pt fonts on US letter paper, with all fonts embedded. The IEEE LaTeX and Microsoft Word templates, as well as related information, can be found at the IEEE Computer Society website. Workshop papers will be included and indexed in the IEEE digital libraries (Xplore).
Each accepted workshop paper requires a full PerCom registration (no registration is available for workshops only).