Files
Abstract
As a variety of smart and connected sensors are being deployed everywhere, significant privacy issues arise since these devices can constantly capture our (private) behaviors in forms of image, video and sound. These sensor data can be used by adversaries to attack personal privacy. For example, leaked audio data can be processed using machine learning models to extract private conversation, track user activity, identify human speakers or even generate any speech in the voice of the speaker. These privacy attacks are fully automated and can be launched at scale. As a result, they pose a real security and privacy threat to everyone. Yet protecting users against such intrusive sensing is challenging. Privacy laws and policies can help regulate the use of sensors and machine learning models, but they are known to be difficult and slow to deploy.
In this dissertation, we explore personal privacy protection against intrusive sensing. We propose to develop low-cost wearables that users can carry and turn on/off to prevent their private information from being extracted by unauthorized parties. Along this line, we design and engineer novel wearables that protect both content and identity privacy. Our wearables also leverage the inherent properties of the human body to improve protection strength and coverage. Together, these wearables and the human body form a powerful privacy armor, providing users with full agency in privacy control.
This dissertation makes three key contributions.
First, to protect our speech privacy, we engineer a wearable microphone jammer as a bracelet, which disables surrounding microphones, including hidden ones. Our design leverages a hardware property that, when exposed to ultrasonic noise, commodity microphones will leak the noise into the audible range, which disrupts the speech recording. Our jamming bracelet also leverages natural body movements to increase protection coverage and effectiveness.
Second, we study typing content privacy, where we assess the vulnerability of wearable keyboards to keystroke inference attacks. We show that typing using wearable keyboards can naturally defeat existing attacks because the keyboard and its layout are invisible in the physical world. We then develop a new, more sophisticated attack that can successfully infer wearable typing content using just a RGB camera. This presents a new threat against wearable typing privacy and the need for additional protection methods.
Finally, we also study identity privacy and its impact on user authentication. Since our standard biometrics data, such as face, voice, and fingerprint, can be easily captured by sensors and leaked to attackers, we develop an alternative, wearable-based authentication method based on muscle stimulation. Our proposed system authenticates a user by stimulating the user’s forearm muscles with a sequence of electrical impulses (a challenge) and measuring the user’s involuntary finger movements (response to the challenge). Our system produces 68 million challenges per user, using just one second of muscle stimulation. Attackers replaying used responses will be rejected, making our system highly robust against data breach and leakage.
In summary, this dissertation develops solutions to protect personal privacy against intrusive sensing, by augmenting the human body with wearables to form a ubiquitous privacy armor. We hope our work sheds light on the development of personal privacy protection in the physical world.