Research Interests

Secure and Usable Systems Design

  • requirements engineering
  • human computer interaction (HCI)
  • agile development for secure systems

Home Data Security and Privacy

  • risks and impact on the home and third parties
  • understanding home user security
  • preserving home user privacy

Related Areas

  • Appropriate and Effective Controls 
    • Usability, cost, effectiveness need exploring for household, families, and neighbourhoods
    • security design techniques, architectures, practices for home user as system administrators
  • Data Driven Behavioural Understanding
    • in a home setting (multi-households, across neighbourhoods, many families) - collecting, analysing, acting upon data (ethics)
  • Economics of Home Data Security
    • economic models for delivering services to serve the home security market
  • Organisational Role in Home Data Security
    • employers' responsibility in protecting employee's at home
  • Best Practice in Home Data Security
    • security best pracitces for the home

 

Recent Publications

  • Privacy and Power: Acknowledging the Importance of Privacy Research and Design for Vulnerable Populations (CHI \'20 Workshop)

    Responsibility and Privacy: Caring for a Dependent in a Digital Age

    April 2020
    |
    Working paper
    |
    Privacy and Power: Acknowledging the Importance of Privacy Research and Design for Vulnerable Populations (CHI '20 Workshop)
    Taking care of technology for a dependant can be a daunting task. Often poorly resourced and lacking the formal training and codes of practise available to professionals, those giving informal digital care need to be understood and empowered by the HCI community. These problems are particularly challenging when people who share access to devices must negotiate issues of privacy and security, or when those giving care must do so remotely. For example, situations where one user is given responsibility for devices in the home can further exacerbate existing power asymmetries. Using insights from our past and current work on technology adoption in smart homes, we illustrate the reality of informal digital care and highlight how this reality increases the complexity of researching privacy and requires a human-centered approach.
    communal use, smart home, multi-user

  • Factoring user experience into the security and privacy design of smart home devices: A case study

    April 2020
    |
    Conference paper
    |
    Conference on Human Factors in Computing Systems - Proceedings
    © 2020 Owner/Author. Smart home devices are growing in popularity due to their functionality, convenience, and comfort. However, they are raising security and privacy concerns for users who may have very little technical ability. User experience (UX) focuses on improving user interactions, but little work has investigated how companies factor user experience into the security and privacy design of smart home devices as a means of addressing these concerns. To explore this in more detail, we designed and conducted six in-depth interviews with employees of a large smart home company in the United Kingdom. We analyzed the data using Grounded Theory, and found little evidence that UX is a consideration for the security design of these devices. Based on the results of our study, we proposed user-centered design guidelines and recommendations to improve data protection in smart homes.
  • Conference on Human Factors in Computing Systems - Proceedings

    Further exploring communal technology use in smart homes: Social expectations

    April 2020
    |
    Working paper
    |
    Conference on Human Factors in Computing Systems - Proceedings
    © 2020 Owner/Author. Device use in smart homes is becoming increasingly communal, requiring cohabitants to navigate a complex social and technological context. In this paper, we report findings from an exploratory survey grounded in our prior work on communal technology use in the home [4]. The findings highlight the importance of considering qualities of social relationships and technology in understanding expectations and intentions of communal technology use. We propose a design perspective of social expectations, and we suggest existing designs can be expanded using already available information such as location, and considering additional information, such as levels of trust and reliability.

  • Informing the Design of Privacy-Empowering Tools for the Connected Home

    April 2020
    |
    Conference paper
    |
    Conference on Human Factors in Computing Systems - Proceedings
    © 2020 ACM. Connected devices in the home represent a potentially grave new privacy threat due to their unfettered access to the most personal spaces in people's lives. Prior work has shown that despite concerns about such devices, people often lack sufficient awareness, understanding, or means of taking effective action. To explore the potential for new tools that support such needs directly we developed Aretha, a privacy assistant technology probe that combines a network disaggregator, personal tutor, and firewall, to empower end-users with both the knowledge and mechanisms to control disclosures from their homes. We deployed Aretha in three households over six weeks, with the aim of understanding how this combination of capabilities might enable users to gain awareness of data disclosures by their devices, form educated privacy preferences, and to block unwanted data flows. The probe, with its novel affordances-and its limitations-prompted users to co-adapt, finding new control mechanisms and suggesting new approaches to address the challenge of regaining privacy in the connected home.

  • Innovation inaction or in action? The role of user experience in the security and privacy design of smart home cameras

    January 2020
    |
    Conference paper
    |
    Proceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020
    © 2020 by The USENIX Association. Smart homes are under attack. Threats can harm both the security of these homes and the privacy of their inhabitants. As a result, in addition to delivering pleasing and aesthetic devices, smart home product designers need to factor security and privacy into the design of their devices. Further, the need for user-centered security and privacy design is particularly important for such an environment, given that inhabitants are demographically-diverse (e.g., age, gender, educational level) and have different skills and (dis)abilities. Prior work has explored different usable security and privacy solutions for smart homes; however, the applicability of user experience (UX) principles to security and privacy design is under-explored. In this paper, we present a qualitative study to explore the development of smart home cameras manufactured by three companies. We conduct semi-structured interviews with 20 designers and their collaborators, and analyze these interviews using Grounded Theory. We find that UX was seen as helpful by our participants in fostering innovation in the design of privacy solutions. However, UX was not used or considered in the design of security solutions due to an explicit need for established, tried-and-tested solutions (i.e., previous traditional security solutions that were seen as effective and reliable to fix certain design problems). Drawing from the findings of our study, we propose a model of UX factors influencing security and privacy design of smart home cameras. We also extract a set of recommendations to improve the security and privacy design of smart cameras. We finally outline several areas for future investigation.
More