Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior
ABSTRACT: Entering an era of pervasive, connected smart things, our cybersecurity decisions increasingly interfere with our social lives. Yet, little is known of the complex social consequences of our security behaviors, and vice versa. Absent this knowledge, it is difficult to develop better, more socially intelligent security systems that are intuitive for the layperson. My work on social cybersecurity bridges this gap. First, I will highlight some data science work on how social factors affect security behaviors through two empirical analyses: (i) an exploratory analysis of how optional-use security tools diffused through the social networks of 1.5 million Facebook users and (ii) a randomized, controlled experiment with 50,000 people. I will then discuss Thumprint, an inclusive authentication system I created based on the results of the prior empirical analyses. Using techniques from both supervised and unsupervised machine learning, Thumprint authenticates and identifies individual members of small, local groups (e.g., families or small work teams) through the acoustic and acceleration profiles of a single, shared secret knock. Taken together, my work points towards a future of socially intelligent security systems that understand and accommodate basic human behaviors, desires and capabilities.
BIO: I am a Ph.D. student at CMU's HCII. In my current research, I draw on social science theory to invent novel, more socially compatible security tools that make end-user security less isolating and more likely to spread through social channels. I also occasionally work on other interesting topics broadly within HCI: including game personalization, mobile authentication, friendsourcing, and ubiquitous computing.