Results - Details
Search command : Author="Φραγκοπούλου"
And Author="Παρασκευή"
Current Record: 1 of 3
|
Identifier |
000456491 |
Title |
Mitigation of cyber attacks in wearable devices |
Author
|
Kazlouski, Andrei M.
|
Thesis advisor
|
Μαρκάτος, Ευάγγελος
|
Reviewer
|
Ferrari, Elena
Carminati, Barbara
Τζίτζικας, Γιάννης
Φραγκοπούλου, Παρασκευή
Μαγκούτης, Κώστας
Φατούρου, Παναγιώτα
|
Abstract |
The consumer wearable market has been growing relentlessly since 2013, reaching unprecedented
sales numbers during the first two years of the COVID-19 pandemic. At
present, hundreds of millions (potentially billions) of users worldwide use such devices to
monitor their private lives twenty-four hours a day and seven days a week. However, the
lightning spread of wearable device and commercial fitness trackers, in particular, has not
been complemented by the adequate security and privacy protection of their ever-growing
userbase.
In this dissertation, we investigate if average consumers of commercial wearable devices
are at risk. More specifically, whether conventional usage of fitness trackers by regular
people may lead to a significant loss of privacy. In particular, we explore 2 aspects of
consumer wearables: the devices with the associated ecosystem, and the data they produce.
We demonstrate that private information on users of prominent consumer fitness
trackers may be inferred, when the devices transmit the collected data to the permanent
storage of their manufacturer. An adversary may obtain insights on how often users exercise
and measure their heart rate, whether they have trouble sleeping, or if they are overweight.
We proceed to study the third-party companies that are contacted by wearable devices as
part of their functioning. We show that significant and sometimes deeply personal data
may be transferred to these “unwanted” third parties without explicit consent from users.
We further establish that sharing data generated by wearable “as is” may lead to significant
privacy exposure and even full re-identification of users. By possessing very limited
amounts of wearable data, a competent adversary may learn insights on person’s gender,
weight, height, and even reconstruct a “wearable fingerprint” – a unique pattern of daily
routine.
To combat the above threats, we suggest a methodology for blocking unwanted connections
of wearables, severely limiting the possibilities for privacy leaks. We further present
comprehensive guidelines for privacy-preserving release of wearable data by both regular
users and data controllers, who aggregate such information into datasets.
We emphasize that all proposed defense mechanisms can be easily employed by regular
users with limited technical expertise and do not require any additional equipment.
|
Language |
English |
Subject |
Privacy |
|
Security |
Issue date |
2023-07-21 |
Collection
|
School/Department--School of Sciences and Engineering--Department of Computer Science--Doctoral theses
|
|
Type of Work--Doctoral theses
|
Permanent Link |
https://elocus.lib.uoc.gr//dlib/6/a/3/metadata-dlib-1687335710-595237-13093.tkl
|
Views |
882 |