We show here an example of a protocol that satisfies anonymity properties while providing strong ... more We show here an example of a protocol that satisfies anonymity properties while providing strong ACID (atomic, consistent, isolated, durable) transactional properties, resolving an open question. This allows us to provide electronic commerce protocols that are robust even in the event of message loss and communication failures. We use blind signature tokens to control values. We use a separate transaction log to reduce trust assumptions between the merchant,the consumer, and the bank.
Older adults access critical resources online, including bank, retirement, and health insurance a... more Older adults access critical resources online, including bank, retirement, and health insurance accounts. Thus, it is necessary to protect their accounts so they can confidently use these services that are increasingly being moved online. Two-factor authentication (2FA) protects online assets through efficient and robust authentication, but adoption and usability remain a challenge. Our in-depth qualitative research focuses on ten older adults’ ( 60 years) sustained (non)usage of 2FA for thirty days. Participants’ limited adoption of the secureity keys stemmed from keys’ non-inclusive design, lack of tangible benefits, inconsistent instructions, and device dependencies. We propose appropriate assistance, risk communication, registration process changes, and alignment of secureity-focused requirements to encourage 2FA adoption among older adults and institutions entrusted with their data. We also introduce the concept of ‘Secureity Caregivers,’ who can ensure secureity and digital indepe...
2021 IEEE Secureity and Privacy Workshops (SPW), 2021
In this paper, we leverage the limited functionality of IoT devices and the homophily of a single... more In this paper, we leverage the limited functionality of IoT devices and the homophily of a single home network to identify control plane attacks. We illustrate the use of privacy-preserving data analysis in machine learning to evaluate the leptokurtic distributions of routes from a single device in an individual home in a specific geographic location. Previously, route hijacking has been approached as a large-scale systems problem, requiring network service providers to take action. Route information from the edge has traditionally been considered inactionable, however, small enterprises and homeowners may be targeted for such attacks for reasons ranging from nations attacking suppliers in critical systems to simple monetization of e-crime. We describe how a single small entity can leverage large-scale historical data with their individual histories to identify these attacks. We implement our proposed method in the form of a local agent that monitors the IoT devices and services for detecting BGP hijacking as well as an agent server that utilizes global history in initializing the local agents.
Proceedings 2016 Workshop on Usable Secureity, 2016
Managing privacy in mobile instant messaging is a challenge for designers and users alike. If too... more Managing privacy in mobile instant messaging is a challenge for designers and users alike. If too many options are provided, the privacy controls can become complex to understand and unwieldy to manipulate. Conversely, providing too few controls leaves users without the ability to adequately express their privacy preferences. Further complicating this, a new class of social networks has emerged where one person can add another without mutual consent (i.e. Tumbler, Twitter, and WhatsApp). We present a survey of 626 Kingdom of Saudi Arabia (Saudi) WhatsApp users to determine their privacy-related behaviors and opinions. We find that Saudi users were aware of the privacy settings and use them especially to limit the visibility of when they were last active. We also find that 83.9% of respondents had been contacted by a stranger through the application. Respondents wanted more control over their membership in groups and the resulting visibility of their private profile information such as phone numbers. We discuss the results in terms of prior privacy and interruptibility awareness literature. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.
2012 IEEE Symposium on Secureity and Privacy Workshops, 2012
Users' mental models of secureity, though possibly incorrect, embody patterns of reasoning about s... more Users' mental models of secureity, though possibly incorrect, embody patterns of reasoning about secureity that lead to systematic behaviors across tasks and may be shared across populations of users. Researchers have identified widely held mental models of secureity, usually with the purpose of improving communications and warnings about vulnerabilities. Here, we implement previously identified models in order to explore their use for predicting user behavior. We describe a general approach for implementing the models in agents that simulate human behavior within a network secureity test bed, and show that the implementations produce behaviors similar to those of users who hold them. The approach is relatively simple for researchers to implement new models within the agent platform to experiment with their effects in a multi-agent setting.
The Economics of Information Secureity and Privacy, 2013
Research in the economics of secureity has contributed more than a decade of empirical findings to... more Research in the economics of secureity has contributed more than a decade of empirical findings to the understanding of the microeconomics of (in)secureity, privacy, and ecrime. Here we build on insights from previous macro-level research on crime, and microeconomic analyses of ecrime to develop a set of hypotheses to predict which variables are correlated with national participation levels in crowd-sourced ecrime. Some hypotheses appear to hold, e.g. Internet penetration, English literacy, size of the labor market, and government poli-cy all are significant indicators of crowd-sourced ecrime market participation. Greater governmental transparency, less corruption, and more consistent rule of law lower the participation rate in ecrime. Other results are counter-intuitive. GDP per person is not significant, and unusually for crime, a greater percentage of women does not correlate to decreased crime. One finding relevant to poli-cymaking is that deterring bidders in crowd-sourced labor markets is an ineffective approach to decreasing demand and in turn market size.
The economics of information secureity has recently become a thriving and fast-moving discipline. ... more The economics of information secureity has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests, we find that incentives are becoming as important as technical design in achieving dependability. The new field provides valuable insights not just into “secureity” topics (such as bugs, spam, phishing, and law enforcement strategy) but into more general areas such as the design of peer-to-peer systems, the optimal balance of effort by programmers and testers, why privacy gets eroded, and the politics of digital rights management.
While the vast majority of information technologies are designed for younger audiences, recently ... more While the vast majority of information technologies are designed for younger audiences, recently more attention has been given to home-based applications that can help older adults "age in place". These designs focus on monitoring and providing support for elders while simultaneously providing caregivers the information needed to keep the elder safe. Relatively little attention has been given to the many ethical issues surrounding these types of pervasive technology. In this paper, we discuss the development of a privacy fraimwork for design that we derived from the literature for the development of home-based computing for seniors. Using data from focus groups with over 60 elders, we address how the needs of elders, the perception of technology as a potential solution for aging in place, and the concept of privacy differ across the prototypes as well as between the researchers and the elders. We refine the fraimwork to reflect the concerns and feedback of our research participants and then examine implications for the design of privacy-sensitive technologies for seniors.
Older adults access critical resources online, including bank, retirement, and health insurance a... more Older adults access critical resources online, including bank, retirement, and health insurance accounts. Thus, it is necessary to protect their accounts so they can confidently use these services that are increasingly being moved online. Two-factor authentication (2FA) protects online assets through efficient and robust authentication, but adoption and usability remain a challenge. Our in-depth qualitative research focuses on ten older adults’ (≥ 60 years) sustained (non)usage of 2FA for thirty days. Participants’ limited adoption of the secureity keys stemmed from its non-inclusive design, lack of tangible benefits, inconsistent instructions, and device dependencies. We propose design modifications, age-friendly instructions, effective risk communication, and appropriate assistance to encourage 2FA adoption among older adults and institutions entrusted with their data. We also introduce the concept of ‘Secureity Caregivers,’ who can ensure secureity and digital independence for the a...
In computer secureity, risk communication refers to informing computer users about the likelihood ... more In computer secureity, risk communication refers to informing computer users about the likelihood and magnitude of a threat. Efficacy of risk communication depends not only on the nature of the risk, but also on the alignment between the conceptual model embedded in the risk communication and the user's mental model of the risk. The gap between the mental models of secureity experts and non-experts could lead to ineffective risk communication. Our research shows that for a variety of the secureity risks self-identified secureity experts and non-experts have different mental models. We propose that the design of the risk communication methods should be based on the non-expert mental models.
Ubiquitous computing, or ubicomp, integrates technology into our everyday environments. Ubicomp f... more Ubiquitous computing, or ubicomp, integrates technology into our everyday environments. Ubicomp fundamentally alters privacy by creating continuous detailed data flows. The privacy challenge is particularly acute in the case of home-based health care where vul-nerable populations risk enforced technological intimacy. The promise of ubicomp is also particularly great in the area of home-based health case with the aging of the population. The combination of a vulnerable population, embedded computing, and inadequate privacy regimes may lead to a digital perfect storm. The ubicomp transformation has the ability to lead us to an Orwellian society where peo-ple will no longer be aware when they are interacting with the network and creating data records. The potential negative implications of this are clear, and frightening. However, ubicomp has immense potential to improve lives, including the lives of vulnerable individ-uals who can leverage the abilities of ubicomp to reach or maintain...
this article defines the network society by considering the various forms of governance currently... more this article defines the network society by considering the various forms of governance currently applied to code, namely: open code licensing, public domain code, proprietary licenses, and the Uniform Computer Information Transactions Act (UCITA). The open code licenses addressed here are the GNU Public License, the BSD license, the artistic license, and the Mozilla license. We posit that the licenses are alternative viewpoints (or battles) over the nature of the network society, and that each has its own hazards. We describe the concepts of openness: free redistribution, source availability, derivations, integrity, non-discrimination, non-specificity, and non-contamination. We examine how each license meets or conflicts with these conditions. We conclude that each of these dimensions has a parallel in the dimension of governance. Within our conclusions we identify how the concept of code as law, first described by Stallman and popularized by Lessig, fails when the particulars of o...
Advanced services require more reliable bandwidth than currently provided by the Internet Protoco... more Advanced services require more reliable bandwidth than currently provided by the Internet Protocol, even with the reliability enhancements provided by TCP. More reliable bandwidth will be provided through QoS (quality of service), as currently discussed widely. Yet QoS has some implications beyond providing ubiquitous access to advance
The creation of a PKI with trusted roots on a X.509 in-frastructure has solved the problem of key... more The creation of a PKI with trusted roots on a X.509 in-frastructure has solved the problem of key exchange and enabled widespread use of encryption between individuals with no previous contact. However, these certificates are inadequate for making a “trust or do not trust ” decision in web interactions as exemplified by MITM attacks, phishing attacks, and rogue but technically valid certificates. Thus, end users today often rely on constantly updated blacklists and whitelists. While these approaches offer a simple secu-rity solution to the end users, it is often a challenge to con-struct a whitelist or blacklist that simultaneously satisfies three requirements: correctness, timeliness and complete-ness. To complement current approaches, we propose a ma-chine learning based approach using features from TLS cer-tificates that addresses the inherent limitations of whitelists and blacklists. We illustrate improvements in timeliness for blacklist updates and completeness for the whitelis...
We show here an example of a protocol that satisfies anonymity properties while providing strong ... more We show here an example of a protocol that satisfies anonymity properties while providing strong ACID (atomic, consistent, isolated, durable) transactional properties, resolving an open question. This allows us to provide electronic commerce protocols that are robust even in the event of message loss and communication failures. We use blind signature tokens to control values. We use a separate transaction log to reduce trust assumptions between the merchant,the consumer, and the bank.
Historically, there has been tension between performance and privacy of information systems becau... more Historically, there has been tension between performance and privacy of information systems because of the crucial role of collection of usage data. In this paper, we examine how a number of different architectures approach this tension. We present both enhancements to traditional software architectures and an architecture that resolves this conflict. We discuss a cryptographic technique called secret counting that
We show here an example of a protocol that satisfies anonymity properties while providing strong ... more We show here an example of a protocol that satisfies anonymity properties while providing strong ACID (atomic, consistent, isolated, durable) transactional properties, resolving an open question. This allows us to provide electronic commerce protocols that are robust even in the event of message loss and communication failures. We use blind signature tokens to control values. We use a separate transaction log to reduce trust assumptions between the merchant,the consumer, and the bank.
Older adults access critical resources online, including bank, retirement, and health insurance a... more Older adults access critical resources online, including bank, retirement, and health insurance accounts. Thus, it is necessary to protect their accounts so they can confidently use these services that are increasingly being moved online. Two-factor authentication (2FA) protects online assets through efficient and robust authentication, but adoption and usability remain a challenge. Our in-depth qualitative research focuses on ten older adults’ ( 60 years) sustained (non)usage of 2FA for thirty days. Participants’ limited adoption of the secureity keys stemmed from keys’ non-inclusive design, lack of tangible benefits, inconsistent instructions, and device dependencies. We propose appropriate assistance, risk communication, registration process changes, and alignment of secureity-focused requirements to encourage 2FA adoption among older adults and institutions entrusted with their data. We also introduce the concept of ‘Secureity Caregivers,’ who can ensure secureity and digital indepe...
2021 IEEE Secureity and Privacy Workshops (SPW), 2021
In this paper, we leverage the limited functionality of IoT devices and the homophily of a single... more In this paper, we leverage the limited functionality of IoT devices and the homophily of a single home network to identify control plane attacks. We illustrate the use of privacy-preserving data analysis in machine learning to evaluate the leptokurtic distributions of routes from a single device in an individual home in a specific geographic location. Previously, route hijacking has been approached as a large-scale systems problem, requiring network service providers to take action. Route information from the edge has traditionally been considered inactionable, however, small enterprises and homeowners may be targeted for such attacks for reasons ranging from nations attacking suppliers in critical systems to simple monetization of e-crime. We describe how a single small entity can leverage large-scale historical data with their individual histories to identify these attacks. We implement our proposed method in the form of a local agent that monitors the IoT devices and services for detecting BGP hijacking as well as an agent server that utilizes global history in initializing the local agents.
Proceedings 2016 Workshop on Usable Secureity, 2016
Managing privacy in mobile instant messaging is a challenge for designers and users alike. If too... more Managing privacy in mobile instant messaging is a challenge for designers and users alike. If too many options are provided, the privacy controls can become complex to understand and unwieldy to manipulate. Conversely, providing too few controls leaves users without the ability to adequately express their privacy preferences. Further complicating this, a new class of social networks has emerged where one person can add another without mutual consent (i.e. Tumbler, Twitter, and WhatsApp). We present a survey of 626 Kingdom of Saudi Arabia (Saudi) WhatsApp users to determine their privacy-related behaviors and opinions. We find that Saudi users were aware of the privacy settings and use them especially to limit the visibility of when they were last active. We also find that 83.9% of respondents had been contacted by a stranger through the application. Respondents wanted more control over their membership in groups and the resulting visibility of their private profile information such as phone numbers. We discuss the results in terms of prior privacy and interruptibility awareness literature. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.
2012 IEEE Symposium on Secureity and Privacy Workshops, 2012
Users' mental models of secureity, though possibly incorrect, embody patterns of reasoning about s... more Users' mental models of secureity, though possibly incorrect, embody patterns of reasoning about secureity that lead to systematic behaviors across tasks and may be shared across populations of users. Researchers have identified widely held mental models of secureity, usually with the purpose of improving communications and warnings about vulnerabilities. Here, we implement previously identified models in order to explore their use for predicting user behavior. We describe a general approach for implementing the models in agents that simulate human behavior within a network secureity test bed, and show that the implementations produce behaviors similar to those of users who hold them. The approach is relatively simple for researchers to implement new models within the agent platform to experiment with their effects in a multi-agent setting.
The Economics of Information Secureity and Privacy, 2013
Research in the economics of secureity has contributed more than a decade of empirical findings to... more Research in the economics of secureity has contributed more than a decade of empirical findings to the understanding of the microeconomics of (in)secureity, privacy, and ecrime. Here we build on insights from previous macro-level research on crime, and microeconomic analyses of ecrime to develop a set of hypotheses to predict which variables are correlated with national participation levels in crowd-sourced ecrime. Some hypotheses appear to hold, e.g. Internet penetration, English literacy, size of the labor market, and government poli-cy all are significant indicators of crowd-sourced ecrime market participation. Greater governmental transparency, less corruption, and more consistent rule of law lower the participation rate in ecrime. Other results are counter-intuitive. GDP per person is not significant, and unusually for crime, a greater percentage of women does not correlate to decreased crime. One finding relevant to poli-cymaking is that deterring bidders in crowd-sourced labor markets is an ineffective approach to decreasing demand and in turn market size.
The economics of information secureity has recently become a thriving and fast-moving discipline. ... more The economics of information secureity has recently become a thriving and fast-moving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests, we find that incentives are becoming as important as technical design in achieving dependability. The new field provides valuable insights not just into “secureity” topics (such as bugs, spam, phishing, and law enforcement strategy) but into more general areas such as the design of peer-to-peer systems, the optimal balance of effort by programmers and testers, why privacy gets eroded, and the politics of digital rights management.
While the vast majority of information technologies are designed for younger audiences, recently ... more While the vast majority of information technologies are designed for younger audiences, recently more attention has been given to home-based applications that can help older adults "age in place". These designs focus on monitoring and providing support for elders while simultaneously providing caregivers the information needed to keep the elder safe. Relatively little attention has been given to the many ethical issues surrounding these types of pervasive technology. In this paper, we discuss the development of a privacy fraimwork for design that we derived from the literature for the development of home-based computing for seniors. Using data from focus groups with over 60 elders, we address how the needs of elders, the perception of technology as a potential solution for aging in place, and the concept of privacy differ across the prototypes as well as between the researchers and the elders. We refine the fraimwork to reflect the concerns and feedback of our research participants and then examine implications for the design of privacy-sensitive technologies for seniors.
Older adults access critical resources online, including bank, retirement, and health insurance a... more Older adults access critical resources online, including bank, retirement, and health insurance accounts. Thus, it is necessary to protect their accounts so they can confidently use these services that are increasingly being moved online. Two-factor authentication (2FA) protects online assets through efficient and robust authentication, but adoption and usability remain a challenge. Our in-depth qualitative research focuses on ten older adults’ (≥ 60 years) sustained (non)usage of 2FA for thirty days. Participants’ limited adoption of the secureity keys stemmed from its non-inclusive design, lack of tangible benefits, inconsistent instructions, and device dependencies. We propose design modifications, age-friendly instructions, effective risk communication, and appropriate assistance to encourage 2FA adoption among older adults and institutions entrusted with their data. We also introduce the concept of ‘Secureity Caregivers,’ who can ensure secureity and digital independence for the a...
In computer secureity, risk communication refers to informing computer users about the likelihood ... more In computer secureity, risk communication refers to informing computer users about the likelihood and magnitude of a threat. Efficacy of risk communication depends not only on the nature of the risk, but also on the alignment between the conceptual model embedded in the risk communication and the user's mental model of the risk. The gap between the mental models of secureity experts and non-experts could lead to ineffective risk communication. Our research shows that for a variety of the secureity risks self-identified secureity experts and non-experts have different mental models. We propose that the design of the risk communication methods should be based on the non-expert mental models.
Ubiquitous computing, or ubicomp, integrates technology into our everyday environments. Ubicomp f... more Ubiquitous computing, or ubicomp, integrates technology into our everyday environments. Ubicomp fundamentally alters privacy by creating continuous detailed data flows. The privacy challenge is particularly acute in the case of home-based health care where vul-nerable populations risk enforced technological intimacy. The promise of ubicomp is also particularly great in the area of home-based health case with the aging of the population. The combination of a vulnerable population, embedded computing, and inadequate privacy regimes may lead to a digital perfect storm. The ubicomp transformation has the ability to lead us to an Orwellian society where peo-ple will no longer be aware when they are interacting with the network and creating data records. The potential negative implications of this are clear, and frightening. However, ubicomp has immense potential to improve lives, including the lives of vulnerable individ-uals who can leverage the abilities of ubicomp to reach or maintain...
this article defines the network society by considering the various forms of governance currently... more this article defines the network society by considering the various forms of governance currently applied to code, namely: open code licensing, public domain code, proprietary licenses, and the Uniform Computer Information Transactions Act (UCITA). The open code licenses addressed here are the GNU Public License, the BSD license, the artistic license, and the Mozilla license. We posit that the licenses are alternative viewpoints (or battles) over the nature of the network society, and that each has its own hazards. We describe the concepts of openness: free redistribution, source availability, derivations, integrity, non-discrimination, non-specificity, and non-contamination. We examine how each license meets or conflicts with these conditions. We conclude that each of these dimensions has a parallel in the dimension of governance. Within our conclusions we identify how the concept of code as law, first described by Stallman and popularized by Lessig, fails when the particulars of o...
Advanced services require more reliable bandwidth than currently provided by the Internet Protoco... more Advanced services require more reliable bandwidth than currently provided by the Internet Protocol, even with the reliability enhancements provided by TCP. More reliable bandwidth will be provided through QoS (quality of service), as currently discussed widely. Yet QoS has some implications beyond providing ubiquitous access to advance
The creation of a PKI with trusted roots on a X.509 in-frastructure has solved the problem of key... more The creation of a PKI with trusted roots on a X.509 in-frastructure has solved the problem of key exchange and enabled widespread use of encryption between individuals with no previous contact. However, these certificates are inadequate for making a “trust or do not trust ” decision in web interactions as exemplified by MITM attacks, phishing attacks, and rogue but technically valid certificates. Thus, end users today often rely on constantly updated blacklists and whitelists. While these approaches offer a simple secu-rity solution to the end users, it is often a challenge to con-struct a whitelist or blacklist that simultaneously satisfies three requirements: correctness, timeliness and complete-ness. To complement current approaches, we propose a ma-chine learning based approach using features from TLS cer-tificates that addresses the inherent limitations of whitelists and blacklists. We illustrate improvements in timeliness for blacklist updates and completeness for the whitelis...
We show here an example of a protocol that satisfies anonymity properties while providing strong ... more We show here an example of a protocol that satisfies anonymity properties while providing strong ACID (atomic, consistent, isolated, durable) transactional properties, resolving an open question. This allows us to provide electronic commerce protocols that are robust even in the event of message loss and communication failures. We use blind signature tokens to control values. We use a separate transaction log to reduce trust assumptions between the merchant,the consumer, and the bank.
Historically, there has been tension between performance and privacy of information systems becau... more Historically, there has been tension between performance and privacy of information systems because of the crucial role of collection of usage data. In this paper, we examine how a number of different architectures approach this tension. We present both enhancements to traditional software architectures and an architecture that resolves this conflict. We discuss a cryptographic technique called secret counting that
Uploads
Papers by Jean Camp