Janne Lindqvist

I'm the mayor of my house: examining why people use foursquare - a social-driven location sharing application

There have been many location sharing systems developed over the past two decades, and only recently have they started to be adopted by consumers. In this paper, we present the results of three studies focusing on the foursquare check-in system. We conducted interviews and two surveys to understand, both qualitatively and quantitatively, how and why people use location sharing applications, as well as how they manage their privacy. We also document surprising uses of foursquare, and discuss implications for design of mobile social services.

The motivations and experiences of the on-demand mobile workforce

On-demand mobile workforce applications match physical world tasks and willing workers. These systems offer to help conserve resources, streamline courses of action, and increase market efficiency for micro- and mid-level tasks, from verifying the existence of a pothole to walking a neighbors dog. This study reports on the motivations and experiences of individuals who regularly complete physical world tasks posted in on-demand mobile workforce marketplaces. Data collection included semi-structured interviews with members (workers) of two different services. The analysis revealed the main drivers for participating in an on-demand mobile workforce, including desires for monetary compensation and control over schedules and task selection. We also reveal main reasons for task selection, which involve situational factors, convenient physical locations, and task requester profile information. Finally, we discuss the key characteristics of the most worthwhile tasks and offer implications for novel crowdsourcing systems for physical world tasks.

Video: User-generated free-form gestures for authentication: security and memorability

This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication.

Distinguishing users with capacitive touch communication

As we are surrounded by an ever-larger variety of post-PC devices, the traditional methods for identifying and authenticating users have become cumbersome and time-consuming. In this paper, we present a capacitive communication method through which a device can recognize who is interacting with it. This method exploits the capacitive touchscreens, which are now used in laptops, phones, and tablets, as a signal receiver. The signal that identifies the user can be generated by a small transmitter embedded into a ring, watch, or other artifact carried on the human body. We explore two example system designs with a low-power continuous transmitter that communicates through the skin and a signet ring that needs to be touched to the screen. Experiments with our prototype transmitter and tablet receiver show that capacitive communication through a touchscreen is possible, even without hardware or firmware modifications on a receiver. This latter approach imposes severe limits on the data rate, but the rate is sufficient for differentiating users in multiplayer tablet games or parental control applications. Controlled experiments with a signal generator also indicate that future designs may be able to achieve datarates that are useful for providing less obtrusive authentication with similar assurance as PIN codes or swipe patterns commonly used on smartphones today.

Caché: caching location-enhanced content to improve user privacy

We present the design, implementation, and evaluation of Caché, a system that offers location privacy for certain classes of location-based applications. The core idea in Caché is to periodically pre-fetch potentially useful location-enhanced content well in advance. Applications then retrieve content from a local cache on the mobile device when it is needed. This approach allows an end-user to make use of location-enhanced content while only revealing to third-party content providers a large geographic region rather than a precise location. In this paper, we present an analysis that examines tradeoffs in terms of storage, bandwidth, and freshness of data. We then discuss the design and implementation of an Android service embodying these ideas. Finally, we provide two evaluations of Caché. One measures the performance of our approach with respect to privacy and mobile content availability using real-world mobility traces. The other focuses on our experiences using Caché to enhance user privacy in three open source Android applications.

Undistracted driving: a mobile phone that doesn't distract

Distracted driving is a major problem that leads to unnecessary accidents and human casualties everywhere in the world. The ubiquity of mobile phones is one cause of distracted driving. In United States alone, operating mobile phones while driving has been cited as a factor in crashes that have led to 995 deaths and 24,000 injuries in 2009. To mitigate the problem of distracted driving caused by mobile phones, we propose using context-awareness to implement burden-shifting, time-shifting, and activity-based sharing. Although the first two concepts have been introduced before in the research literature and the latter two are novel, none of these concepts have yet been explored in the context of mobile phones and driving. We present our initial interaction designs for these concepts on the Android platform.

Engineering Gesture-Based Authentication Systems

Gestures are a topic of increasing interest in authentication, but successfully implementing them as a security layer requires reliable gesture recognition. So far, much work focuses on new ways to recognize gestures, leaving discussion on the viability of recognition in an authentication scheme to the background. Its as yet unclear how gesture recognition should be deployed for practical and robust real-world authentication. In this article, the authors analyze the effectiveness of different approaches to recognizing gestures and the potential for use in secure gesture-based authentication systems. This article is part of a special issue on privacy and security.

Elastic pathing: your speed is enough to track you

Today, people have the opportunity to opt-in to usage-based automotive insurances for reduced premiums by allowing companies to monitor their driving behavior. Several companies claim to measure only speed data to preserve privacy. With our elastic pathing algorithm, we show that drivers can be tracked by merely collecting their speed data and knowing their home location, which insurance companies do, with an accuracy that constitutes privacy intrusion. To demonstrate the algorithms real-world applicability, we evaluated its performance with datasets from central New Jersey and Seattle, Washington, representing suburban and urban areas. Our algorithm predicted destinations with error within 250 meters for 14% traces and within 500 meters for 24% traces in the New Jersey dataset (254 traces). For the Seattle dataset (691 traces), we similarly predicted destinations with error within 250 and 500 meters for 13% and 26% of the traces respectively. Our work shows that these insurance schemes enable a substantial breach of privacy.

Machine to machine communication in cellular networks

Packet switched cellular networks offer significant cost and capacity utilization benefits for machine to machine (M2M) communications. However, the current cellular systems facilitate that communications must be initiated by the mobile station, as the architecture lacks needed monitoring and controlling functions. This study presents an architecture that offers an operator based solution for the management of M2M communications in an operator network. The management interface of this system is implemented by using the SIP protocol and its messaging and presence extensions. The prototype implementation is tested and found to be functional but limited in terms of scalability and denial of service vulnerability. Suggestions are presented in order to rectify these issues

Whose move is it anyway? Authenticating smart wearable devices using unique head movement patterns

In this paper, we present the design, implementation and evaluation of a user authentication system, Headbanger, for smart head-worn devices, through monitoring the users unique head-movement patterns in response to an external audio stimulus. Compared to todays solutions, which primarily rely on indirect authentication mechanisms via the users smartphone, thus cumbersome and susceptible to adversary intrusions, the proposed head-movement based authentication provides an accurate, robust, light-weight and convenient solution. Through extensive experimental evaluation with 95 participants, we show that our mechanism can accurately authenticate users with an average true acceptance rate of 95.57% while keeping the average false acceptance rate of 4.43%. We also show that even simple head-movement patterns are robust against imitation attacks. Finally, we demonstrate our authentication algorithm is rather light-weight: the overall processing latency on Google Glass is around 1.9 seconds.