Indiana University Bloomington

Welcome

IMG_7278.jpg IMG_7278 (1)

The Privacy Lab is led by Prof. Apu Kapadia in the School of Informatics and Computing at Indiana University. Our goal is to advance research in online privacy, mobile security, and peer-to-peer systems. For an overview of our research, see our Research Projects and Publications pages. Visit the People page to see the faces behind our research.

Google Research Award!

Photos by Narrative and Google

Photos by Narrative and Google

PIs Kapadia and Crandall have received a 2014 Google Research Award for their research on privacy  in the context of ‘lifelogging’ wearable cameras. We expect that these wearable cameras (see the Narrative Clip and the Autographer in addition to Google Glass) will become commonplace within the next few years, regularly capturing photos to record a first-person perspective of the wearer’s life.  The goal of this project is to investigate and build automatic algorithms to organize images from lifelogging cameras, using a combination of computer vision and analysis of sensor data (like GPS, WiFi, accelerometers, etc.), thus empowering users to efficiently manage and share these images in a way that protects their privacy.  As a first step, we proposed PlaceAvoider, an approach for recognizing (and avoiding) sensitive spaces within images. Read an article about this work by the MIT Technology Review. Read more about our project here.

Our Work on Exposure Feedback to Appear at CHI 2014

Study1Screen2NoOwing to the ever-expanding size of social and professional networks, it is becoming cumbersome for individuals to configure information disclosure settings. We used location sharing systems to unpack the nature of discrepancies between a person’s disclosure settings and contextual choices. We conducted an experience sampling study (N = 35) to examine various factors contributing to such divergence. We found that immediate feedback about disclosures without any ability to control the disclosures evoked feelings of oversharing. Moreover, deviation from specified settings did not always signal privacy violation; it was just as likely that settings prevented information disclosure considered permissible in situ. We suggest making feedback more actionable or delaying it sufficiently to avoid a knee-jerk reaction. Our findings also make the case for proactive techniques for detecting potential mismatches and recommending adjustments to disclosure settings, as well as selective control when sharing location with socially distant recipients and visiting atypical locations.

Our paper will appear at CHI 2014. Read more about our Exposure project.

PlaceAvoider to Appear at NDSS 2014: Privacy in the Age of First-Person Cameras

Photos by Narrative and Google

Photos by Narrative and Google

A new generation of wearable devices (such as Google Glass and the Narrative Clip) will soon make ‘first-person’ cameras nearly ubiquitous, capturing vast amounts of imagery without deliberate human action. ‘Lifelogging’ devices and applications will record and share images from people’s daily lives with their social networks.

We introduce PlaceAvoider, a technique for owners of first-person cameras to ‘blacklist’ sensitive spaces (like bathrooms and bedrooms). PlaceAvoider recognizes images captured in these spaces and flags them for review before the images are made available to applications. PlaceAvoider performs novel image analysis using both fine-grained image features (like specific objects) and coarse-grained, scene-level features (like colors and textures) to classify where a photo was taken.

Our paper will appear at NDSS 2014. Read more about our ‘Vision for Privacy‘ project.

PETools: Workshop on Privacy Enhancing Tools (July 9)

Indiana University hosted the interactive and thought-provoking PETools workshop, chaired by Prof. Apu Kapadia and held in conjunction with PETS 2013. The goal of this workshop was to discuss the design of privacy tools aimed at real-world deployments. This workshop brought together privacy practitioners and researchers with the aim to spark dialog and collaboration between these communities. We thank the authors and attendees for a successful workshop! Please check out the program (with links to the abstracts)!

Apu Kapadia Receives NSF CAREER Award

apu-portrait-fullProf. Apu Kapadia’s award from the National Science Foundation (NSF) is titled CAREER: Sensible Privacy: Pragmatic Privacy Controls in an Era of Sensor-Enabled Computing. From the press release: Kapadia will receive $550,887 over the next five years to advance his work in security and privacy in pervasive and mobile computing. Kapadia’s grant will allow him to pursue development of reactive privacy mechanisms that he said could have a profound and positive societal impact by not only helping people control their privacy, but also potentially increasing their participation in sensor-enabled computing. ”People need only care about the subset of data and usage scenarios that have the potential to violate their privacy, and this reduces the amount of data to which they must regulate access,” he said. “And people make better decisions concerning such access when these decisions are made in a context where they know how their data is being used.”

PlaceRaider Presented at NDSS 2013

We introduce PlaceRaider, a proof-of-concept mobile malware that exploits a smartphone’s camera and onboard sensors to reconstruct rich, 3D models of the victim’s indoor space using only opportunistically taken photos. Attackers can use these models to engage in remote reconnaissance and virtual theft of the victims’ environment. We substantiate this threat through human subject studies. Our paper was presented at the 20th Annual Network & Distributed System Security Symposium (NDSS) 2013. For more details, see the PlaceRaider project page.

FRSP Award: ‘Vision for Privacy’

Profs. David Crandall and Apu Kapadia have been awarded  $50K of seed funding through the Faculty Research Support Program (FRSP) for their project titled Vision for Privacy: Privacy-aware Crowd Sensing using Opportunistic ImageryA variety of powerful and potentially transformative `visual social sensing’ applications could be created by aggregating together data from cameras and sensors on smartphones and emerging technologies such as augmented reality glasses (e.g., by Google Project Glass). These applications, however,  raise major privacy concerns because of the large amount of potentially private data that could be captured. This project investigates techniques to provide guarantees on privacy in the context of such applications. For more details, see our project page.

Cachet Presented at CoNEXT 2012

We propose Cachet, a peer-to-peer social-network architecture that provides strong security and privacy guarantees. We leverage cryptographic techniques to protect the confidentiality of data, and design a hybrid structured-unstructured overlay paradigm where social contacts  act as trusted caches to help reduce the cryptographic as well as the communication overhead in the network. We presented our paper on Cachet at the 8th ACM International Conference on Emerging Networking Experiments and Technologies (CoNEXT) 2012. For more details, see the Cachet project page.

PERM Presented at CCS 2012

Some users may misbehave under the cover of anonymity by, e.g., defacing webpages on Wikipedia or posting vulgar comments on YouTube. To prevent such abuse, we have explored various anonymous credential schemes to revoke access for misbehaving users while maintaining their anonymity. Our latest scheme, PERM, supports millions of user sessions and makes ‘reputation-based blacklisting’ practical for large-scale deployments. Our paper on PERM was presented at the 19th ACM Conference on Computer and Communications Security. For more details see the accountable anonymity project page.