CrowdSec: Crowdsourcing Security

Maintaining the security of one’s systems and devices in a way that ensures the right balance between functionality, security, and convenience remains complicated for most people. For example, people are routinely asked by their systems whether to accept a security certificate, install an application, heed security warnings, or reconfigure operating-system security settings. While these examples represent situations in which people regularly find themselves, people rarely have any basis to make an informed decision or to establish one conveniently. This research examines the concept of ‘crowdsourced security’ where the solution lies in people leveraging members of their community to secure their systems and devices.

The primary goal of this research is to determine the potential of crowdsourcing as a complementary strategy for enhancing security. An example challenge addressed in this research pertains to the security of one’s personal data. Specifically the research seeks to develop security mechanisms that can exploit naturally occurring social relationships and utilize ‘human computation’ to shift the burden of security via authentication from machines to humans. Within this framework, the research investigates both questions about the technical effectiveness of crowdsourced security solutions, as well as socio-behavioral questions about users’ preferences, motivations, and privacy concerns about such systems. This research will benefit society by producing a deeper understanding of how systems can be better secured through human participation and collaboration, moving beyond the status quo of current security mechanisms.

People

Faculty
Apu Kapadia, Indiana University
Kelly Caine, Clemson University
Mike Reiter, University of North Carolina at Chapel Hill

PhD Students
Alana Libonati, University of North Carolina at Chapel Hill
Qatrunnada Ismail, Indiana University
Tousif Ahmed, Indiana University

Publications

Vaibhav Garg, Sameer Patil, Apu Kapadia, and L. Jean Camp,
Peer-produced Privacy Protection,”
In Proceedings of the IEEE International Symposium on Technology and Society (ISTAS ’13),
pp. 147–154, Toronto, Canada, June 27–29, 2013.
(bibtex)(ieee)

Zheng Dong, Vaibhav Garg, Jean Camp, and Apu Kapadia,
Pools, Clubs and Security: Designing for a Party Not a Person,”
In Proceedings of The New Security Paradigms Workshop (NSPW ’12),
pp. 77–86, Bertinoro, Italy, September 19–21, 2012.
(bibtex)(acm)

Acknowledgment

This material is based upon work supported by the National Science Foundation under Grant Nos. 1228364 and 1228471. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.