I enjoy studying how people use technology and coming up with novel ways to solve problems that matter to people. While until recently I focused more on solving problems using technologies, now I am switching attention more towards understanding the threats of these technologies on the user’s privacy and security with the aim to solve these problems before they become ubiquitous.
Imagine typing a private message on your keyboard before leaving it unattended for a few minutes. During that time, someone comes in and uses a thermal camera (which they got online for <£150) to take a thermal image of your keyboard. The resulting thermal image could potentially reveal both the keys that you touched and the order in which they were touched. This happens because when humans touch objects, heat is transferred from their body to said objects resulting in “heat traces”. These heat traces decay over time to indicate the order of entries.
The aims of this project are to investigate the privacy and security risks caused by thermal imaging and develop and evaluate methods to resist them. The project will produce empirical findings that tell us which situations users are vulnerable to thermal attacks the most, datasets and practical recommendations to help us build resistance methods, and material to raise awareness of thermal attacks to be presented to relevant industry and government bodies such as Police Scotland, NCSC, NCR, and others.
Adding value to Scotland
One of the global challenges that are facing humanity in the 21st century is privacy implications of the ubiquitous sensors and technologies that have woven themselves into the fabric of our daily lives. While these technologies bring a myriad of benefits to their users, they can also be used maliciously against others’ privacy as illustrated using the thermal camera example. This research contributes to the National Outcomes by respecting and protecting the human right of privacy. Article 8 of 1998’s Human Rights Act states “Everyone has the right to respect for his private and family life, his home and his correspondence”. Preserving privacy (e.g., medical records, personal information) despite the advent of thermal imaging is a human right.
In terms of the economy, security attacks cost every UK business/charity £4,180/£9,470 on average every year; a 41% increase since 2017 [1]. Being cheap and easy to perform, thermal attacks could amplify these costs. The planned impact activities will encourage exploitation of project outcomes (e.g., through a knowledge exchange workshop) to enhance the community’s understanding of and ability to overcome thermal attacks. This could reduce potential costs of security attacks.
The sabbatical research grant is an ideal opportunity to focus exclusively on research and develop one’s career and research profile. This allowed me to accelerate my research, invest more time in my career development, and expand my network to many relevant Scottish bodies such as Police Scotland, SBRC and CENSIS.
Advice for future grant recipients
My advice to future grant recipients: the sabbatical research grant is an excellent opportunity to springboard your academic profile. Use that time wisely to accelerate your research, impact (e.g., making connections, organizing impact activities) and career development. I also recommend actively seeking junior academics and encouraging them to apply for the replacement post should you receive the grant – this will help you avoid possible delays and may create a new connection.
My advice to applicants: the proposal has to be novel and provides value to Scotland that is inline with the Scottish National Outcomes. Try to be as specific as possible when planning the budget and plan for impact activities as a core part of your proposal.
My advice to early career researchers: make plans on how to build over the work proposed for the sabbatical research grant.
What’s next?
The information gained from this award will be used to:
- Improve the research communities’ understanding of this threat and how it can be resisted,
- Create tools for resisting thermal attacks, and
- Improve the social welfare and national security by protecting the human right of privacy. The outcomes of this project will underpin and shape a larger research project focusing on the security implications of ubiquitous cameras.
This work will produce strong publications and create pathways to real world impact. This will put me at the forefront of the field and also support my case for promotion to Senior Lecturer/Reader. With the support of the existing and newly formed partnerships, I aim to influence policy and standards for user interfaces to mitigate the negative impacts of thermal imaging.
While this project focused exclusively on thermal imaging, I plan to research further the privacy and security implications of ubiquitous technologies and develop AI-driven methods to counteract them. My research vision is to ensure that ubiquitous technologies that surround us are secure and privacy-aware. I aim to lead a world class research group at the intersection of Human-Computer Interaction and Security that works towards this vision.
