Bootstrapping Ubicomp - PowerPoint by 3gz600u


									Four Two Rants on Mobile Computing

                                Jason I. Hong
                                 Feb 20 2007
                    Carnegie Mellon University
         Intel Ultra-Mobile Devices Workshop
Two Rants on Mobile Computing
•   Text input is terrible
•   Facing new privacy and security risks

•   Cross-platform issues stifle wide-scale deployment
•   Conducting realistic user evaluations difficult
Rant #1 – Text Input is Terrible
•   Standard phones
    – Multi-tap, 8-20 wpm, world record 29 wpm
    – T9, ~20 wpm

•   Special hardware
    – Twiddler, ~26-47 wpm (training)

•   Pen
    – QWERTY, ~34 wpm
    – IBM SHARK (pen), 60-70 wpm

•   Stuck with ~20 wpm for near future
Rant #1 – Text Input is Terrible
•   Observation: don’t have to support generic text input
    – Support input for tasks that are common when mobile

•   inTouch
    – Leverage daily rhythms and real-time context
    – Improve group awareness and messaging

•   GurunGo
    – Use existing desktop web browsing activities
    – Improve information retrieval while on the go
inTouch: Mobile Group Coordination
•   Goal: Better coordination for small mobile groups
    – Contextual awareness
    – Contextual messaging
Project: InTouch

It’s 4:30pm and Mom is   inTouch checks her calendar
stuck in traffic         and sees she’s supposed to
                         pick up Cindy from ballet
 Project: InTouch

Mom’s phone senses that she is        Mom hits “send”, and Cindy sees
in a traffic jam, and automatically   that Mom is running late. Cindy
prepares a status message             decides to wait inside.
inTouch: Mobile Group Coordination
•   Using context to:
    – Select a message template
    – Fill in the blanks (like a MadLib)

•   When is contextual messaging useful?
    – Calendar alarms (“running late, will be there in <ETA>”)
    – Current activity (“I’m in a meeting, done at <time>”)
    – Daily rhythms (“Picked up kid ok” at 3PM)
    – Messages received (“Where r u?” -> “I am at <place>”)

•   Currently developing a working prototype
•   Goal: Make it easy to access useful information
    while mobile

•   Observation #1: People still tend to print out online
    maps, despite having mobile device. Why?
    – Found it via desktop, easier to print than to copy to mobile
    – Slow or expensive wireless connections
    – Inconvenient form factor on mobile device

•   Observation #2: People don’t do the same kind of
    web browsing on mobile phones as on desktops
    – Don’t have to support all information finding tasks,
      just ones more likely to be done when mobile
GurunGo Scenarios
•   Idea: Tie mobile more closely with desktop

•   You find an interesting product while browsing
    –   Use GurunGo to copy-and-paste to mobile
    –   Augments with product reviews
    –   Copies to mobile
    –   Kept until explicitly deleted

•   As you browse web on desktop:
    –   GurunGo scans HTML for maps
    –   Generates speech-based directions
    –   Copies to mobile
    –   Directions eventually discarded after given time
GurunGo Usage
•   Acquire
    – Let people explicitly copy-and-paste info to mobile
    – Let people implicitly copy info via regular web browsing
       • GurunGo scans pages seen for potentially useful stuff

•   Augment
    – Look for known data types, make mobile data more useful
    – Ex. Augment maps with speech-based directions
•   Copy (to mobile in the background)
•   Browse
    – Organize data based on common data types
    – Street addresses, product comparisons, phone #s
GurunGo: Speech-based Directions
Nice Features of GurunGo
•   Reduces number of clicks to get to useful information
    – Can support specific information finding tasks while mobile
    – Currently: Directions, products
    – Future: Movies, phone #s, dates and times, recent emails

•   Works even if you don’t have wide-area wireless
    – Works disconnected (no network or don’t want to pay)
    – Only needs personal area network (Bluetooth)
Rant #2: New Privacy and Security Risks

•   Mobile devices becoming intimate part of our lives
    –   Mobile communication
    –   Mobile e-commerce
    –   Sharing location information with others
    –   Unlock doors in home

•   Leads to lots of new risks
    – Mobile spyware (tracks location, already starting)
    – Steal and punch thru corporate firewalls
    – Device lost, embarrassment
User Controllable Privacy and Security

•   Goal: Make it easy for people to manage privacy
    and security policies for pervasive computing
    –   Simple UIs for specifying policies
    –   Clear notifications and explanations of what happened
    –   Better visualizations to summarize results
    –   Machine learning for learning preferences
    –   Start with small evaluations, continue with large-scale ones

•   Large multi-disciplinary team and project
    – Six faculty, 1.5 postdocs, six students
    – Supported by NSF, CMU CyLab
    – Roughly 1 year into project
Contextual Instant Messaging

•   Facilitate coordination and communication by letting
    people request contextual information via IM
    – Interruptibility (via SUBTLE toolkit)
    – Location (via Place Lab WiFi positioning)
    – Active window

•   Developed a custom client and robot on top of AIM
    – Client (Trillian plugin) captures and sends context to robot
    – People can query imbuddy411 robot for info
       • “howbusyis username”
    – Robot also contains privacy rules governing disclosure
Contextual Instant Messaging
Privacy Mechanisms

•   Web-based specification
    of privacy preferences
    – Users can create groups and
      put screennames into groups
    – Users can specify what each
      group can see
Contextual Instant Messaging
Privacy Mechanisms

•   Notifications of requests
Contextual Instant Messaging
Privacy Mechanisms

•   Social translucency
Contextual Instant Messaging
Privacy Mechanisms

•   Audit logs
People Finder

•   Location useful for micro-coordination
    – Meeting up
    – Okayness checking

•   Developed phone-based client
    – GSM localization (Intel)
•   Conducted studies to see how
    people specify rules (& how well)
•   See how well machine learning
    can learn preferences
Grey – Access Control to Resources
•   Distributed smartphone-based
    access control system
    – physical resources like office doors,
      computers, and coke machines
    – electronic ones like computer accounts
      and electronic files
    – currently only physical doors

•   Proofs assembled from credentials
    – No central access control list
    – End-users can create flexible policies
Some Early Lessons

•   People don’t seem to think about things in terms of
    privacy and security, more of value proposition
•   Need large network effects to study some things
    – Right now, only seeing small interesting results
    – Believe we will find interesting results with LOTS of people
•   Machine learning seems promising
•   Social psychology issues
    – Projecting a desired persona, plausible deniability

    Cornwell, J., et al. User-Controllable Security and Privacy for
    Pervasive Computing. In the Proceedings of The 8th IEEE
    Workshop on Mobile Computing Systems and Applications
    (HotMobile 2007).
Other Rants (Briefly)
•   Rant #3 – Cross-platform issues stifling wide-scale
    –   Symbian, Nokia, Palm, Windows Mobile, Blackberry
    –   All incompatible!
    –   J2ME only helps a little
    –   Severely limits deployability and usage of apps

•   Rant #4 – Conducting realistic user evals difficult
    – Hard to do lab studies since (by definition) mobile
    – Hard to observe while mobile
    – Majority of people already have phones (contacts, phone#)
•   Text input is terrible
    – Likely we will be stuck with 20wpm
    – Leverage real-time context to support specific mobile
      information finding tasks rather than generic ones

•   Facing new privacy and security risks
    – This may be an Achilles’ heel for pervasive computing
        • Hard, and lots of devices to manage
    – Our work looks at making it easy for people to specify,
      visualize, and manage their privacy and security policies
Backup Slides
Usability Issues
•   ~20% of WiFi access points returned
    – People couldn’t figure out how to make it work

•   My guess: ~80% of unsecured WiFi access points
    – When you are mobile, risk of eavesdroppers
    – Computer security too hard to understand, too hard to setup
Usability Issues
•   Phishing really really works
    – Exact numbers hard to find, but LOTS of people fall for them
•   Semantic gap between us and everyday users
              “Civilization advances by
    –   SSL, certificates, encryption, man-in-the-middle attacks
              extending the number of
        But simple phishing is stunningly effective
              operations we can perform
              without thinking about them.”
•   Observation: need security models that are invisible
               - others) or extremely easy to
    (managed by Alfred North Whitehead understand
Cultural Issues
•   Browser Cookies
    – Originally meant for maintaining state
    – Now a pervasive means for tracking people online
    – Embedded in every browser, hard to change

•   Observation: Security hard issue to wrap brain around
    – Hard to assess risk of low-probability event in future
    – Adds to cost of development for uncertain benefit
    – Thus, often done as an afterthought (ie too late)
Economic Issues
•   Estimated cost of phishing in US is ~$5 billion
•   Solutions already exist
    – Two-factor authentication
    – Email authentication
•   But:
    – Non-computer scams ~$200 billion
    – Estimated cost of implementation > $5 billion

•   Observation: Many solutions are out there, but:
    – Need to align needs of various parties (politics)
    – Need incentives (cost-benefit, law)
•   Observation: Scammers getting more sophisticated
    – Market for scammers (setup + steal, mules, bookkeeping)
    – “Build it, and scammers will also come”
No Secure Mobile Computing Soon
•   Lots of important info on mobile devices
•   Usability issues
•   Cultural issues
•   Economic issues

                      IEEE Computer, Dec 2005
                      “Minimizing Security Risks in Ubicomp Systems”
                      Invisible Computing Column
GurunGo: Product Reviews
Rant #2: New Privacy and Security

        This was just March 2006

To top