| NSF Org: |
SES Division of Social and Economic Sciences |
| Recipient: |
|
| Initial Amendment Date: | September 12, 2016 |
| Latest Amendment Date: | July 31, 2017 |
| Award Number: | 1619084 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Sara Kiesler
skiesler@nsf.gov (703)292-8643 SES Division of Social and Economic Sciences SBE Directorate for Social, Behavioral and Economic Sciences |
| Start Date: | September 15, 2016 |
| End Date: | August 31, 2019 (Estimated) |
| Total Intended Award Amount: | $309,297.00 |
| Total Awarded Amount to Date: | $309,297.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
5700 RIVERTECH CT STE 210 RIVERDALE MD US 20737-1250 (301)314-6070 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
5825 University Research Ct College Park MD US 20740-3823 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.075 |
ABSTRACT
Most of the world's internet access occurs through mobile devices such as smart phones and tablets. While these devices are convenient, they also enable crimes that intersect the physical world and cyberspace. For example, a thief who steals a smartphone can gain access to a person?s sensitive email, or someone using a banking app on the train may reveal account numbers to someone looking over her shoulder. This research will study how, when, and where people use smartphones and the relationship between these usage patterns and the likelihood of being a victim of cybercrime. This research is the first step to a better scientific understanding how the physical world surrounding smartphone use enables cybercrime. Tired users may be less cautious in browsing to unsafe websites, or distracted users may miss a critical pop-up that a virus has been detected. Once these unsafe patterns of behavior are identified, new techniques, tools, and training can be developed to help prevent smartphone users from becoming victims of cybercrime.
This research expands existing theories of victimization in the domain of mobile devices, where both the criminal activity and the victimization occur online but may be affected by the offline environment. This research collects sensor data from the smartphones of 160 volunteers, such as GPS location, call frequency, and app usage. The smartphone sensor data is combined with questionnaires, demographic data from the U.S. Census, and neighborhood condition data from Google Street view. This research also provides a baseline of smartphone security threats stemming from behavioral and social factors, and applies new methods for social science research using mobile sensor data to unobtrusively observe the daily activities of subjects. Finally, this research adds to the body of knowledge on the fundamental limitations of sensor-based activity and context inferences, provides a unique corpus of smartphone sensor data that is freely available to the scientific community, and a set of open source tools for collecting and analyzing the data.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The prevalence of smartphone impacts one’s exposure to cybercrime, crimes involving smartphones, and/or privacyhazards. In social science, theories have been proposed to explain the likelihood of a person to fall victim to crime in general. Some established theories linked personality traits such as self-control as factors that increase and decrease the victimization. However, it is not yet understood whether such theory can be applied in the context of smartphones.
We have developed an Android smartphone app for monitoring a number of smartphone usage behaviors in an unobtrusive manner. The app collects various types of data while running unnoticeable in the background. These data include location (as gathered from GPS), apps used, physical activities (standing still or on movement), Wi-Fi information, Bluetooth usage, headset use, smartphone's power/battery level, etc.
We have also compiled a questionnaire consisting of 97 questions. The first nine questions are related to participant demographics (e.g. age, gender, level of education, income level). A number of questions are related to the condition of participants’ residential and neighborhoods, specifically related to the safety and maintenance needs of the area. Example of questions include whether or not trash and graffiti are issues in their neighborhoods, whether or not there are many vacant houses, etc. A number of questions are related to the extent the participants’ use the computer and internet. Examples of questions concern for instance the number of hours spent using computers (or other devices) and internet, the types of activities performed when using the devices, their participation in social media, etc. A number of questions are related to the security practices participants have performed or are aware of. Finally, the participants were asked to rate themselves with respect to a number of statements related to personality andhabits. For example: "I am very friendly with strangers”, “Iam very sociable”, “I am restless at the theatres and lectures”,etc.
We then conducted an in-vivo observation study where more than 80 study participants were asked to install our app on their smartphones, and to use their smartphones in a regular manner for one to three months. We then analyzed the collected data in an attempt to understand smartphone usage behavior and identify instances of risky usage behavior. Then, we investigated whether individual personality traits andself-assessments associated with security and victimization can serve as predictors of the observed risky usage behavior. Such understanding provides first steps toward defining and mitigating smartphone threats due to smartphone usage profiles.
We grouped the participants into ‘risky’ and ‘non-risky’ for each communication-related behavior as well as software-related behavior. Setting both kinds of results (survey and data collection) into relation to each other, our results show noperceivable difference in the individuals that rank themselves higher in the smartphone security awareness with respect to therisky and non-risky smartphone usage behavior. Additionally,we found that that the personality scales, specifically TRDM and Impulsiveness, do not seem to be factors that differentiate between the risky and non-risky smartphone usage behavior we observed in our collected data.
In a separate study, we performed smishing attacks on our participants using SMS. The smishing attacks were done in two waves. In the first wave, the attack was done using general wordings, while in the 2nd wave, we peformed spear smishing using information we gathered from our in-vivo study. A group of participants were exposed to the attack in the morning while another group were exponsed to the attacks in the evening. We hope to examine if there is significant difference in rate of successful attacks between the two groups. Our preliminary assessment shows that group received attacks in the evening is more likely to fall victim to the attacks than the group receiving attacks in the morning.
Last Modified: 12/29/2019
Modified by: Madeline Diep
Please report errors in award information by writing to: awardsearch@nsf.gov.
