Search for: All records

Vehicle cybersecurity is a serious concern, as modern vehicles are vulnerable to cyberattacks. How drivers respond to situations induced by vehicle cyberattacks is safety critical. This paper sought to understand the effect of human drivers’ risky driving style on response behavior to unexpected vehicle cyberattacks. A driving simulator study was conducted wherein 32 participants experienced a series of simulated drives in which unexpected events caused by vehicle cyberattacks were presented. Participants’ response behavior was assessed by their change in velocity after the cybersecurity events occurred, their post-event acceleration, as well as time to first reaction. Risky driving style was portrayed by scores on the Driver Behavior Questionnaire (DBQ) and the Brief Sensation Seeking Scale (BSSS). Half of the participants also received training regarding vehicle cybersecurity before the experiment. Results suggest that when encountering certain cyberattack-induced unexpected events, whether one received training, driving scenario, participants’ gender, DBQ-Violation scores, together with their sensation seeking measured by disinhibition, had a significant impact on their response behavior. Although both the DBQ and sensation seeking have been constantly reported to be linked with risky and aberrant driving behavior, we found that drivers with higher sensation seeking tended to respond to unexpected driving situations induced by vehicle cyberattacks in a less risky and potentially safer manner. This study incorporates not only human factors into the safety research of vehicle cybersecurity, but also builds direct connections between drivers’ risky driving style, which may come from their inherent risk-taking tendency, to response behavior to vehicle cyberattacks. 

Modern vehicles are embedded with numerous electronic components, making them more advanced and automated, while also making them vulnerable to cyberattacks. This study investigated how drivers respond to unexpected, cyber-attack-induced situations through a driving simulator study. It also examined differences in driver responses if they were trained or received warning messages on how to mitigate the effect of a vehicle cyberattack. The findings suggest that drivers' responses to cyberattacks vary based on the severity of the event. Those who receive training are much more likely to drive cautiously when the vehicle behaves unexpectedly and those who receive warning messages are likely to view them, but not necessarily take action. These results have far reaching implications into the utility of training programs in improving driver behavior and leave future work in terms of optimizing warning message systems. 

The introduction of advanced technologies has made driving a more automated activity. However, most vehicles are not designed with cybersecurity considerations and hence, they are susceptible to cyberattacks. When such incidents happen, it is critical for drivers to respond properly. The goal of this study was to observe drivers’ responses to unexpected vehicle cyberattacks while driving in a simulated environment and to gain deeper insights into their perceptions of vehicle cybersecurity. Ten participants completed the experiment and the results showed that they perceived and responded differently to each vehicle cyberattack. Participants correctly identified the cybersecurity issue and took according action when the issue caused a noticeable visual and auditory response. Participants preferred to be clearly informed about what happened and what to do through a combination of visual, tactile, and auditory warnings. The lack of knowledge of vehicle cybersecurity was obvious among participants. 

Secure multi-party computation (MPC) allows multiple parties to jointly compute the output of a function while preserving the privacy of any individual party's inputs to that function. As MPC protocols transition from research prototypes to real-world applications, the usability of MPC-enabled applications is increasingly critical to their successful deployment and wide adoption. Our Web-MPC platform, designed with a focus on usability, has been deployed for privacy-preserving data aggregation initiatives with the City of Boston and the Greater Boston Chamber of Commerce. After building and deploying an initial version of this platform, we conducted a heuristic evaluation to identify additional usability improvements and implemented corresponding application enhancements. However, it is difficult to gauge the effectiveness of these changes within the context of real-world deployments using traditional web analytics tools without compromising the security guarantees of the platform. This work consists of two contributions that address this challenge: (1) the Web-MPC platform has been extended with the capability to collect web analytics using existing MPC protocols, and (2) this capability has been leveraged to conduct a usability study comparing the two version of Web-MPC (before and after the heuristic evaluation and associated improvements). While many efforts have focused on ways to enhance the usability of privacy-preserving technologies, this study can serve as a model for using a privacy-preserving data-driven approach in evaluating or enhancing the usability of privacy-preserving websites and applications deployed in real-world scenarios. The data collected in this study yields insights about the interplay between usability and security that can help inform future implementations of applications that employ MPC.