We are happy to announce that a very interesting study entitled “An Investigation of Privacy and Security in VR APPs through URL String Analysis” has recently been accepted for publication in the Journal of Information Processing. Congraturations, Shu-pei and the team!

Shu-pei Huang, Takuya Watanabe, Mitsuaki Akiyama, Tatsuya Mori, “An Investigation of Privacy and Security in VR APPs through URL String Analysis,” Journal of Information Processing, vol. xx, no. xx., pp. xxxx-xxxxx (in press).

Overview.

In this research, we set out to investigate the privacy concerns inherent in the URLs used by virtual reality (VR) applications. In particular, we looked at static, hard-coded URLs that lead to destinations such as advertising and analytics services. These can have a big impact on user privacy. Using the Oculus Go VR device, the team applied a categorization methodology that helped identify the most common sources of advertising and analytics embedded in these VR applications. This approach revealed some potential privacy threats and showed us how they could impact user rights. It’s so important to look closely at external libraries and resources that VR app developers often use. The URLs we found that lead to privacy-sensitive services show us how much work there is to do to make VR safer for everyone.

We are thrilled to announce that our paper has been accepted for presentation at the twentieth Symposium on Usable Privacy and Security (SOUPS 2024). Congratulations to Lachlan-kun and Hasegawa-san!

Lachlan Moore, Tatsuya Mori, Ayako Hasegawa, “Negative Effects of Social Triggers on User Security and Privacy Behaviors,” Proceedings of the twentieth Symposium on Usable Privacy and Security (SOUPS 2024), Aug 2024 (accepted) (acceptance rate: 33/156=21.1%)

Overview
People often make decisions influenced by those around them. Previous studies have shown that users frequently adopt security practices based on advice from others and have proposed collaborative and community-based approaches to enhance user security behaviors.

In this paper, we focused on the negative effects of social triggers and investigated whether users’ risky behaviors are socially triggered. We conducted an online survey to understand the triggers for risky behaviors and the sharing practices associated with these behaviors. Our findings revealed that a significant percentage of participants experienced social triggers before engaging in risky behaviors. Moreover, we found that these socially triggered risky behaviors are more likely to be shared with others, creating negative chains of risky behaviors.

Our results suggest the need for more efforts to reduce the negative social effects on user security and privacy behaviors. We propose specific approaches to mitigate these effects and enhance overall user security.

We are thrilled to announce that our paper has been accepted for presentation at the 9th IEEE European Symposium on Security and Privacy (Euro S&P 2024). Congratulations to Oyama-kun and the team!

H. Oyama, R. Iijima, T. Mori, “DeGhost: Unmasking Phantom Intrusions in Autonomous Recognition Systems,” Proceedings of Euro S&P 2024 (accepted for publication), pp. xxxx-xxxx, July 2024

This study addresses the vulnerability of autonomous systems to phantom attacks, where adversaries project deceptive illusions that are mistaken for real objects. Initial research assessed attack success rates from various distances and angles. Experiments used two setups: a black-box with DJI Mavic Air, and a white-box with Tello drone equipped with YOLOv3. To counteract these threats, the DeGhost deep learning framework was developed to distinguish between real objects and illusions, testing it across multiple surfaces and against top object detection models. DeGhost demonstrated excellent performance, achieving an AUC of 0.998, with low false negative and positive rates, and was further enhanced by an advanced Fourier technique. This study substantiates the risk of phantom attacks and presents DeGhost as an effective security measure for autonomous systems.

We are pleased to announce that our paper has been accepted for publication at the Journal of Information Processing Information Processing Society of Japan (IPSJ). Congraturations, Watanabe-kun and the team!

T. Watanabe, E. Shioji, M. Akiyama, T. Mori, “Understanding the Breakdown of Same-Origin Policies in Web Services That Rehost Websites,” Journal of Information Processing, vol. xx, no. xx., pp. xxxx-xxxxx (in press)

This paper extends our original work presented at NDSS 2020 by providing detailed insights into the countermeasures implemented by global service providers, including Google, in response to our recommendations. These enhancements are crucial for understanding the evolving landscape of web service security. We elaborate on the real-world impact of our research in collaboration with JPCERT/CC.