Dr. Arosha Bandara – Cyber Security and Human Behaviour


Arosha, you’re Senior Lecturer in Computing
here at The Open University. Can you tell me a little bit about your area of research
and how you got in to that area? Sure. So I work in an area called Cyber Security
and Human Behaviour. Cyber security is something that many people might have heard of nowadays
because of all the different threats that are out there and it gets reported in the
news very frequently. So that part of my research is very much what
you think it is, it’s about protecting digital systems from attack and also protecting the
privacy of people’s personal information. The human behaviour aspect is quite interesting
because it tries to bring together this technology part with how people work, build and interact
with the technology. So it’s more psychology type of thing? Yes, exactly. So it brings together psychology,
social science, business. So a number of the projects we work on bring researchers from
all these different fields together with technologists like myself to understand the interplay between
the social technical system as well as the cyber physical system. Because these systems
are no longer just in computers sitting on desks, they are embedded in the environment.
We wear them, we walk around with them all the time. So it’s a very complex interplay and that’s
what makes it really interesting and exciting to work on. So why did you get in to that area? Were you
an early up taker of the new technologies? So, in terms of some of the wearable technologies
and things that, you know, measure your activity levels I have to confess I was one of the
early adopters of those kind of things and smartphones and the Apps and things like that. And the other area of interest is because
my primary focus is in looking at systems that adapt to their environment. So they monitor
something about their environment and change how they behave in response to that. And in
this domain of cyber security and human behaviour where you have systems in the real world having
to deal with situations that may not have been planned for. Adaptation is a key requirement. So it really neatly brings together my interest
in adaptive systems with this very challenging problem of cyber security. Is there something particular that you can
tell us about that you’re working on at the moment? Yeah, absolutely. So I’ve brought along
an example of a device that we’ve made. We call this the privacy band. It’s a physical
wearable device. So I could pick it up and slip my arm through. We should say it’s a prototype? It is a prototype, yes. We only just built
this last year. And the idea is that … we call it the privacy band because it’s intended
to help you manage your privacy. And what we have on the reverse side of this band are
three vibration motors. So these things can make a kind of a buzzing sensation. And we
designed this to represent something, a metaphor we call the privacy itch and the privacy scratch. And what we want to do is to help people get
a better awareness of how their digital information might be being accessed and used in their
daily lives because we’re generating data all the time and people are trying to access
this all the time as well. And so managing our privacy isn’t something that you can
just sit down once a day and do it in front of your desk or computer, it becomes part
of our daily routine. And to do that we need some unobtrusive way of being aware of how
privacy might be being breached and managing it. So the privacy band gives the user an itching
sensation on the inner forearm. A physical itching sensation from the vibrators? It’s from the vibrators, exactly. And then
we have two pads on either side which the user can scratch to indicate what they want
to happen. So scratching on the inside of your forearm because it’s closer to you
we represent as being more private, so you’re trying to prevent the information from being
shared. And if you scratch on the outside it says I’m happy for the information to
be shared and used. So, you know, this is an example of something
that brings together this cyber security aspect because the information being managed here
is all in cyber space. It’s on Facebook or Twitter or your banking application or
whatever. And it’s bringing it in to the physical world and giving people a manifest
experience of what a privacy breach might be like and giving them control in a physical
way as well. So does that link up to the Internet or something?
So you could wear your band when you’re somewhere like we are now and you can’t
get physically to your laptop or your tablet or whatever? Yeah. So it’s not directly connected to
the Internet. So it works with an App that would be running on your mobile phone. So
most of us carry an Internet connected device nowadays. And through that App, the App is
monitoring your data services to look at who might be trying to access your information
and then deciding how and when to vibrate the bands. And this has to be adapted because of course
you don’t want to be itching all the time, that would be quite bad. So the App has to
have some sense of where you are. So now it might sense I’m in a meeting and therefore
it might choose not to vibrate if the privacy threat level is quite low. Whereas if it’s
quite high it might say actually it’s important enough that I should interrupt him and get
him to respond. But because it’s unobtrusive you might not even know that I’ve got a
privacy warning and I responded to it. So using that they can discretely give some
control over the data that’s being accessed. OK, we’ve said discretely, it doesn’t
look very discrete at the moment, so a couple of questions. Firstly, what do you think it’s
going to look like when you’ve got a sort of finished version and when can I go out
and buy one? So let me ask you a second question first.
I think we’re a while away from buying one but something quite exciting is that we have
some interest in developing this further. And so we’re quite keen to do the work to
make it more discrete and more pleasant to look at. So in terms of what it might look like. It
might be actually a very thin film kind of tattoo technology that somebody applies on
to their skin. And it has all the electronics embedded inside it. It might be a wearable
band just like this one or it might be something that’s actually integrated in to clothing
rather than being physically attached to your body all the time. So that’s kind of up in the air at the moment,
we’re investigating lots of different possibilities. I like the idea of it being a kind of itching
scratching tattoo. Yeah, we’re most excited about that. Yeah, that sounds great. The tech is a bit further down the line I
think so we need to do a lot more work to get there. So that’s your research. Can you tell me
then how that feeds in to the teaching that we do at the OU? Yeah, absolutely. So I mean security in the
computing curriculum, security is an essential part both at undergraduate and postgraduate
level. So even though we might not be directly teaching our students about technologies like
the privacy band the things that underpin this, for example, about how people manage
their privacy risk and security risks. And how you analyse risk and manage it in the
context of developing a system. These are concepts that we do integrate in to both our
undergraduate courses, right from Level 1 all the way to our postgraduate courses. And we also actually have a really great MOOC
called Introduction to Cyber Security which covers a whole range of topics and some of
the underlying technologies like cryptography and network security that all go in to building
something like this. I can see I’m going to have to come and
have another catch up with you in about a year’s time and see how the privacy band
has moved on. I hope you’ll let me do that. Absolutely, I look forward to it. Thank you. Thank you.




Leave a Reply

Your email address will not be published. Required fields are marked *