Study 1: Personal Security/Privacy Dashboard

Overview

This extra credit assignment allows you to analyze your own network traffic and identify potential security and privacy risks. Your can choose to monitor your personal devices (phones, tablets, computers) or your entire home network, including smart IoT devices, using either a software-based approach or a hardware-based approach. Through real-time traffic visualization and analysis, you will gain hands-on experience in network traffic instrumentation, security analysis, and privacy-preserving network measurement.

Participation Options

You can participate through one of the following methods:

• Group A (Software-Based Monitoring):

  • You will install software on your personal phones and/or computers.

  • You will have access to a dashboard to visualize and analyze your network activity.

• Group B (Hardware-Based Monitoring):

  • You will receive a pre-configured Raspberry Pi to connect to your home routers.

  • This setup enables monitoring of all devices in your apartment, including IoT devices such as smart TVs and voice assistants.

  • You will gain insights into their home network traffic through a visualization dashboard.

Regardless of the approach, their network traffic is anonymously collected and sent to our system, along with ground truth labels (including names of foreground apps on phones, tablets, and computers). You can pause data collection at any time and withdraw from the study if you choose.

Learning Objectives

By participating in this assignment, you will:

• Develop hands-on experience with network instrumentation for personal devices and home networks.

• Learn how to capture and analyze network traffic from phones, computers, and IoT devices.

• Identify security and privacy risks in real-world traffic data.

• Explore network traffic analysis techniques over extended periods.

• Gain exposure to current research in network traffic analysis and machine learning applications in cybersecurity.

• Understand data privacy principles and how research studies can be designed to preserve participant anonymity.

  • This study is carefully structured so that no personally identifiable data is ever collected.

  • We can see that someone visited a particular website or used an app, but we do not know who did so.

  • Even if the dataset were compromised (which is highly unlikely), an attacker would not be able to associate activity with any particular individual.

  • The extra credit completion codes are not linked to individual identities, ensuring complete anonymity.

Steps to Participate

1. Sign Up & Group Assignment

• Fill out a general recruitment form and indicate your preference for Group A (software-based monitoring) or Group B (hardware-based monitoring).

• We will review your submission and make the final assignment to either Group A or Group B.

• Once assigned, you will receive detailed instructions on setting up the software or hardware.

2. Data Collection & Monitoring

• You are expected to collect network traffic and associated ground truth labels for a cumulative duration of 30 days. This data includes the following:

  • Network traffic

    • Remote hostnames and IP addresses that your personal device (e.g., phones or computers) communicate with.

    • The number of bytes sent and received

  • Ground truth labels: The names and titles of foreground apps running on your phones and computers (as ground truth labels).

• We will collect the network traffic through the following methods:

  • Group A: You will install the WireGuard VPN app on you personal devices (phones and computers). You will join the experimental VPN network.

  • Group B: You will need to plug our preconfigured RaspberryPi into your apartment WiFi router.

  • In both cases, you do not need to interact with the WireGuard VPN app (Group A) or the RaspberryPi (Group B) throughout the 30 day data collection period. You'll just need to use your personal devices and your home network as per normal.

• We will collect the ground-truth labels through the following methods:

  • Phones: You will download our Python script (open-source) on your personal computers (Group A). You will then connect your phone to the computer (Group A) or RaspberryPi (Group B) via a USB cable and enable developer/debugging mode on the phone. Once this step is complete, you can use your phone as per normal. A script that runs on our cloud backend will automatically and continuously obtain the foreground app names/titles via remote debugging.

  • Computers: You will download another script (open-source) on your computers. The script will automatically and continuously capture the foreground app names/titles.

• You will complete an onboarding survey before any data is collected, as well as an exit survey once the you decide to stop data collection.

• Every week, you will fill out a short survey that asks about your experience.

• You may pause data collection at any time, but the time during the pause will not count toward the 30-day requirement.

• You are free to withdraw from the study at any time, and the amount of extra credit will be adjusted accordingly.

3. Exit Survey & Completion

• Whether you complete the full 30-day duration or withdraw early, you must complete an exit survey in order to receive any extra credit.

• Upon completion, you will receive a unique completion code generated by our system.

• This completion code is not linked to your identity, ensuring full anonymity.

Privacy & Anonymity

This study is designed to protect your privacy:

• We cannot associate network traffic with individual students. For example, if Alice visits NYTimes.com and Bob watches YouTube, our system will record that someone visited these sites, but we will not know who accessed them.

• Our system does not store any personal identifiers, so even in the unlikely event of a data breach, no attacker could associate network activity with specific individuals.

• You can pause data collection or withdraw from the study at any time.

Grading & Extra Credit

• If you complete the full 30-day data collection period, you will receive the maximum extra credit.

• If you withdraw early, you will receive partial credit based on the participation duration. For example, let's say that you have collected T days worth of traffic and ground truth labels.

  • 0 < T < 10: You will receive 0 extra credits

  • 10 < T < 20: You will receive 1/3*X extra credits.

  • 20 < T < 30: You will receive 2/3*X extra credits.

  • T > 30: You will receive X extra credits

• The value of X depends on several factors

  • If you are in Group A, then...

    • X = 5 if you have collected data (both network traffic and ground truth labels) from your phone (iOS, Android, or variants of Android) only

    • X = 5 if you have collected data from your computer (macOS or Windows) only

    • X = 10 if you have collected data from your phone and computer. If you have decided to collect data from more devices (e.g., an extra tablet, phone, or computer), X = 10

  • If you are in Group B, then X = 13, provided that you have collected data from both your phone and computer on the network. No IoTs are allowed. Given that the preconfigured RaspberryPi only collects data when the phone/computer is on the network, it is perfectly okay if the phone/computer is not on the home network (e.g., when you are out of the home). Just keep the RaspberryPi running for a cumulative duration of 30 days, but we expect to see your phone and computer on the network for some period of time every day.

• Extra credit is assigned only after completing the exit survey and submitting the anonymous completion code.

Example Workflow

1. Alice fills out the recruitment form. 

2. After a few days, Alice is assigned with Group A. 

3. Alice fills out an initial survey (a psychological assessment) and a general consent on data privacy.

4. Alice is given a tutorial that shows her how to start data collection on her iPhone. This process involves (i) downloading an VPN app called WireGuard, (ii) running a bash script on her macOS, (iii) connecting her iPhone to her computer for the bash script to pair with her phone so that we can collect the ground truth labels (e.g., the names of the foreground apps), and (iv) scanning a QR code on the Research Dashboard

5. Alice is confused, so she schedules a Zoom call with a course assistant, who later helps her with the setup.

6. Alice verifies her setup on the Research Dashboard, which shows the number of days of data collected (which includes both the network traffic and the ground truth labels).

7. Alice keeps the data collection running in the background as she carries out her everyday life. In most cases, she doesn't have to do anything with the data collection process. It just runs passively and continuously, even as she changes WiFi/cellular networks and/or switches to Airplane Mode.

8. Occasionally, Alice visits the Research Dashboard to check the cumulative total number of days of data collected. If there is an issue, she reaches out to the course assistant or the research coordinator on Slack. The Research Dashboard also shows various visualizations of her network traffic in real time, which helps her understand security/privacy issues on her phone.

9. Every week, Alice fills out a short survey to describe about her experience.

10. Alice decides to stop all data collection on Day 28. She indicates dropout on the Research Dashboard.

11. Alice completes an exit survey.

12. Alice gets 5 * 2/3 = 3.3 extra credits.