According to the US Department of Justice, every 73 seconds, an American is sexually assaulted. However, sexual assault is under-reported. Globally, 95% of sexual assault cases are unreported, and at most, 5 out of every 1,000 perpetrators end up in prison. Online anonymous third-party reporting systems are being developed to encourage reporting of sexual assaults and to apprehend serial offenders.
Continue reading
Paper co-authored by my PhD students Yue Huang and Borke Obada-Obieh has received a Honourable Mention award at CHI 2020. Such awards are given to top 2-6% submissions.
Yue and Borke spoke to 26 Canadian adults who used shared smart speakers at home, including Amazon Echo, Google Home and Apple HomePod. We found that participants not only worried about keeping their data safe from the manufacturer or other entities; they also feared potential misuse of the device by people they actually live with and know.
Continue reading
Nobody wants to spend time unlocking their phones, particularly when it happens some 50 times a day. This is why both industry and academia have been figuring out how to minimize this unwanted overhead, while still keeping smartphones users secure. To improve the technology, developers need to understand how exactly users use it, what works and what does not, what are the patterns of users’ behaviour with the technology. This is the knowledge gap that LERSSE’s alumni Lina Qiu was working on addressing in her Master’s thesis research. Her research investigated the interplay between age and smartphone authentication behavior.
Continue reading
Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. But how do people experience incidents of unauthorized access? Using an online survey, I’ve collaborated with Diogo Marques from the University of Lisbon, his co-supervisors, and my UBC colleague Prof. Ivan Beschastnikh. Diogo led a study, in which he collected 102 accounts of unauthorized access. Participants wrote stories about past situations in which either they accessed the smartphone of someone they know, or someone they know accessed theirs. The findings of the study will be presented in May at ACM SIG CHI conference, the top HCI venue in the world..
Continue reading
Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. It is unclear, however, if these mistakes originate from code written by application or third-party library developers. Understanding the responsible party for a misuse case is important for vulnerability disclosure. In this paper (presented at ASIACCS ’18), led by LERSSE alumni Ildar Muslukhov, we bridge this knowledge gap and introduce source attribution to the analysis of cryptographic API misuse.
Continue reading
On May 11, 2018, with my UBC colleagues and PhD students, we have organized first full day event, where over 20 projects from UBC related to cybersecurity have been showcased. Over 170 attendees had come to UBC Cybersecurity Summit to see the projects. The summit also featured a keynote by CMU’s Professor Dr. Prof. Lujo Bauer and Gary Perkins, CISO for the Province of British Columbia. See more details on the summit web site. Stay tuned for Cybersecurity Summit 2020.
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the first time an app attempts to use it. Prior research shows that this model may not adequately capture user privacy preferences because subsequent requests may occur under varying contexts. To address this shortcoming, LERSSE’s PhD student Primal Wijesekera led a collaboration project with Dr. Egelman‘s Berkeley Laboratory for Usable and Experimental Security (BLUES) to implement a novel privacy management system in Android, in which contextual signals are used to build a classifier that predicts user privacy preferences under various scenarios. Continue reading
I was recently asked to speak to the media about WannaCry. While preparing for the interview (see the video below), I’ve realized that this particular case is a good illustration of the various dimensions of cybersecurity: Continue reading
The number of smartphone users worldwide was expected to surpass 2 billion in 2016. To protect personal and other sensitive information from unauthorized access, some smartphone users lock their phones. Yet, others don’t, risking the data and online services accessible through their devices. The risks emanate from both device thieves and those who belong to the users’ social circles, so called social insiders. In 2014, 2.1 million Americans (under 2%) had phones stolen. Continue reading
recent papers