With a remote workforce and everyone working digitally, the threat landscape increases. A team of my research group, led by PhD candidate Borke Obada-Obieh, performed the first qualitative study on employee security and privacy concerns when telecommuting.
Continue reading
I will be on a panel on “Understanding the Risks and Prevention” at Cyber Security Forum, organized by the Greater Vancouver Board of Trade on October 20.
I was recently asked to speak to the media about WannaCry. While preparing for the interview (see the video below), I’ve realized that this particular case is a good illustration of the various dimensions of cybersecurity: Continue reading
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. OpenID is a mainstream Web single sign-on (SSO) solution intended for Internet-scale adoption. There are currently over one billion OpenID-enabled user accounts provided by major content-hosting and service providers (CSPs), e.g., Yahoo!, Google, Facebook, but only a few relying parties that allow users to use their OpenID credentials for SSO. Why is that? I presented at Eurecom an overview OpenID, and then discussed weaknesses of (1) the protocol and its implementations, (2) the business model behind it, and (3) the user interface. The talk concluded with a discussion of a proposal for addressing some of OpenID issues.
See presentation slides for more details.
recent papers