On Smartphone Users’ Difficulty with Understanding Implicit Authentication

Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. It relies on behavioral traits (e.g., gait patterns) for user identification, instead of biometric data or knowledge of a passcode. However, it is not yet known whether users can understand the semantics of this technology well enough to use it properly.

Continue reading

Is Implicit Authentication on Smartphones Really Popular?

Get to know Google Smart Lock for Android | Avast

Implicit authentication (IA) on smartphones leverages behavioral and contextual data to identify users without requiring explicit input, and thus can alleviate the burden of smartphone unlocking. In a collaboration with Samsung Research, Masoud Mehrabi Koushki,, a PhD candidate in my research group, has led an exploration of how would smartphone users perceive a commercialized IA scheme in a realistic setting?

Continue reading

On the Challenges of Designing Online Systems for Reporting Sexual Assault

According to the US Department of Justice, every 73 seconds, an American is sexually assaulted. However, sexual assault is under-reported. Globally, 95% of sexual assault cases are unreported, and at most, 5 out of every 1,000 perpetrators end up in prison. Online anonymous third-party reporting systems are being developed to encourage reporting of sexual assaults and to apprehend serial offenders.

Continue reading

The Burden of Ending Online Account Sharing

Many people share online accounts, even in situations where high privacy and security are expected. As with everything in life, the sharing of these accounts does not endure forever. In a study conducted by my PhD students Borke Obada-Obieh and Yue Huang, we investigated the privacy and security challenges that people experience when they stop online account sharing.

Continue reading

“Amazon vs. My Brother” Receives a Honourable Mention Award

Paper co-authored by my PhD students  Yue Huang and Borke Obada-Obieh has received a Honourable Mention award at CHI 2020. Such awards are given to top 2-6% submissions.

Yue and Borke spoke to 26 Canadian adults who used shared smart speakers at home, including Amazon Echo, Google Home and Apple HomePod. We found that participants not only worried about keeping their data safe from the manufacturer or other entities; they also feared potential misuse of the device by people they actually live with and know.

Continue reading

How People Survive the Cryptojungle

Cryptocurrency markets have grown substantially in recent years, and have attracted new users and investors, pushing the overall number of owners into the millions. At the same time, the number of distinct cryptocurrencies has exploded to over 5,000. In this burgeoning and chaotic “cryptojungle,” new and unexplored incentives and risks drive the behavior of users and non-users of cryptocurrencies. While previous research has focused almost exclusively on Bitcoin, other cryptocurrencies and utility tokens have been ignored.  Led by my PhD student Artemij Voskobojnikov, an interview study of cryptocurrency users and non-users focused on their perceptions and management of cryptocurrency risks as well as their reasons for or against involvement with cryptocurrencies. 

Continue reading

My research in 2 minutes

Age and Smartphone Authentication

Nobody wants to spend time unlocking their phones, particularly when it happens some 50 times a day. This is why both industry and academia have been figuring out how to minimize this unwanted overhead, while still keeping smartphones users secure. To improve the technology, developers need to understand how exactly users use it, what works and what does not, what are the patterns of users’ behaviour with the technology. This is the knowledge gap that LERSSE’s alumni Lina Qiu was working on addressing in her Master’s thesis research. Her research investigated the interplay between age and smartphone authentication behavior.

Continue reading

Making Sense of Unauthorized Access to Smartphones

Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. But how do people experience incidents of unauthorized access? Using an online survey, I’ve collaborated with Diogo Marques from the University of Lisbon, his co-supervisors, and my UBC colleague Prof. Ivan Beschastnikh. Diogo led a study, in which he collected 102 accounts of unauthorized access. Participants wrote stories about past situations in which either they accessed the smartphone of someone they know, or someone they know accessed theirs. The findings of the study will be presented in May at ACM SIG CHI conference, the top HCI venue in the world..

Continue reading

Where in Android apps are crypto APIs mis-used?

Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. It is unclear, however, if these mistakes originate from code written by application or third-party library developers. Understanding the responsible party for a misuse case is important for vulnerability disclosure. In this paper (presented at ASIACCS ’18), led by LERSSE alumni Ildar Muslukhov, we bridge this knowledge gap and introduce source attribution to the analysis of cryptographic API misuse.

Continue reading