Towards a Secure Cyber World: Leveraging Human Factors in Improving Security and Privacy
- Monday, February 5, 2018 from 4:10pm to 5:00pm
- Barnard Hall, 108 - view map
Date/Time: Monday, 5 February, 2018 from 4:10 PM - 5:00 PM
Location: Barnard Hall 108
Speaker: Mahdi Nasrullah Al-Ameen
Abstract: Users are often considered to be the weakest link in security. For example, while creating an authentication secret, in most cases, users choose a password reflecting common strategies and patterns that ease memorization, but offer weak security. System-assigned passwords provide higher security guarantee, however, suffer from poor memorability. In the first part of my talk, I discuss how I addressed this usability-security tension in user authentication. In particular, I designed and evaluated a novel cued-recognition authentication scheme, which provides users with memory cues to learn system-assigned keywords. I conducted several studies, including real-life field studies, to quantify the impact of providing different types of memory cues, e.g., graphical, verbal, and spatial cues, where I identified the best combination of memory cues to offer high memorability for a secure authentication scheme. In the second part of my talk, I present the findings from a real-world case study, where I explored the factors facilitating the successful preservation of security goals of Panama Paper Project–a worldwide collaboration among hundreds of investigative journalists. I identified the lessons that can be drawn from this case study to support the development of similarly effective processes for both privacy-preserving collaborations and security systems in general. The findings from my studies reflect the significance of considering human factors in improving Cybersecurity and privacy, and highlight the potentials for future work to develop usable and understandable security tools and strategies.
Bio: Dr. Mahdi Nasrullah Al-Ameen is a Post-doctoral Fellow in the School of Computing at Clemson University. His research interest is broad within the domain of Cyber Security, where he is particularly excited about designing and building systems that address the security and privacy challenges faced by end users of existing and emerging technologies. His research focuses on designing a novel security system to provide resilience against cyberattacks, and evaluating its usability in real-life contexts. He also led multiple projects in improving the security and privacy in peer-to-peer (P2P) networks. The findings from his studies are reported in top-tier venues, like USENIX Security Symposium, CHI, IEEE TPDS Special Issue, and in several prestigious venues, including Journal of Networks, Symposium on Usable Privacy and Security (SOUPS),ACM Symposium on Information, Computer, and Communications Security, and European Symposium on Research in Computer Security(ESORICS). Dr. Al-Ameen completed his PhD from the University of Texas at Arlington, winning the Outstanding Doctoral Dissertation Award for his research on Cyber Security and Privacy.