Abstract: Usability problems are a major cause of many of today’s IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the problems and
Abstract: This talk is primarily to introduce some of our recent projects, and some project ideas for possible collaboration. The talk will touch several topics. I will go into details based on the group’s interests. Feel free to check the papers at: https://users.encs.concordia.ca/~mmannan/pubs-year.html *Anti-coercion* we have been exploring solutions for data security in coercive situations
Abstract: The current consensus within the security industry is that high-assurance systems cannot tolerate the presence of compromised hardware components. In this talk, we challenge this perception and demonstrate how trusted, high-assurance hardware can be built from untrusted and potentially malicious components. The majority of IC vendors outsource the fabrication of their designs to
Abstract: Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary’s physical proximity to the
Abstract: The Universal Serial Bus has become a pervasive means by which users connect peripherals to computers. USB devices were ubiquitous within organizations and enterprises, but their role in introducing malware and acting as vectors for data exfiltration have significantly curtailed their usage in these environments. We have found that USB hosts often blindly trust
Abstract: Mobile platforms such as Android and iOS have become a primary form of computing for millions of users. These modern platforms are built around the notion of “apps,” providing rich runtime environments that provide application developers easy access to sensors (e.g., location, camera), user information (e.g., contacts, social networks), and device functionality (e.g.,
Abstract: The number of security-sensitive location-aware services over the Internet continues to grow, such as location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing Internet geolocation techniques, e.g., by faking GPS coordinates or employing a non-local IP address through proxy servers and virtual private
Abstract: A credit network models trust between agents in a distributed environment and enables payments between arbitrary pairs of agents. With their flexible design and robustness against intrusion, credit networks form the basis of several Sybil-tolerant social networks, spam-resistant communication protocols, and payment systems. In this talk, I will introduce the concept of credit network
Abstract: Bitcoin enjoys a public perception of being a privacy-preserving financial system. In reality, Bitcoin has a number of privacy vulnerabilities, including the well-studied fact that transactions can be linked through the public blockchain. More recently, researchers have demonstrated deanonymization attacks that exploit a lower-layer weakness: the Bitcoin peer-to-peer (P2P) networking stack. In particular, the
Abstract: This talk will show why we should be concerned about the increasing use of machine-learning (ML) algorithms in safety- and security-critical applications; but also how machine learning can help users maintain their privacy. First, I will show that state-of-the-art face-recognition algorithms are vulnerable to _physically realizable_ and _inconspicuous_ attacks, allowing attackers to evade