Human Factors in Cyber Security Half-Day Workshop
SCCS Seminar Series / CS Departmental Seminar Series
- Wednesday 16 March 2016, 14:00 to 17:00
- 02 AC 01
- Open to:
- Staff, Students, Alumni, Teachers & Careers Advisors, Public, Surrey Schools Consortium, Schools & Colleges
- Dr Mirco Musolesi, Reader in Data Science, Department of Geography, UCL; Dr Shujun Li, Senior Lecturer of Department of Computer Science and Deputy Director of Surrey Centre for Cyber Security, University of Surrey; Dr Gianluca Stringhini, Lecturer, Department of Computer Science and Department of Security and Crime Science, UCL
- Admission information:
- For organisational purposes, please register at https://www.eventbrite.co.uk/e/human-factors-in-cyber-security-tickets-21603043284 if you plan to attend.
This half-day workshop is a combination of three talks including two given by invited external speakers from UCL and one given by an academic of the Department.
- 14:00-15:00 Talk 1: Privacy and the City: Identity and Identification in the Smartphone Era (speaker: Dr Mirco Musolesi, Reader in Data Science, Department of Geography, UCL)
- 15:00-15:40 Talk 2: Observer-Resistant Password Systems: How hard to make them both usable and secure? (speaker: Dr Shujun Li, Senior Lecturer of Department of Computer Science and Deputy Director of Surrey Centre for Cyber Security, University of Surrey)
- 15:40-16:00: Coffee break
- 16:00-17:00 Talk 3: Following the Trail of Cybercriminal Operations (speaker: Dr Gianluca Stringhini, Lecturer, Department of Computer Science and Department of Security and Crime Science, UCL)
Talk 1: Privacy and the City: Identity and Identification in the Smartphone Era
An increasing number of mobile users is actively sharing their location and other personal information through a variety of applications and services, such as online social network platforms. Moreover, many mobile applications are continuously collecting location data that allow companies to map user movement allow companies to profile users, for example for marketing applications. Although a number of research studies and articles in the press have shown the dangers of exposing personal location data, the inherent nature of LBSNs encourages users to publish information about their current location (i.e., their check-ins). The same is true for the majority of the most popular social networking platforms, which offer the possibility of associating the current location of users to their posts and photos. Conversely, this type of data can be used to identify individuals, for example for crime prevention and national security.
In this talk I will give an overview of the work of my lab in the area of user identification and profiling using data from smartphones and online social networks. I will discuss the challenges and opportunities in this area and I will outline our research agenda for the coming years.
Mirco Musolesi is a Reader in Data Science at the Department of Geography at University College London (UCL). He received a PhD in Computer Science from UCL and a Master in Electronic Engineering from the University of Bologna, Italy. He held research and teaching positions at Dartmouth College, Cambridge, St Andrews and Birmingham. He is a computer scientist with a strong interest in sensing, modelling, understanding and predicting human behaviour and dynamics in space and time, at different scales, using the "digital traces" we generate daily in our online and offline lives. He is interested in developing mathematical and computational models as well as implementing real-world systems based on them. This work has applications in a variety of domains, such as intelligent systems design, (cyber)security&privacy, and ubiquitous computing.
Talk 2: Observer-Resistant Password Systems: How hard to make them both usable and secure?
Observer-resistant password systems (ORPSs, also known as human authentication against observers or leakage-resilient password systems) have been studied since the early 1990s in both cryptography and computer security contexts, but until today a both secure and usable ORPS remains an open question to the research community. The concept of ORPS can be used to cover a large family of attacks against password-based human authentication systems such as shoulder surfers, hidden cameras, man-in-the-middle, keyloggers and malware. A key assumption of ORPS is that human users must respond to authentication challenges without using any computational devices. In other words, the threat model behind ORPSs assumes that other than the human user's brain, nothing is trusted. The main security requirement is to avoid disclosure of the shared secret between the human user and the verifier (i.e., password) even after a practically large number of authentication sessions observed by an untrusted party.
According to Yan et al.'s NDSS 2012 paper which reviews research efforts on this topic for over two decades, it has been clear that no existing systems meet both security and usability requirements although many meet one well. In this talk, the speaker will introduce his research on ORPSs since the early 2000s, highlighting a number of key findings such as human behavioural based timing attack reported at SOUPS 2011 and some theoretical work reported at NDSS 2013 and IEEETIFS 2015. He will contextualise some part of his talk using a particular design of ORPS called Foxtail, one of those ORPSs whose implementations were shown to have a relatively better balance between security and usability. Known rules about designing ORPSs and future research directions will also be discussed.
Dr Shujun Li is a Senior Lecturer of the Department of Computer Science at the University of Surrey since September 2011. He has been a Deputy Director of the Surrey Centre for Cyber Security (SCCS) since July 2014, leading the research theme "Human-Centred Security". As a member of the management team of the SCCS, he helped the Centre to be recognised by GCHQ as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR) in March 2015. His research interests are mainly around interplays among cyber security, human factors, digital forensics, and multimedia computing. He has published more than 80 papers at international journals and conferences in cyber security and multimedia computing fields. He is/was the PI and co-I of a number of research projects in cyber security, digital forensics, and multimedia computing funded mainly by UK and German funding bodies. Many of his research projects have human factors as a key research element, and his recently granted EPSRC project COMMANDO-HUMANS (EP/N020111/1) will looks at how human cognitive models can be used to allow automated discovery of human behaviour related attacks.
Talk 3: Following the Trail of Cybercriminal Operations
Cybercriminal operations are becoming increasingly complex, with multiple specialized actors involved, who are often located in different countries. It is important for researchers and law enforcement to gain a better understanding of such operations and to be able to track the different actors who take part in them. In this talk I will present our findings in tracking a number of cybercriminal operations, from scams linked to spam emails to monitisation schemes associated with credit card fraud. These findings allowed us to identify a number of bottlenecks in cybercriminal operations, which can be exploited to mitigate them.
Gianluca Stringhini is a Lecturer in the Department of Computer Science and Department of Security and Crime Science at University College London (UCL). He obtained his PhD at UC Santa Barbara in 2014, and his research interests include malware, cybercrime, and protecting online services. He published in top tier conferences such as ACM CCS, USENIX Security, and NDSS, and received multiple awards such as a best paper award at ACSAC in 2010, a Symantec Research Labs Graduate Fellowship in 2012, and a Google Faculty Award in 2015.