Current Projects

Identifying solutions to the security and privacy vulnerabilities in social networks (e.g., Facebook) through exploring users' security perceptions and browsing behavior in online environment.            

Understanding the perceptions of users about Internet-of-Things and leveraging that knowledge to design security and privacy-enhancing techniques for this emerging technology.

Investigating the security awareness of people from different levels of society in the Global South including in Bangladesh, to design easy-to-use security technologies, tailored to their personal and social needs.

Addressing the tension between computing needs and privacy behavior of people, which varies across their demographic traits, educational backgrounds, professions, and self-efficacy.

Past Projects

Studying Journalists to Identify Requirements for Usable, Secure, and Trustworthy Communication  

As digital communication technologies improve, they help journalists perform an array of activities more quickly and effectively, however, also put them at the risk of cyberattacks. In this collaborative project with Clemson University, University of Washington, and Columbia University, we aim to understand the challenges in secure communication between journalists and sources, and leverage that knowledge to design usable and secure tools for journalism profession, with a broader goal of extending these tools to other professions (e.g., lawyers, doctors) as well.

The Impact of Cues and User Interaction on the Memorability of System-Assigned Passwords

The goal of this project is to design a secure and memorable password scheme for online user authentication. Traditional user-chosen passwords are vulnerable to online guessing attacks. System-assigned random passwords are more secure but suffer from poor memorability. To address this usability-security tension, we propose a novel cued-recognition authentication scheme, which provides users with memory cues to learn system-assigned keywords. In our studies, we examine the impact of different types of memory cues, e.g., graphical, verbal, and spatial cues, and employing user interaction. The results show that verbal cues (i.e., real-life facts corresponding to assigned keywords) and user interaction play a significant role to gain high memorability for system-assigned random passwords. 

A Comprehensive Study of the GeoPass

User Authentication Scheme

Password schemes based on selecting locations in an online map are an emerging topic in user authentication research. GeoPass is the most promising such scheme, as it provides satisfactory resilience against online guessing and showed high memorability in the preliminary lab study. In this project, we performed three separate user studies, e.g., a real-world field study and two multiple-password interference studies to understand the potentials of GeoPass. The single-password field study showed promise for GeoPass in a real-life scenario, however, the memorability for GeoPass was not satisfactory in the first multiple-password study. To overcome this issue, we design and evaluate a novel mental story based approach, which contributes to gain a significant improvement in memorability in the second multiple-password study on GeoPass.  

Designing Secure and Memorable Two-factor

Authentication Scheme

Traditional textual passwords alone are not adequate to provide security guarantees for online authentication, because of attacks like online guessing, phishing, shoulder surfing, and keylogger malware. Thus, it is now widely held that two-factor authentication should be implemented to provide a higher level of security. The Federal Financial Institutions Examination Council (FFIEC) has recommended two-factor authentication for consumer online banking services. In this project, we leverage users' autobiographical memory and different types of memory cues to design two-factor authentication schemes offering resilience to online guessing, shoulder-surfing, phishing, and keylogger malware with minimal costs in terms of memory burden, additional communication channel, and hardware requirement. 

Persea: A Sybil-Resistant Social DHT  

P2P systems are inherently vulnerable to Sybil attacks, in which an attacker creates a large number of identities and uses them to control a substantial fraction of the system. We propose Persea, a novel social network-based P2P system that derives its Sybil resistance by assigning IDs through a bootstrap tree, the graph of how nodes have joined the system through invitations. Unlike prior Sybil-resistant P2P systems based on social networks, Persea does not rely on the assumptions that have been shown to be unreliable in real social networks. In addition, Persea uses a replication mechanism in which each (key, value) pair is stored in nodes that are evenly spaced over the network. Thus, even if attackers occupy a given region, the desired (key, value) pair can be retrieved from other regions in the network. We evaluate Persea in analysis and in simulations with social network datasets and show that it provides better lookup success rates than prior work with modest overheads. We have also designed and evaluated an improved version of Persea, called iPersea.

ReDS: A Framework for Reputation-Enhanced DHTs  

Distributed hash tables (DHTs), such as Chord and Kademlia, offer an efficient means to locate resources in peer-to-peer (P2P) networks. Unfortunately, malicious nodes on a lookup path can easily subvert such queries. Several systems, including Halo (based on Chord) and Kad (based on Kademlia), mitigate such attacks by using redundant lookup queries. Much greater assurance can be provided; we design Reputation for Directory Services (ReDS), a reputation-based framework for improving the resilience of searches against malicious nodes in deterministic and nondeterministic DHTs. Through extensive simulations, we demonstrate that ReDS significantly improves lookup success rates for Halo and Kad over a wide range of conditions, even against strategic attackers. 

SDA-2H: Understanding the Value of Background Cover Against Statistical Disclosure   

The statistical disclosure attack (SDA) is an effective method for compromising the anonymity of users in a mix-based system.  In this project, we develop SDA-2H, an extension to SDA. We specifically use SDA-2H as a tool to measure the previously unknown effects of background cover on the anonymity of mix-based systems. Our study quantifies the importance of background cover traffic, which we show in simulation to be effective in various scenarios. Using the information gleaned from these experiments, coupled together with a greater understanding of mixes, we can be one step closer to obtaining the ideal form of anonymous communication, one that is insusceptible to any attack.

Miscellaneous

Time and Space Efficient Algorithm for Consumer's Priority Product Management                                                                                                    

In this competitive free-market economy, consumers' priority product management is a candidate for high degree of attention. We leverage the concept of balanced binary search tree to design an efficient algorithm for consumers' priority product management. Our algorithm is simulated for one million test cases, where it shows satisfactory performance in terms of time and space complexity. 

Making Findbugs more Powerful                                                                                                                                                                       ​

Findbugs is a widely used bug-finding tool, which supports plug-in architecture in Java platform for adding new bug detectors. In this project, we design bug detectors to detect different bug patterns that could not be detected by the existing Findbugs tool. The effectiveness of our new bug detectors is tested with a number of popular applications.

The Mechanisms to Ensure Maximum Connectivity and Data Transmission in Wireless Sensor Networks                                         

In this project, we design a novel topology discovery algorithm for efficient data dissemination and aggregation in sensor networks, with an efficacious fault tolerance mechanism ensuring maximum connectivity among operational nodes at the failure of a node. 

© 2020. Mahdi Nasrullah Al-Ameen. All Rights Reserved.