Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. Most detection mechanisms attempt to predict and classify user...
View ArticleSecurity Analysis of Malicious Socialbots on the Web
The open nature of the Web, online social networks (OSNs) in particular, makes it possible to design socialbots—automation software that controls fake accounts in a target OSN, and has the ability to...
View ArticleOn the Impact of Touch ID on iPhone Passcodes
Smartphones today store large amounts of data that can be confidential, private or sensitive. To protect such data, all mobile OSs have a phone lock mechanism, a mechanism that requires user...
View ArticleA Study on the Influential Neighbors to Maximize Information Diffusion in...
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the...
View ArticleOn the Memorability of System-generated PINs: Can Chunking Help?
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated random PINs. 4-digit is the most commonly used PIN length, but 6-digit...
View ArticleAndroid Permissions Remystified: A Field Study on Contextual Integrity
We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. We performed a...
View ArticleThwarting Fake OSN Accounts by Predicting their Victims
Traditional defense mechanisms for fighting against automated fake accounts in online social networks are victim-agnostic. Even though victims of fake accounts play an important role in the viability...
View ArticleTowards understanding how Touch ID impacts users’ authentication secrets...
Smartphones today store large amounts of data that can be confidential, private or sensitive. To protect such data, all mobile OSs have a phone lock mechanism, a mechanism that requires user...
View ArticleSurpass: System-initiated User-replaceable Passwords
System-generated random passwords have maximum pass- word security and are highly resistant to guessing attacks. However, few systems use such passwords because they are difficult to remember. In this...
View ArticleAndroid Rooting: Methods, Detection, and Evasion
Android rooting enables device owners to freely customize their own devices and run useful apps that require root privileges. While useful, rooting weakens the security of Android devices and opens the...
View ArticlePhishing threat avoidance behaviour: An empirical investigation
Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered...
View ArticleSharing Health Information on Facebook: Practices, Preferences, and Risk...
Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population of active...
View ArticleSnooping on Mobile Phones: Prevalence and Trends
Personal mobile devices keep private information which people other than the owner may try to access. Thus far, it has been unclear how common it is for people to snoop on one another’s devices....
View ArticleHarvesting the Low-hanging Fruits: Defending Against Automated Large-Scale...
The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the...
View ArticleI Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security...
This paper reports on why people use, not use, or have stopped using mobile tap-and-pay in stores. The results of our online survey with 349 Apple Pay and 511 Android Pay participants suggest that the...
View ArticleI’m too Busy to Reset my LinkedIn Password: On the Effectiveness of Password...
A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper...
View ArticleCharacterizing Social Insider Attacks on Facebook
Facebook accounts are secured against unauthorized access through passwords and device-level security. Those defenses, however, may not be sufficient to prevent social insider attacks, where attackers...
View ArticleThe Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy...
Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. Prior research has shown that this method is ineffective because it fails to...
View ArticleDecoupling data-at-rest encryption and smartphone locking with wearable devices
Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones...
View ArticleAndroid users in the wild: Their authentication and usage behavior
In this paper, we performed a longitudinal field study with 41 participants, who installed our monitoring framework on their Android smartphones and ran it for at least 20 days. We examined how...
View ArticleContextualizing Privacy Decisions for Better Prediction (and Protection)
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the...
View ArticleDynamically Regulating Mobile Application Permissions
Current smartphone operating systems employ permission systems to regulate how apps access sensitive resources. These systems are not well-aligned with users’ privacy expectations: users often have no...
View ArticleForecasting Suspicious Account Activity at Large-Scale Online Service Providers
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of new attacks and to...
View ArticleSource Attribution of Cryptographic API Misuse in Android Applications
Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. It is unclear, however, if these...
View ArticleAdvancing the Understanding of Android Unlocking and Usage
Research efforts have been made towards creating mobile authentication systems to better serve users’ concerns regarding usability and security. While previous works have revealed real world smartphone...
View Article
