Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usable Privacy and Security and Mobile Social Services Jason Hong

Published byJanel Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "Usable Privacy and Security and Mobile Social Services Jason Hong"— Presentation transcript:

1 Usable Privacy and Security and Mobile Social Services Jason Hong jasonh@cs.cmu.edu

2 My Two Areas of Interest Usable Privacy and Security –“Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.” - CRA –Anti-phishing Mobile Social Computing –Using sensing, wireless networking, and mobile devices to facilitate awareness, communication, and coordination –Mobile phones

3 Everyday Privacy and Security Problem

4 This entire process known as phishing

5 Phishing is a Plague on the Internet Estimated 3.5 million people have fallen for phishing Estimated $350m-$2b direct losses a year 9255 unique phishing sites reported in June 2006 Easier (and safer) to phish than rob a bank

6 Project: Supporting Trust Decisions Goal: help people make better online trust decisions –Currently focusing on anti-phishing Large multi-disciplinary team project at CMU –Six faculty, five PhD students, undergrads, staff –Computer science, human-computer interaction, public policy, social and decision sciences, CERT

7 Our Multi-Pronged Approach Human side –Interviews to understand decision-making –PhishGuru embedded training –Anti-Phishing Phil game –Understanding effectiveness of browser warnings Computer side –PILFER email anti-phishing filter –CANTINA web anti-phishing algorithm

8 Usable Privacy and Security Supporting Trust Decisions

9 Results of Evaluation Have to fall for phishing email to be effective? How well do people retain knowledge after a week? Correctness

10 Results of Evaluation Have to fall for phishing email to be effective? How well do people retain knowledge after a week? Correctness

11 Anti-Phishing Phil

12

13

14

15

16

17

18

19 PILFER Email Anti-Phishing Filter Example heuristics combined in SVM –IP addresses in link (http://128.23.34.45/blah)http://128.23.34.45/blah –Age of linked-to domains (younger domains likely phishing) –Number of domain names in links –Number of dots in URLs –SpamAssassin rating

20 Robust Hyperlinks Developed by Phelps and Wilensky to solve “404 not found” problem Key idea was to add a lexical signature to URLs that could be fed to a search engine if URL failed –Ex. http://abc.com/page.html?sig=“word1+word2+...+word5”http://abc.com/page.html?sig=“word1+word2+...+word5 How to generate signature? –Found that TF-IDF was fairly effective Informal evaluation found five words was sufficient for most web pages

21 Adapting TF-IDF for Anti-Phishing Can same basic approach be used for anti-phishing? –Scammers often directly copy web pages –With Google search engine, fake should have low page rank FakeReal

22 Evaluating CANTINA

23 My Two Areas of Interest Usable Privacy and Security –“Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.” - CRA –Anti-phishing Mobile Social Computing –Using sensing, wireless networking, and mobile devices to facilitate awareness, communication, and coordination –Mobile phones

24 Mobile Social Computing New ways for people to organize and coordinate with one another –Smart Mobs –Gawker Stalker

25

26 Mobile Social Computing New ways for people to organize and coordinate with one another –Smart Mobs –Gawker Stalker –MySpace Mobile

27 Mobile Social Computing IMBuddy Facilitate coordination and communication by letting people request contextual information via IM –Interruptibility (via SUBTLE toolkit) –Location (via Place Lab WiFi positioning) –Active window Balance privacy with utility Few privacy concerns –Safe defaults –Often wanted to share more Currently developing Facebook widget

28 Mobile Social Computing inTouch System to facilitate awareness and communication for small groups –Dual-career families Real-time info about people Faster messaging using contextual information –Location, calendar, traffic, etc

29 Mobile Social Computing Whisper Social Event Service Help people with events when mobile –Find nearby social events –Notify friends of social events –Organize friends to go to events

30 Research Style Observe & understand how people actually use tech Design and implement systems Evaluate systems with users Iterate

31 Jason Hong jasonh@cs.cmu.edu Newell Simon Hall 2504D http://www.cs.cmu.edu/~jasonh/advice.html

Download ppt "Usable Privacy and Security and Mobile Social Services Jason Hong"

Similar presentations

Lightspeed Filtering Mark Shrimpton Schools Broadband Team EiS.

Lightspeed Filtering Mark Shrimpton Schools Broadband Team EiS.
Protecting children online  How can you protect your child online?  Are you aware of the dangers?  Do you know what you can put in place to protect.

Protecting children online  How can you protect your child online?  Are you aware of the dangers?  Do you know what you can put in place to protect.
Kevin Workman CSC 104 12/04/12. Week 7 and 8 Internet regulation is basically restricting access to certain information. Examples of Internet regulation.

Kevin Workman CSC /04/12. Week 7 and 8 Internet regulation is basically restricting access to certain information. Examples of Internet regulation.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.

What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
Assignment: Improving search rank – search engine optimization Read the following post carefully.

Assignment: Improving search rank – search engine optimization Read the following post carefully.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.

CANTINA: A Content-Based Approach to Detecting Phishing Web Sites Yue Zhang University of Pittsburgh Jason I. Hong, Lorrie F. Cranor Carnegie Mellon University.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
Jason Hong, PhD Carnegie Mellon University Wombat Security Technologies Teaching Johnny Not to Fall for Phish.

Jason Hong, PhD Carnegie Mellon University Wombat Security Technologies Teaching Johnny Not to Fall for Phish.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems The Internet, the Web, and Electronic Commerce Chapter 2.

Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems The Internet, the Web, and Electronic Commerce Chapter 2.
Privacy and Security in the Location-enhanced World Wide Web UC Berkeley Intel / UW UW Intel UC Berkeley Jason Hong Gaetano Boriello James Landay David.

Privacy and Security in the Location-enhanced World Wide Web UC Berkeley Intel / UW UW Intel UC Berkeley Jason Hong Gaetano Boriello James Landay David.
Usable Privacy and Security: Protecting People from Online Phishing Scams Alessandro Acquisti Lorrie Cranor Julie Downs Jason Hong Norman Sadeh Carnegie.

Usable Privacy and Security: Protecting People from Online Phishing Scams Alessandro Acquisti Lorrie Cranor Julie Downs Jason Hong Norman Sadeh Carnegie.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
Usable Privacy and Security: Trust, Phishing, and Pervasive Computing Jason I. Hong Carnegie Mellon University.

Usable Privacy and Security: Trust, Phishing, and Pervasive Computing Jason I. Hong Carnegie Mellon University.
User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.

User Interfaces and Algorithms for Fighting Phishing Jason I. Hong Carnegie Mellon University.
User- Controllable Privacy and Security for Pervasive Computing Jason I. Hong Carnegie Mellon University.

User- Controllable Privacy and Security for Pervasive Computing Jason I. Hong Carnegie Mellon University.
Usable Privacy and Security: Trust, Phishing, and Pervasive Computing Jason I. Hong Carnegie Mellon University.

Usable Privacy and Security: Trust, Phishing, and Pervasive Computing Jason I. Hong Carnegie Mellon University.
Four Two Rants on Mobile Computing Jason I. Hong Feb 20 2007 Carnegie Mellon University Intel Ultra-Mobile Devices Workshop.

Four Two Rants on Mobile Computing Jason I. Hong Feb Carnegie Mellon University Intel Ultra-Mobile Devices Workshop.

Similar presentations

Ads by Google