Developing usable secure systems in the context of a developing nation like India is a big challenge. Our goal is to understand the way users use secure systems and use this understanding to develop technologies which will get adopted in real-world.
Due to exponential increase in use of Short Message Service (SMS) over mobile phones in developing countries, there has been a burst of spam SMSes. The main goal for this research is to build algorithms and solutions to reduce the SMS spams in developing nations like India. We use crowd-sourcing approach, apply machine learning techniques and keep the user preferences in our solutions. We are currently evaluating the effectiveness of the system in real-world among some volunteers (thanks for their time and efforts!).
If you are interested in knowing more or helping us with the research please write to pk [at] iiitd [dot] ac [dot] in
While passwords, by definition, are meant to be secret, recent trends in the Internet usage have witnessed an increasing number of people sharing their email passwords for both personal and professional purposes. As sharing passwords increases the chances of your passwords being compromised, leading websites like Google strongly advise their users not to share their passwords with anyone. To cater to this conflict of usability versus security and privacy, we introduce ChaMAILeon, an experimental service, which allows users to share their email passwords while maintaining their privacy and not compromising their security. ChaMAILeon provides users with a unique capability to define access control on their emails. Now you can control who can see which emails and who can send emails to whom from your account, by having multiple passwords for your email. The service is already up and running! You can access it at the URL mentioned below.
Online security attacks are a growing concern among Internet users.
Currently, the Internet community is facing three types of security
attacks: physical, syntactic, and semantic. Semantic attacks take
advantage of the way humans interact with computers or interpret
messages. There are three major approaches to countering semantic
attacks: silently eliminating the attacks, warning users about the
attacks, and training users not to fall for the attacks. The existing
methods for silently eliminating the attack and warning users about
the attack are unlikely to perform flawlessly; furthermore, users are
the weakest link in these attacks, it is essential that user training
complement other methods. Most existing online training methodologies
are less successful because: (1) organizations that create and host
training materials expect users to proactively seek out such material
themselves; (2) these organizations expect users to have some
knowledge about semantic attacks; and (3) the training materials have
not been designed with learning science principles in mind.
PhishGuru is currently being commercialized by Wombat
As another implementation of phishing training, we used learning science principles to develop Anti-Phishing Phil, an educational game. Phil was designed to train users about phishing attacks, motivating them to learn by embedding training into a fun activity. The highly interactive nature of the game allows it to teach users to distinguish legitimate links from fraudulent ones; it also provides users with immediate opportunities to practice this procedure multiple times. Anti-Phishing Phil complements PhishGuru by providing an entertaining platform for the rapid repetition and feedback needed to teach more difficult anti-phishing procedures.
Anti-Phishing Phil is currently being commercialized by Wombat