[2016-12-23] Tiffany Hyun-Jin Kim, HRL Laboratories," User-Centric Security Systems to Empower Users' Authentication Decisions”
Title: User-Centric Security Systems to Empower Users' Authentication Decisions
Date: 2016-12-23 3:40pm-5:00pm
Location: R101, CSIE
Speaker: Tiffany Hyun-Jin Kim, HRL Laboratories.
Hosted by: 蕭旭君 教授
In today's Internet, authenticating online entities is challenging since people lack the real-world cues upon which to base their context-dependent trust decisions. For example, how can a user confirm that a Facebook invitation truly originates from the claimed sender, as anyone can trivially set up a bogus online identity with someone else's photo? When downloading a piece of software, how can a user ensure that the piece of software is what (s)he searched for, as even security-conscious users are often frustrated by their inability to judge the legitimacy of software? Unfortunately, automating trust decisions is infeasible due to context-dependent nature of trust and the delays in identifying new and evolving threats. Hence, users may still be left alone to make trust decisions
In this talk, I will demonstrate that providing useful evidence can empower users to make informed context-dependent trust decisions using two user-centric interfaces in the context of data and identity authentications. I will first present a security system called Online Trust Oracle (OTO) for data authentication. OTO presents two categories of evidence to assist users in determining software legitimacy: the positive evidence of why the software is safe to download, and the negative evidence for potential malware. OTO's additional trust evidence enables users to make correct trust decisions even if the underlying operating system mistakenly categorizes legitimate software as malicious and vice versa. I will then introduce an identity authentication logic called RelationGrams that visualize interpersonal tie strength of virtual entities using both physical and social proximities. RelationGrams enable casual users to authenticate online identities in a safe and easy manner, and build trust in previously unknown online entities.
As we discover in user studies, OTO and RelationGrams are useful primitives that provide situational awareness such that users can ultimately make appropriate online trust decisions with confidence.
Tiffany Hyun-Jin Kim is a research scientist at HRL Laboratories. Dr. Kim completed her B.A. in Computer Science at UC Berkeley, M.S. in Computer Science at Yale University, and Ph.D. at Carnegie Mellon University. Her research interests include user-centric security and privacy, network security, trust management, and applied cryptography.