Papers by Sunil Chaudhary
Computer Security. ESORICS 2022 International Workshops
Smart speakers pose several risks to security and privacy, which users can counter with protectiv... more Smart speakers pose several risks to security and privacy, which users can counter with protective measures. This paper investigates the factors contributing to the adoption of protective measures by smart speaker users. Using survey data from Swiss participants, we first captured four different combinations of users with (no) concerns and (no) measures. We then used six factors to examine which of these influence protective behavior. Our findings reveal that whether or not protective measures are taken is affected by the usage context, usage duration, gender, opinion toward emotion recognition, and reasons for acquisition, but not by model/manufacturer, age and education level. With our results, we want to contribute to the ongoing discussion about influencing factors on concerns and protective measures, using the smart speaker domain as an example.
Solent University, Jun 22, 2021
Theodora and Knezevic, Sandra (2021) Rapid migration from traditional or hybrid to fully virtual ... more Theodora and Knezevic, Sandra (2021) Rapid migration from traditional or hybrid to fully virtual education in the age of the coronavirus pandemic: challenges, experiences and views of college and university students.
Systems software quality, and system security in particular, is often compromised by phishing att... more Systems software quality, and system security in particular, is often compromised by phishing attacks. The latter were relatively easy to detect through phishing content filters, in the past. However, it has been increasingly difficult to stop more recent and sophisticated social phishing attacks. To protect the citizens from new types of phishing attacks, software quality engineers need to provide equally sophisticating preventive technology that models people’s reactions. The authors considered the behaviour of people on the Internet from a socio-cognitive perspective and deduced who could be more prone to be spoofed by social phishing techniques. The authors herein propose a computational and interdisciplinary metamodelling methodology, which can assist in capturing and understanding people’s interactive behaviour when they are online. Online behaviour can reveal Internet users’ knowledge, information, and beliefs in a given social context; these could also constitute significant...
Proceedings of the 17th International Conference on Availability, Reliability and Security
Posters are widely in practice to communicate cybersecurity awareness (CSA) messages. This popula... more Posters are widely in practice to communicate cybersecurity awareness (CSA) messages. This popularity could be because it is one of the simplest mechanisms, and most people are accustomed to poster usage. Despite this, very little effort has been made to make the CSA poster design and assessment more systematic. Due to this, there exists a wide variation in CSA poster design. Alarmingly, many of them do not align with the needs and objectives of CSA. This study, therefore, intends to collect and analyze the properties that can guide the production of more uniform and effective posters for CSA purposes. At the same time, the study contributes to making the poster design and quality assessment approach more systematic. In order to do so, this study used a literature review for the elicitation of properties and an online assessment to analyze the relevancy of the elicited properties. As a final result, the study provides six main properties (i.e., topic, information quality, message framing, suggestions quality, content presentation, localization, and style and formatting) and their respective twenty-one sub-properties that can facilitate CSA poster design and its quality assessment. CCS CONCEPTS • Security and privacy → Human and societal aspects of security and privacy; Cybersecurity awareness.
Journal of Cybersecurity
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned int... more Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness program offer an insight into the program's effectiveness on the audience and organization, an invaluable piece of information for the continuous improvement of the program. Further, it provides the information required by the management and sponsor to decide on whether to invest in the program or not. Despite these advantages, there does not exist a common understanding of what factors to measure and how to measure them during the evaluation process. As a result, we have proposed evaluation metrics for the purpose. In order to do so, we performed a literature review of 32 papers mainly to extract the following data: (i) what factors d...
Chaudhary: Recognition of phishing attacks utilizing anomalies in phishing websites M.Sc. Thesis,... more Chaudhary: Recognition of phishing attacks utilizing anomalies in phishing websites M.Sc. Thesis, 78 pages, 15 index and appendix pages November 2012 The fight against phishing has resulted in several anticipating phishing prevention techniques. However, they are only partially able to address the phishing problem. There are still a large number of Internet users who are tricked to disclose their personal information to fake websites every day. This might be because existing phishing prevention techniques are either not foolproof or they are unable to deal with the emerging changes in phishing. The main purpose of this thesis is to identify anomalies that can be found in the Uniform Resource Locators (URLs) and source codes of phishing websites and determine an efficient way to employ those anomalies for phishing detection. In order to do that, I performed the meta-analysis of several existing phishing prevention techniques, specifically heuristic methods. Then, I selected forty-one anomalies, which can be found in the URLs and sources codes of phishing websites and are also mentioned or utilized by the past studies. This is followed by the verification of those anomalies using an experiment conducted on twenty online phishing websites. The study revealed that some anomalies, which were once significant for phishing detection, are no longer included in present day phishing websites, and several anomalies are also widely present in legitimate websites. Such ambiguous anomalies need further analysis to determine their significance in phishing detection. Moreover, it was also found that several heuristic methods use an insufficient set of anomalies which introduces inaccuracy in their results. Finally, in order to design an efficient heuristic method employing anomalies that can be found in URLs and source codes of phishing websites, it is suggested to give due priority to the anomalies that are: difficult for phishers to bypass, only found in phishing websites, seriously harmful, independent of other anomalies, and do not consume a lot of time for evaluation.
Preparing students adequately against online-attacks is a constant teaching and learning challeng... more Preparing students adequately against online-attacks is a constant teaching and learning challenge, no matter how many advanced security-related courses have been developed for higher education curricula worldwide. Recently emphasis has also been put on online identity theft and social awareness in general. The authors research the knowledge, skills and attitudes of future IT professionals, from a cross-cultural and gender perspective. The available data were collected from international students in Software Engineering and other IT related disciplines via a questionnaire. The processed data revealed that (i) students are not free of security misconceptions, which security education is called upon to address and (ii) courses about online security can be part of a strategy for increasing social awareness on privacy protection. This pilot survey also revealed that the following issues are crucial: (a) the cultural and gender dimensions, (b) personality traits and (c) teaching methodol...
Individuals and organizations utilise the cloud technology and its services in various ways. Clou... more Individuals and organizations utilise the cloud technology and its services in various ways. Cloud-based services are becoming increasingly popular, while there is no adequate knowledge offered for their secure use in the education for future IT professionals. It is important to understand how security and privacy issues are perceived and handled by male/female users and IT professionals of different cultures. The authors aim at presenting and scrutinizing information about cloud services’ use by prospective IT professionals in five countries, namely China, Finland, Greece, Nepal, and the UK. In particular the authors, wanting to find out what are the future IT professionals’ conceptualisations and awareness, collected data from male and female IT students in higher education, who use (or not) cloud services. The authors further illustrate the research findings by proceeding to a comparative analysis considering different perspectives such as: gender, education background, national ...
Computer Science Review, 2019
A password manager stores and handles users' passwords from different services. This relieves the... more A password manager stores and handles users' passwords from different services. This relieves the users from constantly remembering and recalling many different login credentials. However, because of the poor usability and limited user experience of password managers, users find it difficult to perform basic actions, such as a safe login. Unavoidably, the password manager holds the login credentials of many online services; as a result, it becomes a desired target for online attacks. This results in compromised security, which users often consider as an inevitable condition that must be accepted. Many studies analysed the usability and security of various password managers. Their research findings, though important, are rather incomprehensible to designers of password managers, because they are limited to particular properties or specific applications and they, often, are contradictory. Hence, we focus on investigating properties and features that can elevate the usability, security, and trustworthiness of password managers, aiming at providing practical, simple, and useful guidelines for building a useable password manager. We performed a systematic literature review, in which we selected thirty-two articles with coherent outcomes associated with usability and security. From these outcomes, we deduced and present meaningful suggestions for realising a useable, secure and trustworthy password manager.
The increasing number of Internet and mobile phone users, and essentially those, who use these el... more The increasing number of Internet and mobile phone users, and essentially those, who use these electronic media to perform online transactions makes Nepal lucrative for phishing attacks. It is one of the reasons behind escalating phishing attacks in the country. Therefore, in this paper we examine various phishing attempts and real scenarios in Nepal to determine the seriousness of the problem. We also want to find out how prepared are the Internet and mobile phone users and how well-equipped are the private sector and government authorities responsible to handle cybercrime in the country. We considered five areas of research study, i.e., legal measures, technical and procedural measures, organizational structure, capacity building, and international cooperation. These constitute important factors in cyber security and are recommended by the Global Cyber security Agenda (GCA). On the basis of our findings, we provide essential suggestions to make anti-phishing measures more appropri...
Lecture Notes in Computer Science, 2015
ABSTRACT Key2phone is a mobile access solution which turns mobile phone into a key for electronic... more ABSTRACT Key2phone is a mobile access solution which turns mobile phone into a key for electronic locks, doors and gates. In this paper, we elicit and analyse the essential and necessary safety and security requirements that need to be considered for the Key2phone interaction system. The paper elaborates on suggestions/solutions for the realisation of safety and security concerns considering the Internet of Things (IoT) infrastructure. The authors structure these requirements and illustrate particular computational solutions by deploying the Labelled Transition System Analyser (LTSA), a modelling tool that supports a process algebra notation called Finite State Process (FSP). While determining an integrated solution for this research study, the authors point to key quality factors for successful system functionality.
International Journal of Human Capital and Information Technology Professionals, 2015
Public awareness is a significant factor in the battle against online identity theft (phishing). ... more Public awareness is a significant factor in the battle against online identity theft (phishing). Advancing public readiness can be a strategic protection mechanism for citizens' vulnerability and privacy. Further, an effective research strategy against phishing is the combination of increased social awareness with software quality and social computing. The latter will decrease phishing victims and will improve information systems quality. First, the authors discuss recent research results on software quality criteria used for the design of anti-phishing technologies. Second, it is argued that the dynamics of social surroundings affect citizens' trust and can compromise social security. Third, the authors outline basic research needs and strategic steps to be taken for timely citizens' protection. Last, the authors propose strategic research directions for improving information systems total quality management through international collaborative research and by focusing o...
This management summary comments on the early outcomes of an R&D project with industrial and acad... more This management summary comments on the early outcomes of an R&D project with industrial and academic collaboration. In particular, the project’s requirements elicitation phase is presented, during which the authors determined the security and usability requirements of different use-cases for the Interactive 360 0 panorama video player. The use-cases the project dealt with were: i) using the video player in home scenario for viewing and sharing video; ii) controlling home appliances, and surveillance; iii) using the video player in industrial scenario for monitoring industrial components or factors, and surveillance; and iv) using the video player in the premises or shopping mall scenario for surveillance. Additionally, we elicited some important new features, which can play vital role to differentiate the Interactive 360 0 panorama video player from similar software-based products which are being implemented for use-cases similar to our study. Energy saving and other ecological awa...
Content: The report explains the security and usability requirements proposed by our team for the... more Content: The report explains the security and usability requirements proposed by our team for the different use-cases of Interactive 360 degree panorama video player. Impact: This document contains the outcomes of requirements elicitation that our team conducted in order to determine the security and usability requirements of different use-cases of Interactive 360 degree panorama video player. The use-cases we have dealt in this document are: using the video player in home scenario for viewing and sharing video, controlling home appliances, and surveillance; using the video player in industrial scenario for monitoring industrial components or factors, and surveillance; and using the video player in premise or shopping mall scenario for surveillance. In addition, we also have elicited important features which can play vital role to differentiate the Interactive 360 degree panorama video player from similar kinds of product in the market which are being implemented for use-cases simil...
Uploads
Papers by Sunil Chaudhary