Séminaire R3S présenté par Jema NDIBWILE qui finit son stage doctoral à Télécom SudParis.
Le séminaire aurait lieu ce jeudi 26 juillet 2018 à partir de 10h30, dans l’amphi G10.
Le titre de son intervention: A User Study for Smartphone Security Adherence and Correspondence Assistive Techniques
Abstract:
Billions of smartphones around the world are running an out-of-date Operating Systems(OS) despite users knowing the importance of an updated OS. We conducted a survey of 206 participants from different demographics in Japan and Tanzania (two countries with different socio-cultures, per-capita incomes, security and privacy perceptions) to determine the cause.
We also, layout and analyze general users’ cybersecurity knowledge and attitudes based on participants’ self-assessment, and our assessment. We analyzed password choices, smartphone lock behavior, phishing awareness and users’ attitudes in public Wi-Fi. We believe that insecure online behaviors are exhibited more by portable devices’ users due to their limited capability and easiness of being online most of the time. Thus, these users are more prone to various cyberattacks such as phishing, man-in-the-middle, and ARP poisoning. Moreover, most personal computers’ solutions for those attacks do not work effectively on portable devices due to high-computational power incurred. On that regard, we proposed and developed several strategies for assisting users not falling victims to those attacks and strategies for increasing users’ security compliance. We proposed UnPhishMe, a mobile application prototype that takes advantage of a particular weakness of phishing sites: they accept any kind of input information for authentication. It enables a mobile device user to create fake login account, with fake login credentials, that mimics user login procedure every time the user opens a login webpage and generates an alert to her. UnPhishMe determines whether the current login page shifts to another webpage after an authentication attempt by monitoring hashcode changes of the URL and listenig to HttpURLConnection status code. To protect devices from ARP poisoning, we proposed a lightweight, scalable and immune to Single Point of Failure (SPOF) mobile application. The application is fundamentally based on the concept of mapping a legitimate copy of ARP cache of a device and save it to a secure long-term application memory, then later it periodically checks against the ARP cache map to determine the alteration and alert the user, so that appropriate actions can be taken. Lastly, we redesigned smartphone security notification alerts by integrating them with free information services such as traffic status, weather tips, and others to determine whether they can increase software update compliance in comparison to ordinary plains notices.
Bio: Jema David Ndibwile is currently a Ph.D candidate in the Laboratory for Cyber Resilience at the Nara Institute of Science and Technology (NAIST) since 2016. Prior to his experience at NAIST, he has earned a Master if Technology at Jawaharlal Nehru Technological University in 2015. Originally from Tanzania, he hold a Bachelor of Science in Computer Science from University of Dar Es Salaam (2009) and has been a professional Computer Network and Security Specialist for more than 5 years. He also a CCNA associate since 2010.