UAB group’s two papers accepted to top security conference

The UAB SPIES Lab research on two facets of user-centered Internet security will be presented at the Network and Distributed Systems Security Symposium.

Two research papers featuring the work of students in the University of Alabama at Birmingham Security and Privacy in Emerging computing and networking Systems (SPIES) Lab will be presented at the 2014 Network and Distributed Systems Security Symposium.

spies logoThe conference gathers leading-edge Internet and network security researchers and practitioners. UAB’s papers were two of 55 accepted, out of a total of 293 submissions.

“This conference is very competitive and accepts only the best work out there,” said Nitesh Saxena, Ph.D., associate professor and director of the SPIES Lab, who co-wrote the papers. “The credit goes to the SPIES students and our collaborators.”

Both papers highlight facets of UAB’s innovative research in security issues. The first paper, “Neural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings,” was a collaboration between Department of Computer and Information Sciences graduate research assistants Ajaya Neupane (lead student author) and Michael Georgescu, and Department of Psychology student Keya Kuruvilla and Associate Professor Rajesh Kana, Ph.D.

The team used neuroscience imaging to map what is happening in Internet users’ brains as they encounter security warnings and malicious websites. Using a functional magnetic resonance imaging (fMRI) machine, the researchers measured users’ performance in distinguishing between legitimate and phishing websites, and heeding malware warnings while tracking their brain activity.

The second paper, “Two-Factor Authentication Resilient to Server Compromise Using Mix-Bandwidth Devices,” was written by CIS graduate student Maliheh Shirvanian (lead student author) with Stanislaw Jarecki, Ph.D., and Naveen Nathan of the University of California, Irvine.

This research presents several potential methods to improve the security of password-only user authentication by adding a second authentication factor, like a mobile phone, in a way that is tolerant to the compromise of online services and supports a wide variety of devices. The proposed approaches show consistent advantages over two-factor schemes currently in use, like Google Authenticator or RSA SecurID tokens.

Saxena and his students will travel to the symposium, held in San Diego from Feb. 23-26, to present their research.