ICAT Playdate: Identity Abuse in Mobile Social Networks and Email Systems

Date: 
Friday, March 17, 2017
Location & Time: 

8:30 – 9:30am in the ICAT Learning Studio, 253 Moss Arts Center

CHCI Featured Project: Identity Abuse in Mobile Social Networks and Email Systems

User identity is the root of trust in many online communities and communication systems. In practice, user identity is also the most attractive target for attacks. For systems like online social networks and email services, identity abuse can cause serious system disruptions, privacy leakage, financial loss, and even threats to national security.

In this talk, I will describe our recent efforts to understand the risk of identity abuse in practice and our defense approaches. First, I will start by describing the fundamental challenge of authenticating real users and real phones in online and mobile systems. We reveal an emerging threat of “Sybil devices” where an attacker can control a large army of simulated devices pretending to be real users to lunch practical attacks such as location tracking and data pollution. Second, I will introduce our on-going work to investigate identity abuse in email systems for phishing and social engineering. I will share our recent findings on how existing email services fail to notify users on spoofing (fake) emails, particularly on mobile devices. I will discuss potential solutions moving forward by modeling user decision-making process for effective security alerts and interventions.

Speaker Bio:

Gang Wang is an Assistant Professor in the Department of Computer Science at Virginia Tech. His research interests cover a range of topics in Security and Privacy, Data Mining and HCI. His goals work towards gaining a deep understanding of user behavior and its roles in attacks and defenses to better secure Internet systems. Gang’s current projects focus on three areas: security and privacy in online communities, data-driven models of user behavior, and mobile application security. Gang obtained his PhD in Computer Science from UC Santa Barbara (2016). He earned a BE degree from Tsinghua University (2010). He spent two summers at Microsoft Research Redmond in 2011 and 2014. He was the recipient of Outstanding Dissertation Award (2016) and PhD Dissertation Fellowship (2015) from UCSB, and Best Practical Paper Award from ACM SIGMETRICS (2013). He held a U.S. patent for large-scale detection of malware distribution networks.