The importance of online authentication cannot be overstated: it is what allows us to determine with whom we are communicating online. Browsers have historically shown a “green lock icon” next to a domain name to indicate something about the security of that website—but far less security than many users give it credit for. In this talk, I will present evidence that attackers are increasingly exploiting the misplaced trust that users place in security indicators to launch more sophisticated phishing attacks. I will also discuss potential future directions for solving this problem. This is joint work with students Richard Roberts and Yaelle Goldschlag.
Dave Levin is an assistant professor of computer science and member of MC2. His research empirically measures Internet security, and applies economics and cryptography to design and build new systems with provable and usable security. Dave’s work has received a USENIX Security Distinguished Paper Award and an IEEE Cybersecurity Award for Innovation. Dave is the chair of the CS Honors program he recently founded Breakerspace, a lab dedicated to group undergraduate research projects in security.