Cars, Condoms, and Cryptography: How Secure is Secure Enough?

Friday, October 25, 2013 - 11:00am - 12:00pm EDT

  • Location:2 MetroTech Center, 10.099
    New York, US
  • Contact:Nasir Memon
    memon@poly.edu

Speaker: Vaibhav Garg, Drexel University

Abstract:

The first efforts to counter the risks of new technology are technical themselves. Successful technical mitigators, however, simultaneously impinge the perceptions of risk. Often individuals will compensate for the perceived reduction in harm by engaging in more risky behaviors. Individuals with ABS in their cars drive closer to other cars; end-user with stronger privacy controls share more information. Thus, education is not a panacea. The solution then is to examine underlying components of perceived risk online. Nine characteristics of risk have been found relevant offline, i.e. voluntariness, immediacy, knowledge to exposed, knowledge to experts, control, newness, common-dread, chronic-catastrophic, and severity. At least four decades of research in risk and safety engineering has leveraged this nine dimensional framework to inform public policy and new technical solutions.Online the nature of risks is fundamentally different, given the lack of physical harm. This research builds on this nine-dimensional framework to examine which characteristics of risks are relevant online in a diversity of contexts.


Bio: 

Vaibhav Garg is a post doctoral researcher in the Department of Computer Science at Drexel University. His research is at the intersection of security, privacy, and human behavior, with two key foci. First, he examines individual security and privacy decisions online under the broad rubric of risk decisions, specifically risk perception and risk compensation. Second, he investigates cybercrime and resulting victimization from the distinct lenses of computer science, economics, criminology, and social psychology. He serves as the deputy editor for ACM Computers and Society. Recently, he was awarded a two year NSF EAGER award to develop a systematic interdisciplinary framework for Cybercrime Science combining aspects of computer security, economics, and machine learning.