Seminar • Cryptography, Security, and Privacy (CrySP) — Empiricism-Informed Secure System Design: From Improving Passwords to Helping Domestic Violence Victims

Wednesday, April 3, 2019 10:30 am - 10:30 am EDT (GMT -04:00)

Rahul Chatterjee, PhD candidate
Department of Computer Science, Cornell University

Security often fails in practice due to a lack of understanding of the nuances in real-world systems. For example, users choose weak passwords to deal with the several usability issues with passwords, which in turn degrades the security of passwords. I will talk about how we can build better security mechanisms by combining methodical empiricism with analytical frameworks. 

First, in the context of passwords, I will show how to improve the usability of passwords by allowing users to log in with typos in their passwords. I will detail in the talk how to do so without giving attackers any additional advantage to impersonate a user.

In the second part of my talk, I will talk about my recent research direction on how traditional authentication mechanisms fail to properly model digital attacks by domestic abusers, and therefore are ineffective for victims. As a result, abusers can spy on, stalk, or harass victims using seemingly innocuous apps and technologies. I will finish with some recent progress that I have made in helping victims of tech abuse, and provide some future research directions.


Bio: Rahul Chatterjee is a PhD candidate at Cornell University, working on computer security. Prior to joining Cornell, Rahul received his master's from the University of Wisconsin-Madison and bachelor's from the Indian Institute of Technology (IIT), Kharagpur. 

Rahul’s research focuses on user authentication, in particular passwords and biometrics. Lately, he is also conducting research on how to help stop technology abuse in the context of domestic violence. His co-authored papers have been covered by several media outlets, including The New York Times and the MIT Tech Review. His work on password typos was recognized with the distinguished student paper award at IEEE S&P (2016).