Faculty Candidate: Jason Polakis
480 Dreese Labs
2015 Neil Avenue
Columbus, Ohio 43210
Protecting Users in the Age of Social Web
An ever-increasing part of our professional, social and personal life involves the Internet and online services. This has exposed users to significant risk to their private information, as the constant stream of bad news in the media will attest.
In this talk I will focus on my research efforts to better understand and protect against such loss. I will start with a focused review on the importance of online privacy, and highlight the privacy risks of location proximity, which has been adopted by major web services and mobile apps. This work demonstrated novel threats that can neutralize existing countermeasures used by the industry and pinpoint a user’s location with high accuracy within seconds. To protect users, I developed a practical defense in the form of privacy-preserving proximity that obfuscates the user’s location, which has been adopted by Facebook and Foursquare. I will demonstrate how user privacy also affects security mechanisms, and present my analysis of the threat surface of Facebook’s social authentication system. I will then present a novel social authentication system that is robust against advanced targeted attacks and prevents adversaries from compromising user accounts, and conclude by sharing my thoughts for future directions.
Jason Polakis is a postdoctoral research scientist at Columbia University. He earned his PhD in 2014 from the Computer Science Department of the University of Crete, Greece, where he was supported by the Foundation of Research and Technology Hellas (FORTH). He is broadly interested in identifying the security and privacy limitations of Internet technologies, designing robust defenses and privacy-preserving techniques, and enhancing our understanding of the online ecosystem and its threats. His research has revealed significant flaws in popular services, and major vendors such as Google, Facebook and Foursquare have deployed his proposed defenses. His work has been published in top tier security conferences (Security and Privacy, CCS, and NDSS) as well as other top tier computer science conferences (WWW).