talks

2024

• USENIX Security - In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping
  • This paper investigates security weaknesses in digital wallet payment systems, identifying vulnerabilities due to decentralized authority delegation and excessive trust between banks and wallet apps. The researchers demonstrate how attackers can exploit these issues to add stolen cards, bypass transaction authorization, and violate access control, and propose practical remedies to address these critical design flaws.
• SOUPS - Human-in-the-Loop for Secure Digital Wallets Transactions
  • This talk highlights critical vulnerabilities in digital wallet security, emphasizing that banks overly trust wallet apps for authentication and authorization, using wallet IDs instead of verifying the actual cardholder’s identity. This trust enables attackers to add stolen cards to wallets and bypass security checks. The proposed solution involves adopting user-centered verification approaches like push-based multi-factor authentication and periodic re-authentication to enhance digital wallet security.

2021

• Keeping eyes on the road: the role of situated IS delegation in influencing drivers’ situational awareness
  • This talk presents how AI-driven driver-assistance systems in semi-autonomous vehicles can paradoxically decrease driver attention and responsiveness by fostering over-reliance on algorithmic aids. It critiques traditional AI designs that inadequately gauge driver attention, proposing instead an event-based attention-gauging approach. This novel approach aims to align the decision processes of the driver and the AI system, potentially increasing responsiveness, transparency, and predictability, and thereby offering improved guidance for designing effective and safe AI-driven driver aids.