My research focuses on next-generation user authentication schemes for IoT applications using biometrics. Also, I am investigating usable security and privacy mechanisms driven by security-by-design and privacy-by-design ideas.
Earlier, I was involved in research related to designing and testing new behavioral biometric-based authentication methods that aim at lowering potential security risks due to human behavior while the user uses it. Studies in the field of cyber attacks have found humans as the weakest link for most of the attacks in getting access to critical systems. As a use case, studying the specific mechanism of user authentication securing the access to the system where a human is involved as an operator.
Existing authentication methods based on “something you know” and “something you have" is inherently binary (the level of confidence about the authenticity of the user must be 100% for the system to accept it). Particularly, I am focusing on behavioral biometrics because they are comparatively newer, user-friendly, and potentially well suited for new environments and contexts such as IoT devices and critical infrastructures. In addition, overall risk computation on which authentication decision is taken inherently asserts user behavior. Also, I will focus on the task of applying a threat model to the new authentication systems and making it resilient against possible vulnerabilities and cyber-threats specifically due to human factors.