Research

• Task: This project focuses on addressing the inherent privacy challenges related to the usage patterns of users within Verifiable Credential Digital Wallets (VCDWs). The primary objective is to enhance privacy protections in digital wallets by addressing the limitations presented by current user behaviour and technological constraints.

• Technology Used: The project is developing a smartphone wallet that incorporates privacy-by-usage principles. Utilizing a combination of Privacy Scores (entropy), Diversity Scores (Jaccard Index), selective disclosure mechanisms, and machine learning-based global optimization techniques, the initiative aims to optimise user privacy safeguards.

• Project Partner: Cyber Security Cooperative Research Centre, Deakin Cyber Research and Innovation Centre (Deakin University), Tata Consulting Services

• Key Outcomes: 1 Patent Filed, 1 Conference Paper published. 3 Journal/Conference Publications in progress.

• Description: Despite the advantages of VCDWs in terms of security, efficiency, and user autonomy, significant privacy challenges persist, particularly concerning users' selective disclosure behaviours and the potential aggregation of Personally Identifiable Information (PII). The project aims to address these issues by developing a VCDW that not only adheres to privacy-by-usage principles but also aids users in making informed decisions about their credential disclosures. Through advanced recommendation algorithms and machine learning techniques for global optimisation, the project seeks to balance utility and privacy concerns, enabling users to share necessary information without compromising their privacy.

  1. Development and Testing: The project's methodology includes the creation of a TestBed for the VCDW, focusing on user interaction scenarios within smart environments. An MVP has been tested to validate the system's ability to manage credential disclosures effectively, with particular attention to privacy impacts and user decision-making processes.

  2. Recommendation Engine: A significant finding of the project is the formulation of a model that optimises users' privacy by recommending the optimal set of credentials and attributes for disclosure. This model considers various privacy aspects, such as unlinkability and anonymity, and employs Privacy Scores and Diversity Scores to ensure the best privacy outcomes for users. Additionally, machine learning-based global optimization techniques are used to adapt to changing credential usage patterns and ensure balanced and secure recommendations.

With initial successes, the project is now focused on refining the model and expanding its application across broader user scenarios. Future development will concentrate on enhancing the Trust Score capabilities and extending the TestBed to cover more extensive testing environments. Concurrently, efforts will continue to refine the recommendation model, ensuring it remains adaptable and effective in real-world applications.

• Task: This project embarked on a deep dive into the realms of usable security (USec) and its implications on the adoption rates of multi-factor authentication (MFA) technologies. The study aimed to bridge the gap between the security benefits of MFA and its underutilization due to usability challenges, examining how user characteristics (UCha) and perceptions influence MFA adoption.

• Technology Used: The research meticulously evaluated various MFA methods—SMS-based solutions, app-generated OTPs, and physical authentication devices (PADs)—through the lens of USec. Employing a combination of quantitative and qualitative methodologies, the project explored the nuances of user interactions with physical authentication devices (PADs) to uncover actionable insights into enhancing usability without compromising security.

• Project Partner: Cyber Security Cooperative Research Centre, Centre for Cyber Security Research Innovation Deakin

• Key Outcomes: 2 Journal publications and 1 Article. 2 Journal Publications in progress

• Description: The study was structured to tackle the ongoing challenge within cybersecurity: enhancing the security of digital platforms while ensuring that security mechanisms, like MFA, remain user-friendly. Despite the known benefits of MFA in safeguarding against unauthorised access, its adoption is hindered by usability concerns. The project's core objective was to dissect the elements that constitute 'usable security' in the context of MFA, particularly focusing on physical authentication devices (PADs). By examining user characteristics such as age, ICT qualifications, and previous MFA experience, the project sought to uncover patterns in user perceptions and behaviours that could inform the design of more accessible and widely adopted MFA solutions. This comprehensive approach aimed not only to highlight the trade-offs between security and usability but also to propose a pathway towards resolving these conflicts in favour of creating secure yet user-friendly authentication methods. The study included 2 phases:

  1. Phase 1 (Quantitative Study): A broad survey targeting 410 participants was designed to capture how various user groups perceive the importance of different USec features in PADs. The analysis aimed to correlate these perceptions with specific user characteristics, offering insights into the demographic-specific needs and preferences.

  2. Phase 2 (Qualitative Study): Following the quantitative analysis, a subset of participants were engaged in a hands-on study with PADs. Over four weeks, participants interacted with the devices in real-world scenarios, documenting their experiences. This phase culminated in detailed interviews, providing depth to the quantitative findings and revealing nuanced views on PAD usability and security.

Key Findings:

• User Characteristics Influence on PAD Perceptions: The study conclusively found that age, education, and prior experience with MFA significantly affect users' perceptions of PAD usability. Notably, features such as simplicity, time efficiency, and information support were ranked differently in importance across various user groups, highlighting the diversity in user needs and preferences.

• Important USec Features: Across different demographics, certain USec features consistently emerged as crucial for enhancing PAD adoption. These included error management, simplicity, and information support, underscoring the importance of designing PADs that are not only secure but also intuitive and user-friendly.

• Challenges in PAD Adoption: Despite the recognised security benefits of PADs, their uptake remains low, primarily due to usability concerns. The study's findings suggest that addressing these concerns by tailoring PAD features to meet diverse user preferences can significantly impact their adoption rates.

This extensive study shed light on the critical balance between security and usability in the context of MFA technologies. By uncovering the nuanced preferences and perceptions of users towards PADs, the research offers valuable insights into how MFA solutions can be designed to be both secure and user-friendly, thereby encouraging wider adoption.

• Task: Develop a cutting-edge solution for enhancing supply chain financing through a Blockchain Integrated Database Fabric, addressing the inefficiencies and limitations of traditional SCF systems by leveraging blockchain technology.

• Technology Used: The project harnesses a combination of blockchain technology, database management systems, and advanced programming environments. Truffle Suit was used to run a local blockchain environment for testing and PoC.

• Project Partner: Deakin Blockchain Innovation Lab, Industry

• Key Outcomes: 1 Journal Publication in progress.

• Description:  The Blockchain Integrated Database Fabric (DBK Fabric) is a pioneering approach to supply chain financing that leverages the robustness of blockchain for enhanced transaction verification, performance efficiency, and cross-platform compatibility. This solution consists of three primary components:

  1. Access Layer: Managed user access and authentication, establishing secure entry points to the system.

  2. Blockchain Layer: Ensured transaction integrity, transparency, and security across the supply chain financing process.

  3. Database Layer: Integrated blockchain transactions with traditional database management techniques for efficient data handling.

The incorporation of blockchain into SCF presented unique challenges, such as delays due to consensus mechanisms and complexities in user access control. The DBC Framework innovatively addressed these through:

• 3. • Enhanced access control mechanisms for improved user management.

     • Cross-platform compatibility, facilitating seamless integration with existing systems.

     • Optimized processing speeds by leveraging blockchain technology more efficiently.

Implementing a blockchain-enabled SCF system brought forth significant benefits, including unmatched transparency, minimised transaction fees by direct cryptocurrency transactions, and bolstered security measures.

he analysis of Greensill Capital's collapse underscored the acute need for the transparency and efficiency offered by the blockchain-enabled SCF model, highlighting its potential to prevent similar future occurrences.

The successful development and deployment of the Blockchain Integrated Database for Supply Chain Financing marked a pivotal advancement in the field, demonstrating a viable solution to longstanding challenges. By harnessing the power of blockchain technology, the project not only set a new benchmark for supply chain finance but also paved the way for broader adoption and future innovations in this domain.

• Task: Research, design, and development of an innovative network model for off-grid mesh networks as part of my PhD.

• Technology Used: Utilized Visual Studio for development, alongside various network simulators for testing network protocols, security analysis tools for evaluating the network's security posture, and emulation tools to mimic real-world network conditions and validate the model's effectiveness.

• Key Outcomes: 1 Journal and 5 Conference Publications.

• Description: The objective was to overcome the inherent limitations of existing distributed mesh networks by creating an adaptive, secure network model. This model introduces a novel routing protocol and a comprehensive security framework, aiming to enhance network scalability, reliability, and security.

  1. The routing protocol innovates with a geolocation-based addressing system and dynamic data transmission methods, employing 'smart packets' to navigate the mesh network efficiently. This system is supported by a web register that assists in network operation and scalability.

  2. The security framework is tailored to the dynamic topology of mesh networks, ensuring robust security without overburdening the system. It encompasses:

     • Authentication: Adapts to network changes and constraints, utilising real-time data to authenticate devices securely.

     • Encryption: Combines symmetric and asymmetric encryption to protect data while optimising resource use.

     • Key Management: The Multi-Path Anonymous Randomized Key (MPARK) distribution scheme enhances security by minimising the risk of key compromise through the use of anonymity, randomness, and strategic decoys.

This research aimed to address critical challenges faced by distributed mesh networks, offering a scalable, secure solution that could revolutionise connectivity in off-grid scenarios. The advancements made through this project have the potential to significantly impact how distributed networks are implemented and secured, paving the way for more resilient and efficient communication systems in remote or infrastructure-challenged environments.

• Task: Creation of a comprehensive web-based portal to enhance administrative efficiency and student engagement within Amity University's hostel system.

• Technology Used: Developed using Visual Studio and Drupal, supported by bespoke confidential proprietary software to ensure robust performance and security.

• Project Partner: Amity University Gurgaon.

• Description: Aimed at modernising the hostel management experience, this project introduced an intranet-based portal designed to streamline the complaint registration process, offering students a straightforward method to voice concerns with guaranteed follow-up times. Moreover, the portal serves as a central hub for distributing vital notices and facilitates efficient information exchange between students and administrative staff. By enhancing communication and administrative processes, the portal significantly improves the overall residential experience for students, underscoring our commitment to leveraging technology for community betterment.

• Task: Creation of a Graphical User Interface (GUI) Module featuring standardized templates for online form filling, designed for the National Informatics Centre (NIC) under the auspices of the Department of Electronics and Information Technology, Government of India.

• Technology Used: The project leveraged Visual Studio for development, Drupal as the content management framework, and specialized confidential proprietary software to ensure robust security and operational efficiency.

• Description: This initiative focused on constructing GUI-based templates aligned with “Metadata and Data Standards- Demographic Version 1.1,” facilitating a seamless and dynamic user experience. These templates were engineered to bolster secure data entry through comprehensive validation and verification processes, without compromising on user accessibility. The integration of these standardised templates significantly streamlines the online submission process, enhancing data accuracy and security for various governmental digital services. This development marks a critical step forward in simplifying and securing online interactions between the government and the public.

• Task: Development of a Secure Payroll Generation System for The State Trading Corporation of India Limited (STC), a prestigious international trading entity operated by the Government of India.

• Technology Used: Utilized Microsoft Access for database management and custom proprietary systems for enhanced security and data processing capabilities.

• Description: Aimed at modernising and streamlining STC's payroll operations, this project focused on creating an automated payroll system. By transitioning from manual to automated processes, the system efficiently manages monthly tasks such as generating, updating, and editing employees' salary details and statutory reports. A key feature of the system is its ability to securely transfer payroll data to banks for processing, ensuring a remarkable 99.99% accuracy rate. Following its successful implementation, the system was adopted across STC's corporate office and over ten major branches nationwide, marking a significant advancement in the company's payroll management and operational efficiency. A modified version of the system is still being used to date.