Samir Dilipkumar Saklikar

PhishGuard: A browser plug-in for protection from phishing

Phishing is an act of identity theft aimed at acquiring sensitive information such as usernames, passwords, credit card detail etc., by masquerading as a trustworthy entity in an electronic communication. Phishers use a number of different social engineering mechanism such as spoofed e-mail to try to trick their victims. Data suggests that some of the phishing attacks have convinced up to 5% of their recipients to provide sensitive information to spoofed websites resulting in a direct loss of multi Billion Dollars across the countries. Though there are many existing anti-phishing solutions, Phishers continue to succeed to lure victims. In this paper, we have proposed a novel algorithm which aims at identifying a forged website by submitting random credentials before the actual credentials in a login process of a website. We have also proposed a mechanism for analysing the responses from the server against the submissions of all those credentials to determine if the website is original or phished one. Though our idea is generic and would work in any authentication technologies which are based on exchange of any credentials, our current prototype is developed for sites supporting HTTP Digest Authentication and accepting userid and password pair as credential. Our algorithm is developed within a browser plug-in for Mozilla FireFox v3.0. and can detect phishing attack conclusively.

Next steps for security assertion markup language (saml)

The Security Assertion Markup Language (SAML) has established itself as one of the most advanced and popular standards in the Identity Federation and Assertion management space. SAML 2.0 has proved to be an almost complete specification, without requiring any frequent updates to handle various existing Federation scenarios. This paper attempts to analyze and propose incremental enhancements to the SAML core specification, without breaking any of the existing functionality. The goal is to identify such generic extensions, which in turn can enable various other functional usages, inline with SAML.s design goals of Federation Enablement and Asserted Information exchange. The utility of the proposed extensions is proved, by showing how they enable various higher level concepts in SAML, which in turn can enable a richer suite of Federation and Assertion-based interactions. These extensions include Dependent Assertions, Action Assertions, Assertion Queries and Requests, with the final consolidation into a proposed extended SAML framework. This extended SAML framework is used to build a prototype implementation of a Mobile-Device based Web Services framework, for enabling Mobile-Messaging based Service invocations, within a Federation of the Mobile Service Provider and multiple Mobile Application Providers.

User privacy-preserving identity data dependencies

Identity Federation technologies have enabled users to leverage their relationships with an Identity Provider (IdP) into a Service Providers (SP) domain. They allow user-initiated and IdP-controlled sharing of authentication information, attributes and authorization policies, allowing users to get benefits like Single Sign On (SSO) and attribute linking across the different domains. Federation-based Identity Services have enabled a standardized mechanism of sharing a particular type of user identity information with interested SPs. Yet, with increasing focus on composite as well as personalized user experiences, different types of User Identity Data need to be used together. In this paper, we argue that there is a lack of standardized mechanisms for resolution and ownership, when it comes to data associations across different Identity Providers. Additionally, users have different privacy requirements for these different kinds of interacting identity information and need mechanisms to enforce them. We propose a solution which allows users to define privacy-preserving data dependencies between their different Identity information. Thus, a query for a particular user information, would honor and traverse its associated data dependencies, possibly triggering user-defined policies, to come up with a resultant set of identity information.

Identity Federation for VoIP systems

Identity Federation enables Users to effectively manage their multiple Identities spread across different administrative domains. It leverages trust between the Identity Providers to allow Users to federate and share their Identity information to receive cross-domain Identity benefits. In this paper, we argue that with increasing number of VoIP providers as well as the ability for Users to host and self-manage their own VoIP Identities, an Identity Federation-based solution is required for VoIP as well. The paper analyzes differences for Identity Federation within VoIP scenarios, as compared to existing Web-based scenarios. We propose the VoIP Identity Federation Framework, enabling a User to establish Identity Federation as well as the assertion of any relevant Identity information from one VoIP context to another. The framework is designed using simple application-usage agnostic primitives viz. federate-out and federate-in, which can be applied within any VoIP Protocol scenario. One of the primary design goals has been to model these enablers as an independent protocol, so that they can be piggybacked on any of the existing VoIP protocol scenarios. As a result, Identity Federation benefits can be easily applied to any existing or future VoIP-based application usages. Another important aspect is to enable sufficient User control within the Identity Federation framework. We also present a set of exemplary yet novel use-cases enabled by the proposed framework.

Zero-Cost Negative-Cost (ZCNC) mobile messaging

In this paper, we present a novel application for subsidizing the cost of SMS-based messaging, especially in mobile operator networks which have started showing the ldquointentional missed callrdquo phenomenon. The existing SMS infrastructure is augmented with an advertisement capability, borrowed from the Internet model to either subsidize the cost of or even provide a credit to the SMS originating User. In addition to user-to-user messaging, this application can also find acceptance in small and medium sized enterprises, which rely on SMS-messaging to reach their consumers. We describe an overall architecture for the proposed Zero-Cost Negative-Cost (ZCNC) mobile messaging, with related discussion on itpsilas different usage scenarios.

A Social Query Protocol for User-level Information Exchange

Social networking-based activities on the Internet are seeing huge popularity, riding on the strength of the standard- ized Really Simple Syndication (RSS) platform, which allows for a cross-domain sharing of content (user generated or otherwise). Though there has been an increase in the social network of an Internet User, it is primarily being used for sharing self- generated content (blogging, podcasting) or by the web-sites for generating advertisement revenues. There are no standardized means for a user, to leverage this social base for pulling out some information. Search mechanisms are limited to sifting through information which is pre-published by social peers, rather than asking for some specific information from a social network. In this paper, we argue that due to the lack of a standard cross- domain query mechanism, users are not able to able to take full advantage in the collective intelligence of their social community. We propose a generic social query protocol, which allows a user to propagate application-specific queries within their social network and receive appropriate answers.

A Social Query Framework

In recent times, there has been a huge increase in Social-networking based activities on the Internet. Users have started using the Internet, not only for collaborating with each other but also taken on a new role of being Information prosumers (producers + consumers). The standardization of the really simple syndication (RSS) platform, which allows for a cross-domain sharing of content (user generated or otherwise) has helped by making information access easier, giving rise to online phenomena such as Blogging, Vlogging and Podcasting. Users have increased their reach into the world of Internet users, leading to a huge growth in their (mostly online) Social Network. Yet, such a network is being primarily used for sharing user-generated content or by the web-sites for generating advertisement revenues. More ever, existing technologies only facilitate a User to consume that, which is pushed by others. There are no easy or standardized mechanisms for a user, to leverage this social base for pulling out specific information from their social network. In this paper, we argue that due to the lack of a standard cross-domain query mechanisms, users are not able to take full advantage in the collective intelligence of their social community. We propose a generic Social Query Framework, which allows a user to propagate application-specific queries within their social network and receive appropriate answers.