Researcher

Dr Nalin Asanka Gamagedara Arachchilage

Biography

My name is Nalin Asanka Gamagedara Arachchilage (too long, isn't it? I admit that this can be confusing sometime). I am a Lecturer in Cyber Security in the Australian Centre for Cyber Security (ACCS) at the University of New South Wales (UNSW Canberra at the Australian Defence Force Academy). I hold a PhD in Usable Security entitled “Security Awareness of Computer Users: A Game Based Learning Approach” from Brunel University London, UK...view more

My name is Nalin Asanka Gamagedara Arachchilage (too long, isn't it? I admit that this can be confusing sometime). I am a Lecturer in Cyber Security in the Australian Centre for Cyber Security (ACCS) at the University of New South Wales (UNSW Canberra at the Australian Defence Force Academy). I hold a PhD in Usable Security entitled “Security Awareness of Computer Users: A Game Based Learning Approach” from Brunel University London, UK (External examiner: Professor David Benyon). My research focused on developing a game design framework to protect computer users against "phishing attacks". I obtained a BSc (MIS) Hons from University College Dublin, National University of Ireland and have completed a master's degree, MSc in Information Management and Security at the University of Bedfordshire, UK. I'm a Sun Certified Java Programmer (SCJP) at Sun Microsystems (now Oracle), USA. I am also a professional member of Association for Computing Machinery (ACM).

My main research interests are Usable Security and Privacy, Cyber Security, Economics of Security & Privacy, Trust, Cybercrime, HCI, Mobile HCI, Serious Games for Cyber Security Education and e-Learning Security. My research is inter-disciplinary in nature and has published numerous articles at reputed international conferences and journals.

Prior to undertaking my current position at the University of New South Wales (UNSW Canberra at ADFA), I worked as Research Fellow in Usable Security and Privacy in the Laboratory of Education and Research in Software Security Engineering (LERSSE) at the University of British Columbia (UBC), Canada. Before moving to Vancouver, I was a Postdoctoral Researcher in Systems Security Engineering in the Cyber Security Center, Department of Computer Science at Oxford University.

I worked on a number of lecturing positions in Computer Science at Brunel University, University of Bedfordshire, Westminster University and Central Bedfordshire College in the UK. Before moving to UNSW Canberra, I briefly worked as Sessional Lecturer in Computer Science at Deakin University, Victoria University and Central Queensland University (CQUniversity) in Melbourne, Australia. Apart from my academic career, I also worked on a number of software engineering roles ranging from Programmer, Software Engineer to IT Manager where I gained hands-on experience and skills on various technologies such as Java, Java EE, Java ME, Php, HTML, XML, R-DBMS, Oracle, MySQL, UML, Linux (Ubuntu), Android SDK, Netbeans and Eclipse. I have also gone through a Linux Network Administration training program.

Research Synopsis 

My primary research interests are at the intersection of computer security, human computer interaction (HCI), and on-line privacy, in an area known as usable security and privacy. Many aspects of computer security synthesize technical and human factors. If a highly secure system is unusable, users will try to by pass the system or move entirely to less secure but more usable systems. Problems with usability contribute to many high-prole security failures today in the technology-filled world. Nevertheless, usable security is not well-aligned with traditional usability for some reasons. First, security is not very often the primary task of the user. In most cases, security is not the primary purpose of using a computer. People use computers to shop, socialize, communicate, and be educated and entertained. Many applications handle security issues through security alerts that interrupt users primary task. Therefore, users represent security as a secondary task. Whenever security is secondary, it opposes the usability of the primary task: users find it is distracting and therefore they would rather ignore, circumvent, or even defeat. Second, securing information is about understanding risk and threats. Unlike traditional research in HCI, (usable) security and privacy focuses on the context of an adversary whose goals are to manipulate the user rather than breaking into the system straightaway. Therefore, this poses a great challenge for researchers, who need to model and reason about how the adversaries (i.e. bad guys) will make their attacks successful. Of course, it is rather important to understand how the user behaviours can be leveraged to protect themselves from cyber attacks. Such communication is most often unwelcome in the HCI community. Increasing unwelcome interaction is not a goal of usable security and privacy design. Third, discrete technical problems are all well-understood under the umbrella of on-line security and privacy (e.g., attacks such as phishing, malware, spyware, social engineering, Distributed Denial-of-Service or DDoS attack). A broader concept of both security and usability is therefore required for usable security. My goals are to investigate how users manage their security and privacy in existing systems in order to design new systems that achieve better privacy and security solutions by taking end users into account.

Future Research

In future work, I plan to apply my research expertise and skills to applications that are likely to have high social value and impact. In particular, my expertise is in user requirements analysis, data collection, data analysis functional interface design and development, experimental design, and information visualization. I will continue to apply this expertise to the many real world research problems on the human aspects of computer security and privacy. My immediate research goal is to continue my work on studying: improving security APIs, serious games for cyber security education (e.g. designing games to thward phishing attaks, usable access control games), personal cyber risk management planning, security and privacy in wearable embedded systems, privacy-preserving e-healthcare system and fall-back authentication mechanism.

***I'm always looking for good PhD students and Postdoctoral Researchers to work on "usable security and privacy" research, especially "designing secure systems that people can use"***

When emailing, I use and encourage the use of GPG, so called GnuPG (equivalent to PGP). I prefer to receive encrypted email messages. Please use the key (Expires: 30 August 2020) below if you wish to send me encrypted email messages. 

PGP Key ID: 0B6EE872
Fingerprint: B2D3 FB00 4E06 EE08 29CD  0927 C663 226E 0B6E E872

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
 
mQINBFfFgogBEADvO0DlTdbuY3vL627A2E8CBW1g7GYKVgFhNXqSQ1AOj/0Vtnoc
9tpmPsBhdoGawMaRkfjKHnDi1agIfe5pHh5xfXRNgtkklkv+TncZxpU6VRCg8Vd4
EEg+ncfeEOI6V+D+n4mhYoTT2hxRWtMbaaBmoqDjyWnYrhFyCtGRO5xkshH16vBM
xAOOeKAsQrn7npC2aAzgIZIxcAmmIsn5iyYjxcmazEFfJjRgkk0Fu01h8lejGDvd
Kwy4WuhQeDjDR0Jli/1x4oMKz2+QHKx1ZE5a+gFHGQFxy53fagrgIA/SdJMBvYx4
MBBjJN3WmlpG7ExFzCZiqJmDEcNSssDLns01KrkNEx0HfdtpVCzHWviFwUdnAi0Y
qI+tNVELlt4UVf+NiZteZFv9NJG360Y1UugjFa3Vb5j15YoB66sUZCktXvByMFKU
6Y2y/8hXOM8qbq3rn3ISkdrXWQP0Nwdipq3jD7jBPWRj4D2mkt18a+ebHzzZdS5b
/YXmafF/5a9M72f9t6dR9HWiSOrt7Psy+yxjWl2ao+TmWF7VAq6LbugUCBYd0/YP
Zxmjfm8JWkzT4dJwTbMqiwOiqqdvliFqEbJcvuP5UOXBH51Kfh0s21zFBu1mmzL8
egHMrrcqFzYRfOLKr3ViPjwWYuQmIhF01XBpzXOERsRXekRt3STK5ebIQQARAQAB
tCNOYWxpbiBBc2Fua2EgPG5hbGluLm5pYm1AZ21haWwuY29tPokCPQQTAQoAJwUC
V8WDSwIbAwUJB4YfgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDGYyJuC27o
cj+aEACQk2h9CFy1wG88eMsN+33TVMbEZTpZ2cbAmH9Q3YmpxYLXjqO1WKACq4Rx
m1jj9rGS1Yp/J+doegiKh0kKSHI1Qyii+XMLHZO2ekOYZs/BY8+E7t9FjD608Enk
aek6I6ShnhRlSUwZqNdF2onwvWdqGKL7Bh2JTpNtgBcB4nZNURFJTePUmS6DsIaE
dtZ1quqzeOg/Y73RhbIHJrHgf/eZY+wbFOsy0w3krNCw2c7E7NZxwC/cgFMLymtM
Rx2wIq6j9S/2ia7OzCGimmnOMrtT1ObddqnJ6QvnoAH1B87SqGT0U8MXabIjUSiw
hb9Vzl9H/tP+//387gDu4RS3Os+SngI+0bcw/sOaqwU99L4zd1336n+8t1O+On3E
uXJ5bHP+UeulessnQyMD5oa8rufQaRZbb/Oyio/nzzExFNQITMw1gH31EH3x5JtI
pCDbf87AhToL1R47bmjX/17Fo4XBd3FVwjYir5NE5svP/8gkQScIllne9p7nKks1
ElYp/HmgCsBlIeCs3Z+ka4UM3kW7bOc8yNwsthXLf8Dqo4HOFAxbWT6fxdleYBUQ
VlTpR2aLSaI+cszQWj/tJPho1eOigXIJGzO4/MIMDSBPDrQgSkNsw6PFjOmk2D+J
d1/8/8Jj7gleJ3YM6DCj8R2wyFFO53j5ssDP1l3nETUBB3AG77QnTmFsaW4gQXNh
bmthIDxuYWxpbi5hc2Fua2FAYWRmYS5lZHUuYXU+iQJABBMBCgAqAhsDBQkHhh+A
BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJXxYNwAhkBAAoJEMZjIm4LbuhyHpEQ
ALroPrwQwgxRyKquMLY7PN/c2SpQBLf43j0wRqnm8sWH/HmE5cmjiC4/MTRioneT
8L9LFnmMamr/tICTr91wgROw19jB6CPi0P0CBhHvUP/pphzt3+5Iz9mo2jpN8+YG
O2UHfgVPwjfuXYeEKqAIecDtabjSWCq0bZJ2GZm1qSRSHbRdrgdQN2F+ozil3FEu
006+zmwoad3Lf9PA0GaqfEecBkhgY6Gt2Lz2k7msQ2etqWU2zdtBoYHgKbqAF67z
MdCcKrjXJ7M/gc/0AeCZlUwzMQPOZ6zn8kBWepNfG0Ditil/R/CpxSySSL1QWN+a
fRgqjINnsxxeZt6gbN6kj9uIKkeyvMtesFZAvr7TUa1IxpAAGN3lWwABwrunVHdU
JvsQpM7Hi9YWeCsU6bdA8DaaCbLbQGDjIZ3jjen0PReqin3VIJWfaCXlbQvcPTFH
02OPv4zheB8JOXbi9Vbov8Nu0JO4KvBPeylS7L4qIlAPuzCd4kfYHZIvIxlQBGna
bs2UUjNej+a2CfNuLT9iKPLqfdf62q0CSy6iYVupZ/VOm0d1Rlqc6kb2nV30/uo6
NI1SU+PeUhGdzK845hcU2w3rI4w4a4dPyV4XtR8SAgTcVjMAY2yuVYo0OkQ6Ml9b
E1IAFudivNE8UpyI1GMUl4+6PBIrRzjsNP9MCeCOnI5JuQINBFfFgogBEADhJWdH
SPSWBfRGcuVIlCFevTfRyPdmNPZN+b3n7/zA38zQ1I36hKZm9NEE1L8WllI7N+Tu
GTNdJo4b4IroHrgqhZYPvUx4JlpN7pf+Rewpv7D5ukGyRPHQe8IGPn81yaw998/G
GefVi4EaDStE4iBdDTaOfjuv188E0zIHnBYTiWYqpwdToZUp11IRqRbpJVSkluPL
Rbvx5KMg/JHOlnkk85H20F2HbwySHLXzwBfPxfJSy/pJbPtX7iOJHDY+Nl04AD3x
xDfIPb/Jr7ydA9xtE1l6aT6vQUBLj/hmFyrVVUAK9oA+DuGKRbkjFq40D6i7aGfH
sLxirSPhRKYJLlV1Bn4dWG4PNkmHrIwo9xMyyZ2OoUcQSRJd3bQJMCZRNApPFWg5
wJ1TTjXuIZBoE93EeZMIsjh5LPk485TzGuPQum2pf7arfysHCu7mFJkYDDpkf9b4
Kmj6GthzfG4+rcqX8peesnk2XNXcFUehSY5MPHLaS9s0WBmyueCoIYgQ2V4gEJBl
mV2fMU6lOJWW+0pnvLE92h0mFZwXwghOYGCt3tRVzwaq898RI1sN5wRnVsTCJrGe
kHXOqmt2YEpXb9xtlCxGyMtpyGxCnPvep3dtk9YAim1boyKhxL8LsjGmGRifl4HQ
cGO4n8jUXOuNc+3jpfnT7mY94NIfJxo3vEvRAwARAQABiQIlBBgBCgAPBQJXxYKI
AhsMBQkHhh+AAAoJEMZjIm4LbuhyF5UP/1Q/Dg2LefAccd3i9WqQ81mh0oF76Lol
z20xak0k5fmDC/FMerePXzvnQFsanbzkLkAI4+nTL8if5EQonWHDVmU2tAXR3e32
82UpyIr5k47q3BjrwvBW689wcmvKVQ9U7pptNCwWfNOR5Qi3QigQCyF8IJ7qfEs0
GBHuBfJ6ShKtTr7ob9eRUToLQlqL35iwLIoWm/hkZQmmmJuAUzNcNKXxuIJ9ZQDw
Qwqfe+c6qQjbdV7rJSLp/JJ3qvECSFuCBnJJPRMBvQTDkkfKPwpot90WDoLW0i7M
tTHGED7Xa9lv6K4yyYGOaM15mYBSSoUNY8SdnASrhNAWvMxtL61ZZTDUePszR8pL
sKR8tA3FgNtPM7XcM7dVlXzzFRQ9LFSSWEkT7Xm0aNlIytKwnH5v5VdvuScIGHxh
uWrMLN5ehsMCXuNdnrMhZ0DknZVC49jq3mDCm5lAXWwwZMPAoT2pFg8y141Xl7fA
aFzuYUyZKoCty/4MHqGofKTBGiXbKSw5xb07+N9v6qHXdAD03mXoOxj14n5bZYmv
L6Bn2V+pURL89g+JlW9fWvkF8iu0VdEKC604sHoW59g9Cnf5IuQneoxnIufS+sR4
QHitG8PtCNY9jLYc4vGffLcPoIo+hN5GCqIlwllAGI5RwKGn8QQqzTw66Id67VSM
bFEOC48o7eXG
=X6Gz
-----END PGP PUBLIC KEY BLOCK-----


View less

Location

Building 26 Room 118
Australian Centre for Cyber Security (ACCS)
The University of New South Wales
Australian Defence Force Academy
PO Box 7916, Canberra BC ACT 2610
AUSTRALIA

Contact

(+61) 452 571 802

Follow

Research Activities

Improving usability of security APIs: Software companies are placing more burden on the API (Application Programming Interface) developers to create usable security mechanisms as a result of continuing research into encouraging secure user behavior. Let's assume that API developers create an API which is read-only. Therefore, the application developer can only view information but cannot alter the information in the API's data under any circumstances. For example, API for stock market allows developers to request data (i.e. the value) on the current stock. However, what if…

Videos

Touch ID and iPhone Security: This easy video explains in plain English the main findings of our research paper (entitled "On the Impact of Touch ID on iPhone Passcodes") presented at the Symposium on Usable Security and Privacy (SOUPS) 2015.