Researcher

Dr Nalin Asanka Gamagedara Arachchilage

Field of Research (FoR)

Biography

My name is Nalin Asanka Gamagedara Arachchilage (too long, isn't it? I admit that this can be confusing sometime). I am a Lecturer in Cyber Security in the Australian Centre for Cyber Security (ACCS) and School of Engineering and Information Technology (SEIT) at the University of New South Wales (UNSW Canberra at the Australian Defence Force Academy), where I lead the OzUSec (Australian Usable Security) research group. Apart from my teaching,...view more

My name is Nalin Asanka Gamagedara Arachchilage (too long, isn't it? I admit that this can be confusing sometime). I am a Lecturer in Cyber Security in the Australian Centre for Cyber Security (ACCS) and School of Engineering and Information Technology (SEIT) at the University of New South Wales (UNSW Canberra at the Australian Defence Force Academy), where I lead the OzUSec (Australian Usable Security) research group. Apart from my teaching, I also research in the area of usable security and privacy (i.e. designing secure (and also privacy) systems that people can use) and supervise postdoctoral researchers and postgraduate students (PhD/MPhil) with refereed publications and thesis.

I hold a PhD in Usable Security entitled “Security Awareness of Computer Users: A Game Based Learning Approach” from Brunel University London, UK (External examiner: Professor David Benyon). My research focused on developing a game design framework to protect computer users against "phishing attacks". I obtained a BSc (MIS) Hons from University College Dublin, National University of Ireland and have completed a master's degree, MSc in Information Management and Security at the University of Bedfordshire, UK. I'm a Sun Certified Java Programmer (SCJP) at Sun Microsystems (now Oracle), USA. I am also a professional member of Association for Computing Machinery (MACM), The Institute of Electrical and Electronics Engineers (MIEEE) and The Australian Computer Society (MACS).

Prior to undertaking my current position at the University of New South Wales (UNSW at ADFA), I worked as Research Fellow in Usable Security and Privacy in the Laboratory of Education and Research in Software Security Engineering (LERSSE) at the University of British Columbia (UBC), Canada. Before moving to Vancouver, I was a Postdoctoral Researcher in Systems Security Engineering in the Cyber Security Center, Department of Computer Science at Oxford University.

My main research interests are Usable Security and Privacy, Cyber Security, Security Economics, Trust, Cybercrime, Human Computer Interaction, Serious Games for Cyber Security Education and e-Learning Security. My research is inter-disciplinary in nature and has published numerous articles at reputed international conferences and journals. I have also presented my research at Facebook Headquarters, Menlo Park, California, USA and collaborated with HP in a research capacity at the HP Lab, Bristol, UK. I have been an invited speaker for conferences both nationally and internationally. I served as demos and works in progress chair, publicity chair, programme committee member, technical/web-master in a number of reputed international conference as well as regularly review articles (in the area of usable security and privacy) at reputed international conferences and high impact factor journals. 

I have an extensive teaching experience across all levels of teaching in relatively small (size of cohort: 20) as well as large classes (size of cohort more than 250). I currently work on developing, updating managing and delivering the curriculum for a number of courses (ZEIT3120 Programming for Security, ZEIT8036 Humans and Security and ZEIT8037 Cyber Security Risk Management) at UNSW. I am the course convenor for the Chief of Army Honours students and convened the  ZEIT8029 Network and Mobile Device Forensics in 2016.

I worked on a number of academic positions in Computer Science at Brunel University, University of Bedfordshire, Westminster University and Central Bedfordshire College in the UK. Before moving to UNSW Canberra, I briefly worked as Sessional Lecturer in Computer Science at Deakin University, Victoria University and Central Queensland University (CQUniversity) in Melbourne, Australia. Apart from my academic career, I also worked on a number of software engineering roles ranging from Programmer, Software Engineer to IT Manager, where I gained hands-on experience and skills on various technologies such as Java, Java EE, Java ME, Php, HTML, XML, R-DBMS, Oracle, MySQL, UML, Linux (Ubuntu), Android SDK, Netbeans and Eclipse. I have also gone through a professional Linux Network Administration training program.

Research Synopsis 

My primary research interests are at the intersection of computer security, human computer interaction (HCI), and on-line privacy, in an area known as usable security and privacy. Many aspects of computer security synthesize technical and human factors. If a highly secure system is unusable, users will try to by pass the system or move entirely to less secure but more usable systems. Problems with usability contribute to many high-prole security failures today in the technology-filled world. Nevertheless, usable security is not well-aligned with traditional usability for some reasons. First, security is not very often the primary task of the user. In most cases, security is not the primary purpose of using a computer. People use computers to shop, socialize, communicate, and be educated and entertained. Many applications handle security issues through security alerts that interrupt users primary task. Therefore, users represent security as a secondary task. Whenever security is secondary, it opposes the usability of the primary task: users find it is distracting and therefore they would rather ignore, circumvent, or even defeat. Second, securing information is about understanding risk and threats. Unlike traditional research in HCI, (usable) security and privacy focuses on the context of an adversary whose goals are to manipulate the user rather than breaking into the system straightaway. Therefore, this poses a great challenge for researchers, who need to model and reason about how the adversaries (i.e. bad guys) will make their attacks successful. Of course, it is rather important to understand how the user behaviours can be leveraged to protect themselves from cyber attacks. Such communication is most often unwelcome in the HCI community. Increasing unwelcome interaction is not a goal of usable security and privacy design. Third, discrete technical problems are all well-understood under the umbrella of on-line security and privacy (e.g., attacks such as phishing, malware, spyware, social engineering, Distributed Denial-of-Service or DDoS attack). A broader concept of both security and usability is therefore required for usable security. My goals are to investigate how users manage their security and privacy in existing systems in order to design new systems that achieve better privacy and security solutions by taking end users into account.

Future Research

In future work, I plan to apply my research expertise and skills to applications that are likely to have high social value and impact. In particular, my expertise is in user requirements analysis, data collection, data analysis functional interface design and development, experimental design, and information visualization. I will continue to apply this expertise to the many real world research problems on the human aspects of computer security and privacy. My immediate research goal is to continue my work on studying: improving security APIs, serious games for cyber security education (e.g. designing games to thward phishing attaks, usable access control games), personal cyber risk management planning, security and privacy in wearable embedded systems, privacy-preserving e-healthcare system and fall-back authentication mechanism.

*** "I'm always looking for good PhD students and Postdoctoral Researchers to work on "usable security and privacy" research, especially "designing secure systems that people can use" ***

Media Contributions

My research has been featured in numerous media outlets including ABC News Radio, SYN Radio 90.7 FM, Sky News Australia, Daily show on Radio 2SER 107.3, Choice - Australia, Guardian labs (sponsored by Intel Corporation, Australia) and UNSW TV.

Daily show on Radio 2SER 107.3: I was involved in a discussion on "The Petya ransomware attack". "Daily Show" is typically a free-owing, conversational program on Radio 2SER 107.3. | 29 June 2017

"ABC NEWS Afternoons" with Mandy Presland on ABC NEWS Radio: I was involved in a discussion on "Phishing Scams". "ABC NEWS Afternoons" is typically a free-owing, conversational program on ABC NEWS Radio. | 19 June 2017. 

Panorama show on SYN Radio 90.7 FM: I was involved in a discussion on "WannaCry ransomware (cyber) attack and what we can do about it in Australia". "Panorama" is SYN's agship news and current aairs show, covering news, politics and culture. | 15 May 2017. 

Daily show on Radio 2SER 107.3: I was involved in a discussion on "How Do The New Data Notication Laws Aect You?". "Daily Show" is typically a free-conversational program on Radio 2SER 107.3. | 16 February 2017.

The Sydney Morning Herald and UNSW TV: In the age of phishing and hacking, here are three steps to help you become a cybersecurity expert, Dr Nalin Asanka Gamagedara Arachchilage. | 28 December 2016.

"Cyber in Business" - Addressing the cyber skills shortage: I was involved in a panel discussion on addressing the cyber skills shortage in Australia. "Cyber in Business conference" in Melbourne, Australia. | 09 December 2016.

"Sunday Live" with Janine Perrett on Sky News: I was involved in a panel discussion (Sky News studio in Parliament House in Canberra) on cyber security in Australia. "Sunday Live" is typically a free-owing, conversational program on Sky News. | 30 October 2016. 

Insurance tracker apps - good for the consumer?: I was interviewed by Choice, Australia. CHOICE is the consumer advocate that provides Australians with information and advice, free from commercial bias. | 6 October 2016.

How safe are you from hackers?: I was interviewed by Guardian labs, Australia. The article was sponsored by Intel Corporation, Australia. | 29 September 2016.

eLifeMagazine: I was interviewed by eLife Magazine at the University of Bedfordshire, UK, 2011.

Invited Talks

I have been an invited speaker for conferences both nationally and internationally. 

Office of the Government CISO in Australia: I was invited to deliver a talk (represented ACCS and SEIT at UNSW Canberra) about "Human Factors in Cyber Security: A gamied approach for cyber security education" to an industry audience at the Office of the Government Chief Information Security Ocer (GCISO), Sydney. The audience consisted of representatives from major industries in Australia including Data 61. | Thursday, 17 August 2017.

 

Australian Computer Society (ACS) Annual Conference: I am an invited speaker (represented ACCS and SEIT at UNSW Canberra) for the ACS Annual Conference, where I talked about "Human Factors in Cyber Security" | Tuesday, 15 August 2017.

CSO LiveWebinar | Email Fraud: Why you can't trust your emails anymore: I am an invited speaker (represented ACCS and SEIT at UNSW Canberra) for the CSO Live Webinar, sponsored by Proofpoint in Australia, where I talked about "Business  Email Compromise" | Tuesday, 13 June 2017.

ERM for Government 2017 in Australia: I am an invited speaker (represented ACCS and SEIT at UNSW Canberra) for the 11th annual ERM for Government 2017 in Australia, where I talked about “Leveraging Cyber Enterprise Risk Management to Mitigate Risk of Cyber-Attacks" | Wednesday, 26 April 2017.

Cyber in Business Conference, Australia: I am a panelist (represented ACCS and SEIT at UNSW Canberra) at the University Leaders Panel | 1 December 2016.

GovInnovate: Digital Government Conference, Australia: I am panelist (represented ACCS and SEIT at UNSW Canberra) at “Human factors in cyber security and thwarting phishing attacks" | 14 - 16 November 2016.

Government Digital Transformation Conference, Australia: I am panelist (represented ACCS and SEIT at UNSW Canberra) at “Human factors in cyber security" | 24 - 25 October 2016.

Australian Information Security Association (AISA) National Conference, Australia: I am panelist (represented ACCS and SEIT at UNSW Canberra) at “National cyber security education" | 18 - 20 October 2016.

Australasian Simulation Congress 2016, Australia: I was panelist (represented ACCS and SEIT at UNSW Canberra) “It's Not Just Entertainment, The Many Faces of Games in Society" | 29 September 2016.

Sydney Financial Information and Technology Summit, Australia: I was a panelist (represented ACCS and SEIT at UNSW Canberra) at “Getting ahead of Cybercrime" | 17 August 2016.

ANZ bank, Australia: I was invited to deliver a talk (represented ACCS and SEIT at UNSW Canberra) about “Serious Games for Cyber Security Education" to an industry audience at ANZ bank, Melbourne. The audience consisted of representatives from major industries in Australia including Telstra, NBN, NAB, Auspost, Sportsbet, Medibank and MCG. | Monday, 11 January 2016.

ERM for Government 2016 in Australia: I am an invited speaker (represented ACCS and SEIT at UNSW Canberra) for the 10th annual ERM for Government 2016 in Australia, where I talked about “Increasing awareness and education around cyber security" | Friday, 29 April 2016.

The British Council, Sri Lanka: I am an invited speaker (followed by an interview) at the Education UK unit at the British Council, Sri Lanka, where I talked about “How to conduct research in the UK" (over 200 participants), 2011.

Emailing me

When emailing, I use and encourage the use of GPG, so called GnuPG (equivalent to PGP). I prefer to receive encrypted email messages. Please use the key (Expires: 30 August 2020) below if you wish to send me encrypted email messages. 

PGP Key ID: 0B6EE872
Fingerprint: B2D3 FB00 4E06 EE08 29CD  0927 C663 226E 0B6E E872
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
 
mQINBFfFgogBEADvO0DlTdbuY3vL627A2E8CBW1g7GYKVgFhNXqSQ1AOj/0Vtnoc
9tpmPsBhdoGawMaRkfjKHnDi1agIfe5pHh5xfXRNgtkklkv+TncZxpU6VRCg8Vd4
EEg+ncfeEOI6V+D+n4mhYoTT2hxRWtMbaaBmoqDjyWnYrhFyCtGRO5xkshH16vBM
xAOOeKAsQrn7npC2aAzgIZIxcAmmIsn5iyYjxcmazEFfJjRgkk0Fu01h8lejGDvd
Kwy4WuhQeDjDR0Jli/1x4oMKz2+QHKx1ZE5a+gFHGQFxy53fagrgIA/SdJMBvYx4
MBBjJN3WmlpG7ExFzCZiqJmDEcNSssDLns01KrkNEx0HfdtpVCzHWviFwUdnAi0Y
qI+tNVELlt4UVf+NiZteZFv9NJG360Y1UugjFa3Vb5j15YoB66sUZCktXvByMFKU
6Y2y/8hXOM8qbq3rn3ISkdrXWQP0Nwdipq3jD7jBPWRj4D2mkt18a+ebHzzZdS5b
/YXmafF/5a9M72f9t6dR9HWiSOrt7Psy+yxjWl2ao+TmWF7VAq6LbugUCBYd0/YP
Zxmjfm8JWkzT4dJwTbMqiwOiqqdvliFqEbJcvuP5UOXBH51Kfh0s21zFBu1mmzL8
egHMrrcqFzYRfOLKr3ViPjwWYuQmIhF01XBpzXOERsRXekRt3STK5ebIQQARAQAB
tCNOYWxpbiBBc2Fua2EgPG5hbGluLm5pYm1AZ21haWwuY29tPokCPQQTAQoAJwUC
V8WDSwIbAwUJB4YfgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDGYyJuC27o
cj+aEACQk2h9CFy1wG88eMsN+33TVMbEZTpZ2cbAmH9Q3YmpxYLXjqO1WKACq4Rx
m1jj9rGS1Yp/J+doegiKh0kKSHI1Qyii+XMLHZO2ekOYZs/BY8+E7t9FjD608Enk
aek6I6ShnhRlSUwZqNdF2onwvWdqGKL7Bh2JTpNtgBcB4nZNURFJTePUmS6DsIaE
dtZ1quqzeOg/Y73RhbIHJrHgf/eZY+wbFOsy0w3krNCw2c7E7NZxwC/cgFMLymtM
Rx2wIq6j9S/2ia7OzCGimmnOMrtT1ObddqnJ6QvnoAH1B87SqGT0U8MXabIjUSiw
hb9Vzl9H/tP+//387gDu4RS3Os+SngI+0bcw/sOaqwU99L4zd1336n+8t1O+On3E
uXJ5bHP+UeulessnQyMD5oa8rufQaRZbb/Oyio/nzzExFNQITMw1gH31EH3x5JtI
pCDbf87AhToL1R47bmjX/17Fo4XBd3FVwjYir5NE5svP/8gkQScIllne9p7nKks1
ElYp/HmgCsBlIeCs3Z+ka4UM3kW7bOc8yNwsthXLf8Dqo4HOFAxbWT6fxdleYBUQ
VlTpR2aLSaI+cszQWj/tJPho1eOigXIJGzO4/MIMDSBPDrQgSkNsw6PFjOmk2D+J
d1/8/8Jj7gleJ3YM6DCj8R2wyFFO53j5ssDP1l3nETUBB3AG77QnTmFsaW4gQXNh
bmthIDxuYWxpbi5hc2Fua2FAYWRmYS5lZHUuYXU+iQJABBMBCgAqAhsDBQkHhh+A
BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJXxYNwAhkBAAoJEMZjIm4LbuhyHpEQ
ALroPrwQwgxRyKquMLY7PN/c2SpQBLf43j0wRqnm8sWH/HmE5cmjiC4/MTRioneT
8L9LFnmMamr/tICTr91wgROw19jB6CPi0P0CBhHvUP/pphzt3+5Iz9mo2jpN8+YG
O2UHfgVPwjfuXYeEKqAIecDtabjSWCq0bZJ2GZm1qSRSHbRdrgdQN2F+ozil3FEu
006+zmwoad3Lf9PA0GaqfEecBkhgY6Gt2Lz2k7msQ2etqWU2zdtBoYHgKbqAF67z
MdCcKrjXJ7M/gc/0AeCZlUwzMQPOZ6zn8kBWepNfG0Ditil/R/CpxSySSL1QWN+a
fRgqjINnsxxeZt6gbN6kj9uIKkeyvMtesFZAvr7TUa1IxpAAGN3lWwABwrunVHdU
JvsQpM7Hi9YWeCsU6bdA8DaaCbLbQGDjIZ3jjen0PReqin3VIJWfaCXlbQvcPTFH
02OPv4zheB8JOXbi9Vbov8Nu0JO4KvBPeylS7L4qIlAPuzCd4kfYHZIvIxlQBGna
bs2UUjNej+a2CfNuLT9iKPLqfdf62q0CSy6iYVupZ/VOm0d1Rlqc6kb2nV30/uo6
NI1SU+PeUhGdzK845hcU2w3rI4w4a4dPyV4XtR8SAgTcVjMAY2yuVYo0OkQ6Ml9b
E1IAFudivNE8UpyI1GMUl4+6PBIrRzjsNP9MCeCOnI5JuQINBFfFgogBEADhJWdH
SPSWBfRGcuVIlCFevTfRyPdmNPZN+b3n7/zA38zQ1I36hKZm9NEE1L8WllI7N+Tu
GTNdJo4b4IroHrgqhZYPvUx4JlpN7pf+Rewpv7D5ukGyRPHQe8IGPn81yaw998/G
GefVi4EaDStE4iBdDTaOfjuv188E0zIHnBYTiWYqpwdToZUp11IRqRbpJVSkluPL
Rbvx5KMg/JHOlnkk85H20F2HbwySHLXzwBfPxfJSy/pJbPtX7iOJHDY+Nl04AD3x
xDfIPb/Jr7ydA9xtE1l6aT6vQUBLj/hmFyrVVUAK9oA+DuGKRbkjFq40D6i7aGfH
sLxirSPhRKYJLlV1Bn4dWG4PNkmHrIwo9xMyyZ2OoUcQSRJd3bQJMCZRNApPFWg5
wJ1TTjXuIZBoE93EeZMIsjh5LPk485TzGuPQum2pf7arfysHCu7mFJkYDDpkf9b4
Kmj6GthzfG4+rcqX8peesnk2XNXcFUehSY5MPHLaS9s0WBmyueCoIYgQ2V4gEJBl
mV2fMU6lOJWW+0pnvLE92h0mFZwXwghOYGCt3tRVzwaq898RI1sN5wRnVsTCJrGe
kHXOqmt2YEpXb9xtlCxGyMtpyGxCnPvep3dtk9YAim1boyKhxL8LsjGmGRifl4HQ
cGO4n8jUXOuNc+3jpfnT7mY94NIfJxo3vEvRAwARAQABiQIlBBgBCgAPBQJXxYKI
AhsMBQkHhh+AAAoJEMZjIm4LbuhyF5UP/1Q/Dg2LefAccd3i9WqQ81mh0oF76Lol
z20xak0k5fmDC/FMerePXzvnQFsanbzkLkAI4+nTL8if5EQonWHDVmU2tAXR3e32
82UpyIr5k47q3BjrwvBW689wcmvKVQ9U7pptNCwWfNOR5Qi3QigQCyF8IJ7qfEs0
GBHuBfJ6ShKtTr7ob9eRUToLQlqL35iwLIoWm/hkZQmmmJuAUzNcNKXxuIJ9ZQDw
Qwqfe+c6qQjbdV7rJSLp/JJ3qvECSFuCBnJJPRMBvQTDkkfKPwpot90WDoLW0i7M
tTHGED7Xa9lv6K4yyYGOaM15mYBSSoUNY8SdnASrhNAWvMxtL61ZZTDUePszR8pL
sKR8tA3FgNtPM7XcM7dVlXzzFRQ9LFSSWEkT7Xm0aNlIytKwnH5v5VdvuScIGHxh
uWrMLN5ehsMCXuNdnrMhZ0DknZVC49jq3mDCm5lAXWwwZMPAoT2pFg8y141Xl7fA
aFzuYUyZKoCty/4MHqGofKTBGiXbKSw5xb07+N9v6qHXdAD03mXoOxj14n5bZYmv
L6Bn2V+pURL89g+JlW9fWvkF8iu0VdEKC604sHoW59g9Cnf5IuQneoxnIufS+sR4
QHitG8PtCNY9jLYc4vGffLcPoIo+hN5GCqIlwllAGI5RwKGn8QQqzTw66Id67VSM
bFEOC48o7eXG
=X6Gz
-----END PGP PUBLIC KEY BLOCK-----

 


My Expertise

My main research interests are Cyber Security, Usable Security and Privacy, Security Economics, Trust, Cybercrime, Human Computer Interaction, Serious Games for Cyber Security Education and e-Learning Security. My research is inter-disciplinary in nature and has published numerous articles at reputed international conferences and journals. I have also presented my research at Facebook Headquarters, Menlo Park, California, USA and collaborated with HP in a research capacity at the HP Lab, Bristol, UK.

I have been an invited speaker for conferences both nationally and internationally and my research has been featured in numerous media outlets including ABC News Radio, SYN Radio 90.7 FM, Sky News Australia, Daily show on Radio 2SER 107.3, Choice - Australia, Guardian labs (sponsored by Intel Corporation, Australia) and UNSW TV.

View less

Location

Building 26 Room 116
Australian Centre for Cyber Security (ACCS)
The University of New South Wales
Australian Defence Force Academy
PO Box 7916, Canberra BC ACT 2610
AUSTRALIA

Contact

(+61) 424 457 049

Research Activities

Improving usability of security APIs: Software companies are placing more burden on the API (Application Programming Interface) developers to create usable security mechanisms as a result of continuing research into encouraging secure user behavior. Let's assume that API developers create an API which is read-only. Therefore, the application developer can only view information but cannot alter the information in the API's data under any circumstances. For example, API for stock market allows developers to request data (i.e. the value) on the…

Videos

Touch ID and iPhone Security: This easy video explains in plain English the main findings of our research paper (entitled "On the Impact of Touch ID on iPhone Passcodes") presented at the Symposium on Usable Security and Privacy (SOUPS) 2015.
"Sunday Live" with Janine Perrett on Sky News: I was involved in a panel discussion (Sky News studio in Parliament House in Canberra) on cyber security in Australia. "Sunday Live" is typically a free-flowing, conversational program on Sky News.| 30 October 2016 - Part 1
"Sunday Live" with Janine Perrett on Sky News: I was involved in a panel discussion (Sky News studio in Parliament House in Canberra) on cyber security in Australia. "Sunday Live" is typically a free-flowing, conversational program on Sky News.| 30 October 2016 - Part 2
Worried about phone hacking? Dr Nalin Asanka Gamagedara Arachchilage from the Australian Centre for Cyber Security at UNSW Canberra provides three steps to help you become a cybersecurity expert.
Touch ID and iPhone Security
“Australian Centre for Cyber Security (ACCS) expert, Dr Nalin Asanka Gamagedara Arachchilage, joined a disquieted panel on Sky News to discuss important developments in cyber security.”
“Australian Centre for Cyber Security (ACCS) expert, Dr Nalin Asanka Gamagedara Arachchilage, joined a disquieted panel on Sky News to discuss important developments in cyber security.”
Smartphone Security