I'm a Postdoctoral Fellow at the Harvard Center for Research on Computation and Society. My research interests span the fields of computer security, human computer interaction and information policy. My work focuses on the design and analysis of usable security systems, specifically in the area of authentication, anti-phishing and identity theft protection. I received a Ph.D. from the School of Information Management Systems at U.C. Berkeley in 2005. Before Berkeley, I worked on electronic payment system privacy and security at CyberCash.
Activities
- I'm involved with the following conferences:
- Usability, Psychology and Security 2008 (Program Co-Chair)
- USENIX Security 2008 (Program Committee)
- WWW 2008 (Program Committee)
- APWG eCrime Researchers Summit (Program Committee)
- Usable Security 2007 (Program Chair)
- I'm actively working with
- W3C Web Security Context Working Group (Invited Expert/working group member).
- Financial Services Technology Consortium (Authenticating the Financial Institution to the Consumer Project Advisor)
- Anti-Phishing Working Group
- Digital PhishNet
Teaching
- I'm teaching CS279R: Security and Privacy Usability in Spring 2006.
Publications
Use Your Illusion: Secure Authentication Usable Anywhere, Eiji Hayashi, Nicolas Christin, Rachna Dhamija and Adrian Perrig, In Proceedings of Symposium on Usability, Privacy and Security (SOUPS2008), July 2008.The Seven Flaws of Identity Management: Usability and Security Challenges, IEEE Security and Privacy, March/April 2008 (Vol. 6, No. 2), pp. 24-29.
The Emperor's New Security Indicators, Stuart Schechter, Rachna Dhamija, Andy Ozment and Ian Fischer, in Proceedings of the IEEE Symposium on Security and Privacy, May 2007.
Why Phishing Works, Rachna Dhamija, J. D. Tygar and Marti Hearst, in the Proceedings of the Conference on Human Factors in Computing Systems (CHI2006), 2006.
Injecting Heterogeneity through Protocol Randomization, Li Zhuang, J. D. Tygar and Rachna Dhamija, to appear in the International Journal of Network Security, 2006.
Authentication for Humans: The Design and Analysis of Usable Security Systems, Ph.D. Thesis, University of California at Berkeley, 2005.
The Battle Against Phishing: Dynamic Security Skins, Rachna Dhamija and J. D. Tygar, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), July 2005.
Stopping Spyware at the Gate: A User Study of Notice, Privacy and Spyware, Nathan Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan and Jospeh Konstan, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS) 2005, July 2005.
Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks, Rachna Dhamija and J.D. Tygar, in Proceedings of the Second International Workshop on Human Interactive Proofs (HIP05), Lecture Notes in Computer Science, Springer Verlag, May 2005.
A Framework for Evaluating Digital Rights Management Proposals, Rachna Dhamija and Fredrik Wallenberg, in Proceedings of the First International Mobile IPR Workshop: Rights Management of Information Products on the Mobile Internet, August 2003.
Animated Exploration of Graphs with Radial Layout, Ka-Ping Yee, Danyel Fisher, Rachna Dhamija, Marti Hearst, in Proceedings of the IEEE Symposium on Information Visualization 2001 (Infovis 2001), October 2001.
Deja Vu: A User Study. Using Images for Authentication, Rachna Dhamija and Adrian Perrig, in Proceedings of the 9th USENIX Security Symposium, August 2000.
Hash Visualization in User Authentication, Rachna Dhamija, Short Paper Proceedings of the Conference on Human Factors in Computing Systems (CHI2000), April 2000.
Teaching Electronic Commerce to an Interdisciplinary Class: Lessons Learned, Rachna Dhamija, Dr. Rachelle Heller, Dr. Lance J. Hoffman, Communications of the ACM, Volume 42 (Issue 9): pp. 50-55 (September 1999)
Selected Press
Study Finds Web Antifraud Measure Ineffective, The New York Times, February 5, 2007, by Brad StoneWhy phishing catches punters, The Register, UK, June 7, 2006, By Scott Granneman, SecurityFocus.
Online Tax Scams, CNN, Aired April 14, 2006
Beware of tax refund 'phishing' scams. CNN, April 14, 2006, by Marsha Walton
Research reveals phishing hooks. BBC News, UK, Apr 5, 2006.
Cute graphics add credibility to fake websites. Newscientist Magazine, Issue 2539, February 18 2006
Pictures as Passwords. In The Economist print edition, Technology Quarterly, September 16th 2004 [PDF]
Open Sesame: A Picture Worth 1,000 Passwords The New York Times, December 27, 2001, by Jennifer 8. Lee
And the Password Is . . . Waterloo The New York Times, December 27, 2001, by Jennifer 8. Lee
A Picture May Be Worth A Thousand Passwords, The Wall Street Journal November 27, 2000, by H. Asher Bolande [cached copy]
Forget your password? Picture this The Independent, London October 9 2000, by Suelette Dreyfus [cached copy]
The art of passwords in an era of machines The Age newspaper, Melbourne, October 6 2000 by Suelette Dreyfus[cached copy]
College Class Learns How to Make Digital Money New York Times, April 17, 1998