Welcome to the Internet Quality of Protection Research!
Let's do it!
Tell Me More

About Research

The current implementation of Internet Security services leaves users, especially those with limited computing skills, out of the security decision making process. This is because the security configuration parameters are either hidden from the user or the security decisions are centralised. As a result, many users do not implement the required level of Internet security to meet the required level of quality of protection. This lack of sufficient security configuration provides a fertile environment for Internet attacks. In the cases where the ISPs implement security services, the user is not provided with the associated cost information either monetary, privacy leakage or performance degradation. Such information would enable the user to make an informed decision on the right level of security to implement so as to enjoy a good internet browsing experience. The Internet Engineering Task Force (IETF) recommends that the user should be involved in security and privacy decisions. The challenge, however, is that there are many security and privacy protocols that achieve different security goals and these differences may add extra cost to the user due to the configuration complexity overhead, leading to poor quality of experience.

Research Aims

This study aims to investgate the use of a Security Cost Decision Model to allow users with limited computing skills to easily configure security options associated with costs that can map to complex security mechanisms to achieve Confidentiality, Integrity, Availability and Privacy (CIAP). Furthermore, this study investigates a decentralised internet security configuration tool by letting users decide on the required security level based on acceptable performance and privacy costs.

Research Questions

  1. What is the cost of integrated secure DNS and TLS cipher suites on the Quality of Internet browsing experience?
  2. What security and security design attributes should be considered to develop a security-performance classification model that maps to high-level user choices?
  3. How would a cost-aware security configuration framework impact users' Quality of Internet browsing Experience?
  4. How would a cost-aware security configuration framework impact users' adoption of Internet security mechanisms?

Research Approach

  1. Internet Security measurements- Adoption and performance impact of integrated TLS,DoH and DoT. We use both passive and active measurements
  2. Generative study on the desirable design attributes of a cost-aware decision Model
  3. Development of a cost-aware decision Model
  4. Evaluative user study and lab experiments

Participate

You are invited to participate in the evaluation of the Internet Security configuration tool. This is a product of the study you participated in 2020; therefore, it makes sense that you be the one to evaluate it also. This tool aims to enable Internet users to easily configure security and privacy, which, currently, are hidden for an average Internet user. The feedback from this evaluative study will help to improve the app to respond fully to user needs in a quest to improve the security landscape of cyberspace. I believe that your views and experience would be a valuable source of information, and I hope that by participating, you may gain useful knowledge.

Procedures: During this study, you will be required to install a mobile app on your android phone, use it and provide your honest evaluation by completing a questionnaire. You may also be asked to participate in a controlled experiment where you will be given different app interfaces and enough time to interact with and provide feedback.

Risks: There are no potentially harmful risks related to your participation in this study.

Feedback: Your input to this study will be used to improve the tool. This tool will be free and open-source as it is meant for research. As such, you will benefit from the fully developed tool to ensure Internet Quality of Protection and Experience (QoPE). This will form part of the feedback about your input to our study.

Disclaimer/Withdrawal: Your participation is completely voluntary; you may refuse to participate, and you may withdraw at any time without having to state a reason and without any prejudice or penalty against you. Should you choose to withdraw, the researcher commits not to use any of your provided information without your signed consent. Note that the researcher may also withdraw you from the study at any time.

Confidentiality: All information collected in this study will be kept private in that you will not be identified by name or by affiliation to an institution. Confidentiality and anonymity will be maintained during transmission, storage and analysis using pseudonyms.

Required Permissions: The PowerQoPE app requires storage for storing server list and blocking database file and VPN permissions. It does not collect any identifying information.

What we collect: This is a research app. As such, one of the module is conducts network and web speed measurements both of which are triggered by the user. The measurements only collect App installation ID and web browsing response times, such as the total time taken to load websites. This information is used to make security decisions to the user. Other than that, the app does not collect any information.

To participate, please click here

.

Resume

Know the researcher

  • 2019-date

    PhD Computer Science Candidate- Cybersecurity and Quality of Protection- UCT

    This is my second year into the research. Currently conducting measurements from African countries. You may take part by volunteering to measure security performance from your network. Learn More

  • 2017-date

    ICT Lecturer-Mzuzu University- Malawi, Africa

    Teaching and research in Network and Information Security, Mobile Telecommunications, e-Commerce and Artificial Intelligence

  • 2015-date

    Director and Founder- TechNix Malawi

    Leading in various project design and implementation

  • 2014-2016

    IT Manager- London School of Hygiene and Tropical Medicine

    Managing IT infrastructure, Managing IT and Data team

  • 2011-2014

    Network Engineer- NBS Bank Malawi Ltd

    Network Design, Installation, Administration, Monitoring and Security

Research Team

Links to full Bios

Enock Samuel Mbewe

PhD Researcher

 

Dr. Josiah Chavula

Supervisor

 

Thesis Committee

  1. Prof. Hussein Suleman
  2. Dr. David Johnson
  3. Prof. Rob Simmonds

I thank you all for helping in making Cyberspace secure and usable.

Special Thanks

With the deepest sense of gratitude I would like to thank the following organisations for supporting this work

Contact Us

Write us for more.