Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Security (3)
- Attributed-based encryption (2)
- Broadcast encryption (2)
- Cloud storage (2)
- Code obfuscation (2)
-
- Data integrity (2)
- Data privacy (2)
- Data sharing (2)
- Verifiability (2)
- ANDgate (1)
- Access control (1)
- Algorithm (1)
- Ambiguity (1)
- Android (1)
- Android apps (1)
- Android security (1)
- Attack (1)
- Attribute based encryption (1)
- Authentication (1)
- BAN logic (1)
- Biometrics (1)
- Bug report management (1)
- Bytecode instrumentation (1)
- Chosen-ciphertext attacks (1)
- Content-based authentication (1)
- Context awareness (1)
- Cryptography (1)
- Data quality (1)
- Decryption key exposure (1)
- Deduplication (1)
Articles 1 - 30 of 34
Full-Text Articles in Physical Sciences and Mathematics
On The Unreliability Of Bug Severity Data, Yuan Tian, Nasir Ali, David Lo, Ahmed E. Hassan
On The Unreliability Of Bug Severity Data, Yuan Tian, Nasir Ali, David Lo, Ahmed E. Hassan
Research Collection School Of Computing and Information Systems
Severity levels, e.g., critical and minor, of bugs are often used to prioritize development efforts. Prior research efforts have proposed approaches to automatically assign the severity label to a bug report. All prior efforts verify the accuracy of their approaches using human-assigned bug reports data that is stored in software repositories. However, all prior efforts assume that such human-assigned data is reliable. Hence a perfect automated approach should be able to assign the same severity label as in the repository – achieving a 100% accuracy. Looking at duplicate bug reports (i.e., reports referring to the same problem) from three open-source …
Bl-Mle: Block-Level Message-Locked Encryption For Secure Large File Deduplication, Rongmao Chen, Yi Mu, Guomin Yang, Fuchun Guo
Bl-Mle: Block-Level Message-Locked Encryption For Secure Large File Deduplication, Rongmao Chen, Yi Mu, Guomin Yang, Fuchun Guo
Research Collection School Of Computing and Information Systems
Deduplication is a popular technique widely used to save storage spaces in the cloud. To achieve secure deduplication of encrypted files, Bellare et al. formalized a new cryptographic primitive named message-locked encryption (MLE) in Eurocrypt 2013. Although an MLE scheme can be extended to obtain secure deduplication for large files, it requires a lot of metadata maintained by the end user and the cloud server. In this paper, we propose a new approach to achieve more efficient deduplication for (encrypted) large files. Our approach, named block-level message-locked encryption (BL-MLE), can achieve file-level and block-level deduplication, block key management, and proof …
Security Slicing For Auditing Xml, Xpath, And Sql Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Lionel Briand
Security Slicing For Auditing Xml, Xpath, And Sql Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Lionel Briand
Research Collection School Of Computing and Information Systems
XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent possible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. dataflow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant information. Therefore, it is difficult to identify real vulnerabilities and …
Security And Privacy Of Electronic Health Information Systems: Editorial, Elisa Bertino, Robert H. Deng, Xinyi Huang, Jianying Zhou
Security And Privacy Of Electronic Health Information Systems: Editorial, Elisa Bertino, Robert H. Deng, Xinyi Huang, Jianying Zhou
Research Collection School Of Computing and Information Systems
Digital technologies have dramatically transformed our daily lives by bringing countless conveniences and benefits. As an evolving concept, electronic health information has become the focus of attention in both academia and industry. By leveraging modern digital technologies like the internet and the cloud, electronic health information systems will be a key enabling technology in improving the quality and convenience of patient care, encouraging patient participation in their care, reducing medical errors, improving practice efficiencies, and saving time and cost. The complexity of electronic health information systems, however, raises several new security and privacy issues. It is thus critical to investigate …
Stack Layout Randomization With Minimal Rewriting Of Android Binaries, Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia, Huanguo Zhang
Stack Layout Randomization With Minimal Rewriting Of Android Binaries, Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia, Huanguo Zhang
Research Collection School Of Computing and Information Systems
Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by …
On Robust Image Spam Filtering Via Comprehensive Visual Modeling, Jialie Shen, Deng, Robert H., Zhiyong Cheng, Liqiang Nie, Shuicheng Yan
On Robust Image Spam Filtering Via Comprehensive Visual Modeling, Jialie Shen, Deng, Robert H., Zhiyong Cheng, Liqiang Nie, Shuicheng Yan
Research Collection School Of Computing and Information Systems
The Internet has brought about fundamental changes in the way peoples generate and exchange media information. Over the last decade, unsolicited message images (image spams) have become one of the most serious problems for Internet service providers (ISPs), business firms and general end users. In this paper, we report a novel system called RoBoTs (Robust BoosTrap based spam detector) to support accurate and robust image spam filtering. The system is developed based on multiple visual properties extracted from different levels of granularity, aiming to capture more discriminative contents for effective spam image identification. In addition, a resampling based learning framework …
Towards Automatic Generation Of Security-Centric Descriptions For Android Apps, Mu Zhang, Yue Duan, Qian Feng, Heng Yin
Towards Automatic Generation Of Security-Centric Descriptions For Android Apps, Mu Zhang, Yue Duan, Qian Feng, Heng Yin
Research Collection School Of Computing and Information Systems
To improve the security awareness of end users, Android markets directly present two classes of literal app information: 1) permission requests and 2) textual descriptions. Unfortunately, neither can serve the needs. A permission list is not only hard to understand but also inadequate; textual descriptions provided by developers are not security-centric and are significantly deviated from the permissions. To fill in this gap, we propose a novel technique to automatically generate security-centric app descriptions, based on program analysis. We implement a prototype system, DESCRIBEME, and evaluate our system using both DroidBench and real-world Android apps. Experimental results demonstrate that DESCRIBEME …
Seeing Your Face Is Not Enough: An Inertial Sensor-Based Liveness Detection For Face Authentication, Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng
Seeing Your Face Is Not Enough: An Inertial Sensor-Based Liveness Detection For Face Authentication, Yan Li, Yingjiu Li, Qiang Yan, Hancong Kong, Robert H. Deng
Research Collection School Of Computing and Information Systems
Leveraging built-in cameras on smartphones and tablets, face authentication provides an attractive alternative of legacy passwords due to its memory-less authentication process. However, it has an intrinsic vulnerability against the media-based facial forgery (MFF) where adversaries use photos/videos containing victims' faces to circumvent face authentication systems. In this paper, we propose FaceLive, a practical and robust liveness detection mechanism to strengthen the face authentication on mobile devices in fighting the MFF-based attacks. FaceLive detects the MFF-based attacks by measuring the consistency between device movement data from the inertial sensors and the head pose changes from the facial video captured by …
A Note On The Security Of Khl Scheme, Jian Weng, Yunlei Zhao, Deng, Robert H., Shengli Liu, Yanjiang Yang, Kouichi Sakurai
A Note On The Security Of Khl Scheme, Jian Weng, Yunlei Zhao, Deng, Robert H., Shengli Liu, Yanjiang Yang, Kouichi Sakurai
Research Collection School Of Computing and Information Systems
A public key trace and revoke scheme combines the functionality of broadcast encryption with the capability of traitor tracing. In Asiacrypt 2003, Kim, Hwang and Lee proposed a public key trace and revoke scheme (referred to as KHL scheme), and gave the security proof to support that their scheme is z-resilient against adaptive chosen-ciphertext attacks, in which the adversary is allowed to adaptively issue decryption queries as well as adaptively corrupt up to z users. In the passed ten years, KHL scheme has been believed as one of the most efficient public key trace and revoke schemes with z-resilience against …
Enhancing Wifi-Based Localization With Visual Clues, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Yunhao Liu, Ke Yi
Enhancing Wifi-Based Localization With Visual Clues, Han Xu, Zheng Yang, Zimu Zhou, Longfei Shangguan, Yunhao Liu, Ke Yi
Research Collection School Of Computing and Information Systems
Indoor localization is of great importance to a wide range of applications in the era of mobile computing. Current mainstream solutions rely on Received Signal Strength (RSS) of wireless signals as fingerprints to distinguish and infer locations. However, those methods suffer from fingerprint ambiguity that roots in multipath fading and temporal dynamics of wireless signals. Though pioneer efforts have resorted to motion-assisted or peer-assisted localization, they neither work in real time nor work without the help of peer users, which introduces extra costs and constraints, and thus degrades their practicality. To get over these limitations, we propose Argus, an image-assisted …
Server-Aided Revocable Identity-Based Encryption, Baodong Qin, Deng, Robert H., Yingjiu Li, Shengli Liu
Server-Aided Revocable Identity-Based Encryption, Baodong Qin, Deng, Robert H., Yingjiu Li, Shengli Liu
Research Collection School Of Computing and Information Systems
Efficient user revocation in Identity-Based Encryption (IBE) has been a challenging problem and has been the subject of several research efforts in the literature. Among them, the tree-based revocation approach, due to Boldyreva, Goyal and Kumar, is probably the most efficient one. In this approach, a trusted Key Generation Center (KGC) periodically broadcasts a set of key updates to all (non-revoked) users through public channels, where the size of key updates is only O(r log N/r), with N being the number of users and r the number of revoked users, respectively; however, every user needs to keep at least O(logN) …
From Physical Security To Cybersecurity, Arunesh Sinha, Thanh H. Nguyen, Debarun Kar, Matthew Brown, Milind Tambe, Albert Xin Jiang
From Physical Security To Cybersecurity, Arunesh Sinha, Thanh H. Nguyen, Debarun Kar, Matthew Brown, Milind Tambe, Albert Xin Jiang
Research Collection School Of Computing and Information Systems
Security is a critical concern around the world. In many domains from cybersecurity to sustainability, limited security resources prevent complete security coverage at all times. Instead, these limited resources must be scheduled (or allocated or deployed), while simultaneously taking into account the importance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Computational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of …
On Security Of Content-Based Video Stream Authentication, Swee Won Lo, Zhou Wei, Deng, Robert H., Xuhua Ding
On Security Of Content-Based Video Stream Authentication, Swee Won Lo, Zhou Wei, Deng, Robert H., Xuhua Ding
Research Collection School Of Computing and Information Systems
Content-based authentication (CBA) schemes are used to authenticate multimedia streams while allowing content-preserving manipulations such as bit-rate transcoding. In this paper, we survey and classify existing transform-domain CBA schemes for videos into two categories, and point out that in contrary to CBA for images, there exists a common design flaw in these schemes. We present the principles (based on video coding concept) on how the flaw can be exploited to mount semantic-changing attacks in the transform domain that cannot be detected by existing CBA schemes. We show attack examples including content removal, modification and insertion attacks. Noting that these CBA …
On Indistinguishability In Remote Data Integrity Checking, Xinyu Fan, Guomin Yang, Yi Mu, Yong Yu
On Indistinguishability In Remote Data Integrity Checking, Xinyu Fan, Guomin Yang, Yi Mu, Yong Yu
Research Collection School Of Computing and Information Systems
With a rapid growth of data storage in the cloud, data integrity checking in a remote data storage system has become an important issue. A number of protocols, which allow remote integrity checking by a third party, have been proposed. Although those protocols are provably secure, the data privacy issues in those protocols have not been considered. We believe that these issues are equally important since the communication flows of integrity proofs from the cloud server should not reveal any useful information of the stored data. In this paper, we introduce a new definition of data privacy called ‘INDPrivacy’ by …
Attribute Based Broadcast Encryption With Short Ciphertext And Decryption Key, Tran Viet Xuan Phuong, Guomin Yang, Willy Susilo, Xiaofeng Chen
Attribute Based Broadcast Encryption With Short Ciphertext And Decryption Key, Tran Viet Xuan Phuong, Guomin Yang, Willy Susilo, Xiaofeng Chen
Research Collection School Of Computing and Information Systems
Attribute Based Broadcast Encryption (ABBE) is a combination of Attribute Based Encryption (ABE) and Broadcast Encryption (BE). It allows a broadcaster (or encrypter) to broadcast an encrypted message that can only be decrypted by the receivers who are within a predefined user set and satisfy the access policy specified by the broadcaster. Compared with normal ABE, ABBE allows direct revocation, which is important in many real-time broadcasting applications such as Pay TV. In this paper, we propose two novel ABBE schemes that have distinguishing features: the first scheme is key-policy based and has short ciphertext and constant size decryption key; …
Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption, Baodong Qin, Robert H. Deng, Shengli Liu, Siqi Ma
Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption, Baodong Qin, Robert H. Deng, Shengli Liu, Siqi Ma
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) with outsourced decryption not only enables fine-grained sharing of encrypted data, but also overcomes the efficiency drawback (in terms of ciphertext size and decryption cost) of the standard ABE schemes. In particular, an ABE scheme with outsourced decryption allows a third party (e.g., a cloud server) to transform an ABE ciphertext into a (short) El Gamal-type ciphertext using a public transformation key provided by a user so that the latter can be decrypted much more efficiently than the former by the user. However, a shortcoming of the original outsourced ABE scheme is that the correctness of the …
Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption, Baodong Qin, Robert H. Deng, Shengli Liu, Siqi Ma
Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption, Baodong Qin, Robert H. Deng, Shengli Liu, Siqi Ma
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) with outsourced decryption not only enables fine-grained sharing of encrypted data, but also overcomes the efficiency drawback (in terms of ciphertext size and decryption cost) of the standard ABE schemes. In particular, an ABE scheme with outsourced decryption allows a third party (e.g., a cloud server) to transform an ABE ciphertext into a (short) El Gamal-type ciphertext using a public transformation key provided by a user so that the latter can be decrypted much more efficiently than the former by the user. However, a shortcoming of the original outsourced ABE scheme is that the correctness of the …
Privacy-Preserving Offloading Of Mobile App To The Public Cloud, Yue Duan, Mu Zhang, Heng Yin, Yuzhe Tang
Privacy-Preserving Offloading Of Mobile App To The Public Cloud, Yue Duan, Mu Zhang, Heng Yin, Yuzhe Tang
Research Collection School Of Computing and Information Systems
To support intensive computations on resource-restricting mobile devices, studies have been made to enable the offloading of a part of a mobile program to the cloud. However, none of the existing approaches considers user privacy when transmitting code and data off the device, resulting in potential privacy breach. In this paper, we present the design and implementation of a system that automatically performs fine-grained privacy-preserving Android app offloading. It utilizes static analysis and bytecode instrumentation techniques to ensure transparent and efficient Android app offloading while preserving user privacy. We evaluate the effectiveness and performance of our system using two Android …
A New Public Remote Integrity Checking Scheme With User Privacy, Yiteng Feng, Yi Mu, Guomin Yang, Joseph Liu
A New Public Remote Integrity Checking Scheme With User Privacy, Yiteng Feng, Yi Mu, Guomin Yang, Joseph Liu
Research Collection School Of Computing and Information Systems
With a cloud storage, users can store their data files on a remote cloud server with a high quality on-demand cloud service and are able to share their data with other users. Since cloud servers are not usually regarded as fully trusted and the cloud data can be shared amongst users, the integrity checking of the remote files has become an important issue. A number of remote data integrity checking protocols have been proposed in the literature to allow public auditing of cloud data by a third party auditor (TPA). However, user privacy is not taken into account in most …
A New General Framework For Secure Public Key Encryption With Keyword Search, Rongmao Chen, Yi Mu, Guomin Yang, Fuchun Guo, Xiaofen Wang
A New General Framework For Secure Public Key Encryption With Keyword Search, Rongmao Chen, Yi Mu, Guomin Yang, Fuchun Guo, Xiaofen Wang
Research Collection School Of Computing and Information Systems
Public Key Encryption with Keyword Search (PEKS), introduced by Boneh et al. in Eurocrypt’04, allows users to search encrypted documents on an untrusted server without revealing any information. This notion is very useful in many applications and has attracted a lot of attention by the cryptographic research community. However, one limitation of all the existing PEKS schemes is that they cannot resist the Keyword Guessing Attack (KGA) launched by a malicious server. In this paper, we propose a new PEKS framework named Dual-Server Public Key Encryption with Keyword Search (DS-PEKS). This new framework can withstand all the attacks, including the …
Continuous Non-Malleable Key Derivation And Its Application To Related-Key Security, Baodong Qin, Shenli Liu, Tsz Hon Yuen, Robert H. Deng, Kefei Chen
Continuous Non-Malleable Key Derivation And Its Application To Related-Key Security, Baodong Qin, Shenli Liu, Tsz Hon Yuen, Robert H. Deng, Kefei Chen
Research Collection School Of Computing and Information Systems
Related-Key Attacks (RKAs) allow an adversary to observe the outcomes of a cryptographic primitive under not only its original secret key e.g., s, but also a sequence of modified keys ϕ(s), where ϕ is specified by the adversary from a class Φ of so-called Related-Key Derivation (RKD) functions. This paper extends the notion of non-malleable Key Derivation Functions (nm-KDFs), introduced by Faust et al. (EUROCRYPT’14), to continuous nm-KDFs. Continuous nm-KDFs have the ability to protect against any a-priori unbounded number of RKA queries, instead of just a single time tampering attack as in the definition of …
Method For Matching Probabilistic Encrypted Data, Hwee Hwa Pang, Xuhua Ding
Method For Matching Probabilistic Encrypted Data, Hwee Hwa Pang, Xuhua Ding
Research Collection School Of Computing and Information Systems
Determining if a first encrypted data of a first data value is equal to a second encrypted data of a second data value. Comprising: a first cyclic group; a second cyclic group including a first element. Applying an operation to the first cyclic group to map its elements to an element in the second cyclic group. Randomly selecting a second element from the first cyclic group; producing the first encrypted data by mapping the second element and the first data value into one or more elements of the first cyclic group. Randomly selecting a third element from the first cyclic …
Electronic Contract Signing Without Using Trusted Third Party, Zhiguo Wan, Robert H. Deng, David Kuo Chuen Lee
Electronic Contract Signing Without Using Trusted Third Party, Zhiguo Wan, Robert H. Deng, David Kuo Chuen Lee
Research Collection School Of Computing and Information Systems
Electronic contract signing allows two potentially dis-trustful parties to digitally sign an electronic document “simultaneously” across a network. Existing solutions for electronic contract signing either require the involvement of a trusted third party (TTP), or are complex and expensive in communication and computation. In this paper we propose an electronic contract signing protocol between two parties with the following advantages over existing solutions: 1) it is practical and scalable due to its simplicity and high efficiency; 2) it does not require any trusted third party as the mediator; and 3) it guarantees fairness between the two signing parties. We achieve …
Software Watermarking Using Return-Oriented Programming, Haoyu Ma, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia, Debin Gao
Software Watermarking Using Return-Oriented Programming, Haoyu Ma, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia, Debin Gao
Research Collection School Of Computing and Information Systems
We propose a novel dynamic software watermarking design based on Return-Oriented Programming (ROP). Our design formats watermarking code into well-crafted data arrangements that look like normal data but could be triggered to execute. Once triggered, the pre-constructed ROP execution will recover the hidden watermark message. The proposed ROP-based watermarking technique is more stealthy and resilient over existing techniques since the watermarking code is allocated dynamically into data region and therefore out of reach of attacks based on code analysis. Evaluations show that our design not only achieves satisfying stealth and resilience, but also causes significantly lower overhead to the watermarked …
Privacy Leakage Analysis In Online Social Networks, Yan Li, Yingjiu Li, Qiang Yan, Deng, Robert H.
Privacy Leakage Analysis In Online Social Networks, Yan Li, Yingjiu Li, Qiang Yan, Deng, Robert H.
Research Collection School Of Computing and Information Systems
Online Social Networks (OSNs) have become one of the major platforms for social interactions, such as building up relationship, sharing personal experiences, and providing other services. The wide adoption of OSNs raises privacy concerns due to personal data shared online. Privacy control mechanisms have been deployed in popular OSNs for users to determine who can view their personal information. However, user's sensitive information could still be leaked even when privacy rules are properly configured. We investigate the effectiveness of privacy control mechanisms against privacy leakage from the perspective of information flow. Our analysis reveals that the existing privacy control mechanisms …
Reconstruction Privacy: Enabling Statistical Learning, Ke Wang, Chao Han, Ada Waichee Fu, Raymond C. Wong, Philip S. Yu
Reconstruction Privacy: Enabling Statistical Learning, Ke Wang, Chao Han, Ada Waichee Fu, Raymond C. Wong, Philip S. Yu
Research Collection School Of Computing and Information Systems
Non-independent reasoning (NIR) allows the information about one record in the data to be learnt from the information of other records in the data. Most posterior/prior based privacy criteria consider NIR as a privacy violation and require to smooth the distribution of published data to avoid sensitive NIR. The drawback of this approach is that it limits the utility of learning statistical relationships. The differential privacy criterion considers NIR as a non-privacy violation, therefore, enables learning statistical relationships, but at the cost of potential disclosures through NIR. A question is whether it is possible to (1) allow learning statistical relationships, …
Understanding Natural Disasters As Risks In Supply Chain Management Through Web Data Analysis, Jimmy Ong, Zhaoxia Wang, Rick Siow Mong Goh, Xiao Feng Yin, Xin Xin, Xiuju Fu
Understanding Natural Disasters As Risks In Supply Chain Management Through Web Data Analysis, Jimmy Ong, Zhaoxia Wang, Rick Siow Mong Goh, Xiao Feng Yin, Xin Xin, Xiuju Fu
Research Collection School Of Computing and Information Systems
With the increasing trend of global outsourcing, companies are now facing ever more complexsupply chains. When a company operates over a large geographical area, the likelihood of disruptions ispotentially increased due to such unforeseen events as natural disasters, union strikes or social unrest. Inthis paper, we consider natural disasters as a form of risks in supply chains and propose to aid itsmanagement by analyzing Web data collected in real-time. Using Twitter "tweets" as our primary source ofWeb data, a real-time data crawler is developed to collect and analyze tweets that are identified as relevant tonatural disasters. In addition, a visualization …
Analysis And Improvement On A Biometric-Based Remote User Authentication Scheme Using Smart Cards, Fengtong Wen, Willy Susilo, Guomin Yang
Analysis And Improvement On A Biometric-Based Remote User Authentication Scheme Using Smart Cards, Fengtong Wen, Willy Susilo, Guomin Yang
Research Collection School Of Computing and Information Systems
In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a …
Leakage-Resilient Password Entry: Challenges, Design, And Evaluation, Qiang Yan, Jin Han, Yingjiu Li, Jianying Zhou, Robert H. Deng
Leakage-Resilient Password Entry: Challenges, Design, And Evaluation, Qiang Yan, Jin Han, Yingjiu Li, Jianying Zhou, Robert H. Deng
Research Collection School Of Computing and Information Systems
Password leakage is one of the most serious threats for password-based user authentication. Although this problem has been extensively investigated over the last two decades, there is still no widely adopted solution. In this paper, we attempt to systematically understand the challenges behind this problem and investigate the feasibility of solving it. Since password leakage usually happens when a password is input during authentication, we focus on designing leakage-resilient password entry (LRPE) schemes in this study. We develop a broad set of design criteria and use them to construct a practical LRPE scheme named CoverPad, which not only improves leakage …
Biometric Authentication On Iphone And Android: Usability, Perceptions, And Influences On Adoption, Rasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, Marios Savvides
Biometric Authentication On Iphone And Android: Usability, Perceptions, And Influences On Adoption, Rasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, Marios Savvides
Research Collection School Of Computing and Information Systems
While biometrics have long been promoted as the future of authentication, the recent introduction of Android face unlock and iPhone fingerprint unlock are among the first large-scale deployments of biometrics for consumers. In a 10-participant, within-subjects lab study and a 198-participant online survey, we investigated the usability of these schemes, along with users ’ experiences, attitudes, and adoption decisions. Participants in our lab study found both face unlock and fingerprint unlock easy to use in typical scenarios. The notable exception was that face unlock was completely unusable in a dark room. Most participants preferred fingerprint unlock over face unlock or …