English
Related papers

Related papers: Exploiting Leakage in Password Managers via Inject…

200 papers

Recent years have seen an increased interest towards strong security primitives for encrypted databases (such as oblivious protocols), that hide the access patterns of query execution, and reveal only the volume of results. However, recent…

Cryptography and Security · Computer Science 2020-08-18 Rishabh Poddar , Stephanie Wang , Jianan Lu , Raluca Ada Popa

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute…

Cryptography and Security · Computer Science 2026-02-03 Chaofang Shi , Zhongwen Li , Xiaoqi Li

This paper studies leakage of user passwords and PINs based on observations of typing feedback on screens or from projectors in the form of masked characters that indicate keystrokes. To this end, we developed an attack called Password and…

Data-dependent access patterns of an application to an untrusted storage system are notorious for leaking sensitive information about the user's data. Previous research has shown how an adversary capable of monitoring both read and write…

Cryptography and Security · Computer Science 2017-06-20 Tara Merin John , Syed Kamran Haider , Hamza Omar , Marten van Dijk

Vulnerability Discovery with attack Injection security threats are increasing for the server software, when software is developed, the software tested for the functionality. Due to unawareness of software vulnerabilities most of the…

Networking and Internet Architecture · Computer Science 2014-02-12 G. Vijay Kumar , Ravikumar S. Raykundaliya , Dr. P. Naga Prasad

This study systematically analyzes the vulnerability of 36 large language models (LLMs) to various prompt injection attacks, a technique that leverages carefully crafted prompts to elicit malicious LLM behavior. Across 144 prompt injection…

For nearly a decade the academic community has investigated backdoors in neural networks, primarily focusing on classification tasks where adversaries manipulate the model prediction. While demonstrably malicious, the immediate real-world…

Cryptography and Security · Computer Science 2026-03-24 Nicolas Küchler , Ivan Petrov , Conrad Grobler , Ilia Shumailov

Large language models (LLMs) are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation (RAG) allows…

Cryptography and Security · Computer Science 2026-04-13 Dennis Rall , Bernhard Bauer , Mohit Mittal , Thomas Fraunholz

In recent years, the attack which leverages register information (e.g. accounts and passwords) leaked from 3rd party applications to try other applications is popular and serious. We call this attack "database collision". Traditionally,…

Cryptography and Security · Computer Science 2022-06-27 Bo Zhao , Yu Zhou

Leaks from password datasets are a regular occurrence. An organization may defend a leak with reassurances that just a small subset of passwords were taken. In this paper we show that the leak of a relatively small number of text-based…

Cryptography and Security · Computer Science 2021-03-29 Hazel Murray , David Malone

Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more…

Cryptography and Security · Computer Science 2019-12-05 Nguyen Hong Son , Ha Thanh Dung

Recommender systems play an important role in modern information and e-commerce applications. While increasing research is dedicated to improving the relevance and diversity of the recommendations, the potential risks of state-of-the-art…

Machine Learning · Computer Science 2020-08-31 Jiaxi Tang , Hongyi Wen , Ke Wang

SQL injection (SQLi) remains a critical vulnerability in web applications, enabling attackers to manipulate databases through malicious inputs. Despite advancements in mitigation techniques, the evolving complexity of web applications and…

Cryptography and Security · Computer Science 2025-06-24 Sagar Neupane

The raise of machine learning and deep learning led to significant improvement in several domains. This change is supported by both the dramatic rise in computation power and the collection of large datasets. Such massive datasets often…

Machine Learning · Computer Science 2022-11-24 Hamid Jalalzai , Elie Kadoche , Rémi Leluc , Vincent Plassier

Large-scale password data breaches are becoming increasingly commonplace, which has enabled researchers to produce a substantial body of password security research utilising real-world password datasets, which often contain numbers of…

Cryptography and Security · Computer Science 2024-03-18 Saul Johnson , João Ferreira , Alexandra Mendes , Julien Cordry

The security of passwords is dependent on a thorough understanding of the strategies used by attackers. Unfortunately, real-world adversaries use pragmatic guessing tactics like dictionary attacks, which are difficult to simulate in…

Cryptography and Security · Computer Science 2022-12-13 Fangyi Yu

Deep learning models have achieved high performance on many tasks, and thus have been applied to many security-critical scenarios. For example, deep learning-based face recognition systems have been used to authenticate users to access many…

Cryptography and Security · Computer Science 2017-12-18 Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , Dawn Song

The traditional design principle for Internet protocols indicates: "Be strict when sending and tolerant when receiving" [RFC1958], and DNS is no exception to this. The transparency of DNS in handling the DNS records, also standardised…

Cryptography and Security · Computer Science 2022-05-12 Philipp Jeitner , Haya Shulman

Single-factor password-based authentication is generally the norm to access on-line Web-sites. While single-factor authentication is well known to be a weak form of authentication, a further concern arises when considering the possibility…

Cryptography and Security · Computer Science 2020-01-30 Simone Raponi , Roberto Di Pietro

Property inference attacks consider an adversary who has access to the trained model and tries to extract some global statistics of the training data. In this work, we study property inference in scenarios where the adversary can…

Machine Learning · Computer Science 2021-01-28 Melissa Chase , Esha Ghosh , Saeed Mahloujifar