相关论文: Outflanking and securely using the PIN/TAN-System
This comprehensive survey deliberated over the security of electronic payment systems. In our research, we focused on either dominant systems or new attempts and innovations to improve the level of security of the electronic payment…
The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is…
Face recognition technology has been widely used in daily interactive applications such as checking-in and mobile payment due to its convenience and high accuracy. However, its vulnerability to presentation attacks (PAs) limits its reliable…
Web password recovery, enabling a user who forgets their password to re-establish a shared secret with a website, is very widely implemented. However, use of such a fall-back system brings with it additional vulnerabilities to user…
Counterfeit products pose significant risks to public health and safety through infiltrating untrusted supply chains. Among numerous anti-counterfeiting techniques, leveraging inherent, unclonable microscopic irregularities of paper…
The pervasiveness of wireless communication recently gave mobile ad hoc networks (MANET) a significant researchers' attention, due to its innate capabilities of instant communication in many time and mission critical applications. However,…
Choosing authentication schemes for a specific purpose is challenging for service providers, developers, and researchers. Previous ratings of technical and objective aspects showed that available schemes all have strengths and limitations.…
With the rapid growth of Information and Communication Technology, Electronic commerce is now acting as a new means of carrying out business transactions through electronic means such as Internet environment. To avoid the complexities…
Information and computer security is supported largely by passwords which are the principle part of the authentication process. The most common computer authentication method is to use alphanumerical username and password which has…
In identity misbinding attacks against authenticated key-exchange protocols, a legitimate but compromised participant manipulates the honest parties so that the victim becomes unknowingly associated with a third party. These attacks are…
Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and…
Security attacks are growing in an exponential manner and their impact on existing systems is seriously high and can lead to dangerous consequences. However, in order to reduce the effect of these attacks, penetration tests are highly…
We study the problem of preventing double spending in electronic payment schemes in a distributed fashion. This problem occurs, for instance, when the spending of electronic coins needs to be controlled by a large collection of nodes (eg.…
The design of secure and usable access schemes to personal data represent a major challenge of online social networks (OSNs). State of the art requires prior interaction to grant access. Sharing with users who are not subscribed or…
The piggy bank idea allows one-way encryption of information that can be accessed only by authorized parties. Here we show how the piggy bank idea can be used to authenticate parties to counter man-in-the-middle (MIM) attack that can…
Sphinx, a hardware-software co-design architecture for binary code and runtime obfuscation. The Sphinx architecture uses binary code diversification and self-reconfigurable processing elements to maintain application functionality while…
Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder surfing, a form of an observation attack. While the research community has investigated solutions to…
In this paper, we propose a new type of side channel which is based on the ambient-light sensor employed in today's mobile devices. The pervasive usage of mobile devices, i.e., smartphones and tablet computers and their vast amount of…
Tor is currently one of the more popular systems for anonymizing near real-time communications on the Internet. Recently, Borisov et al. proposed a denial of service based attack on Tor (and related systems) that significantly increases the…
In a variety of applications, there is a need to authenticate content that has experienced legitimate editing in addition to potential tampering attacks. We develop one formulation of this problem based on a strict notion of security, and…