Technology and Practice of Passwords
9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings
Published on 8. March 2016
XV, 151 pages
978-3-319-29938-9 (ISBN)
Description
This book constitutes the thoroughly refereed post-conferenceproceedings of the 9th International Conference on Passwords, PASSWORDS2015, held in Cambridge, UK, in December 2015.
The 6 revised full papers presented together with 3 revised short paperswere carefully reviewed and selected from 32 initial submissions. Thepapers are organized in topical sections on human factors, attacks, and cryptography.
The 6 revised full papers presented together with 3 revised short paperswere carefully reviewed and selected from 32 initial submissions. Thepapers are organized in topical sections on human factors, attacks, and cryptography.
More details
Series
Edition
1st ed. 2016
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Product notice
Reflowable
Illustrations
XV, 151 p. 19 illus. in color.
File size
6,09 MB
ISBN-13
978-3-319-29938-9 (9783319299389)
DOI
10.1007/978-3-319-29938-9
Schweitzer Classification
Other editions
Additional editions
Frank Stajano | Stig F. Mjølsnes | Graeme Jenkinson
Technology and Practice of Passwords
9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings
Book
03/2016
Springer
€44.94
Shipment within 10-15 days
Content
- Intro
- Preface
- Organization
- Non-refereed Presentations
- Contents
- Human Factors
- Expert Password Management
- 1 Introduction
- 2 Background
- 2.1 Coping Strategies
- 2.2 Security Practices of Experts and Non-Experts
- 3 Study
- 4 Results Overview
- 5 Thematic Analysis
- 5.1 Expert Awareness
- 5.2 Combining Strategies to Remember Passwords
- 5.3 A Personal Assessment of Risk
- 5.4 Usability Problems
- 6 Discussion
- 6.1 What Do Experts Do Right?
- 6.2 What Do Experts Do Wrong?
- 7 Conclusion
- References
- Assessing the User Experience of Password Reset Policies in a University
- 1 Introduction
- 2 Related Work
- 3 Methodology
- 3.1 Systems Under Analysis
- 3.2 Helpdesk Log Analysis
- 3.3 User Interviews
- 3.4 NASA Raw Task Load Index (NASA-RTLX)
- 4 Results: Helpdesk Log Analysis
- 4.1 Results
- 5 Results: User Interviews and NASA-RTLX
- 5.1 Results
- 5.2 RTLX Data Analysis
- 6 Discussion
- 6.1 Recommendations for Practitioners
- 7 Conclusions
- References
- Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper)
- 1 Introduction
- 1.1 Related Work
- 2 Methodology
- 3 Strength Evaluation
- 4 Conclusion
- References
- ITSME: Multi-modal and Unobtrusive Behavioural User Authentication for Smartphones
- 1 Introduction
- 2 Related Work
- 2.1 Unimodal Systems
- 2.2 Multimodal Systems
- 3 Background
- 3.1 Considered Sensors
- 3.2 Considered Classifiers
- 3.3 Performance Metric
- 4 Our Solution
- 4.1 Setup
- 4.2 Data Collection
- 4.3 Feature Extraction
- 4.4 Data Fusion
- 4.5 Decision Making
- 5 Parameters
- 5.1 Parameters
- 6 Results
- 6.1 Unimodal Systems
- 6.2 Multimodal Systems
- 7 Discussion
- 8 Conclusion and Future Work
- References
- Attacks
- Verification Code Forwarding Attack (Short Paper)
- 1 Introduction
- 2 SMS-Based Verification and Its Security
- 3 Study Procedures
- 3.1 Experiment
- 3.2 Semi-structured Interview
- 3.3 Survey
- 4 Conclusion
- References
- What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks
- 1 Introduction
- 2 Related Work
- 3 Data Collection Methodology
- 4 Characteristics of Attacking Systems
- 4.1 Number of IPs per /24
- 4.2 Countries with the Most Aggressive Sources
- 4.3 IP Addresses as a Ratio of the Total Allocation per Country
- 5 Password Analysis
- 5.1 Password Length
- 5.2 Password Composition Compared to Known Dictionaries
- 5.3 Dictionary Sharing and Splitting Among Sources
- 5.4 Reattempting Username-Password Combination
- 6 Username Analysis
- 7 Timing Analysis
- 8 Recommendations
- 9 Conclusion
- References
- Cryptography
- Catena Variants
- 1 Introduction
- 2 Preliminaries
- 2.1 Notational Conventions
- 2.2 Catena
- 3 Hash-Function Instantiations
- 4 Using Different Graphs
- 4.1 (g,)-Bit-Reversal Graph
- 4.2 Shifted (g,)-Bit-Reversal Graph
- 4.3 (g,,)-Gray-Reverse Graph
- 4.4 Tradeoff Resistance
- 5 Extensions
- 6 Discussion and Recommendations
- 7 Conclusion
- A Memory-Hardness and Garbage-Collector Attacks
- A.1 Memory-Hardness
- A.2 (Weak) Garbage-Collector Attacks
- B Hash-Function Instantiations
- B.1 Compression Function of Argon2
- B.2 BlaMka
- B.3 Galois-Field Multiplication
- B.4 MultHash
- C Extensions of Catena
- C.1 Password-Independent Random Layer
- C.2 Password-Dependent Random Layer
- D Penalties Caused by Shifting Sampling Points
- References
- On Password-Authenticated Key Exchange Security Modeling
- 1 Introduction
- 2 Different BPR-style Models
- 2.1 The Models' Main Foundations
- 2.2 Differences in Accepting, Terminating, and Partnering
- 2.3 A Bug in the RoR Model
- 3 A Well-Motivated Definition
- 3.1 The Definition Itself
- 3.2 Examples of How It Functions
- 4 The Quality of Partner Uniqueness
- 4.1 An Obstacle Caused by the test query
- 4.2 A ``secure'' PAKE Protocol Where Non-negligible Multiple Partnering May Occur
- 4.3 Lessons Learned on Requirements
- 5 Conclusion and Future Work
- A BPR-style Models Revisited
- References
- Strengthening Public Key Authentication Against Key Theft (Short Paper)
- 1 Introduction
- 1.1 Threat Model
- 2 Revocable Public Key Authentication
- 2.1 Basic RSA Authentication
- 2.2 The Mediator Service
- 3 Rate Limiting Password Guesses
- 3.1 Key Fragment Encryption
- 3.2 Authenticating Requests to the Mediator
- 4 Conclusion
- References
- Author Index
