Despite many years of research and significant commercial investment, the malware problem is far from being solved (or even reasonably well contained). Every week, the mainstream press publishes articles that describe yet another incident where millions ...

Various mechanisms exist to secure users' passwords, yet users continue to struggle with the complexity of multiple password management. We explore the effectiveness of a feedback loop to improve users' password management. We introduce YourPassword, a ...

Biometric authentication, a key component for many secure protocols and applications, is a process of authenticating a user by matching her biometric data against a biometric database stored at a server managed by an entity. If there is a match, the ...

Most existing proposals for access control over outsourced data mainly aim at guaranteeing that the data are only accessible to authorized requestors who have the access credentials. This paper proposes TRLAC, an a posteriori approach for tracing and ...

Personal mobile devices and location based services are gaining popularity every day. Since the location based services are often customized based on the location information, it is important to securely generate, preserve, and validate the claim of ...

To conceal user identities, Tor, a popular anonymity system, forwards traffic through multiple relays. These relays, however, are often unreliable, leading to a degraded user experience. Worse yet, malicious relays may strategically introduce deliberate ...

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-...

To ease the burden of repeated password authentication on multiple sites, modern Web browsers provide password managers, which offer to automatically complete password fields on Web pages, after the password has been stored once. Unfortunately, these ...

Since its introduction, Android's in-app billing service has quickly gained popularity. The in-app billing service allows users to pay for options, services, subscriptions, and virtual goods from within mobile apps themselves. In-app billing is ...

Attribute-based encryption (ABE), introduced by Sahai and Waters, is a promising cryptographic primitive, which has been widely applied to implement fine-grained access control system for encrypted data. In its key-policy flavor, attribute sets are used ...

The only available IEEE 802.11 network identifiers (i.e., the network name and the MAC address) can be easily spoofed. Consequently, an attacker is able to fake a real hotspot and attract its traffic. By this means, the attacker can intercept, collect, ...

It is attractive for an organization to outsource its data analytics to a service provider who has powerful platforms and advanced analytics skills. However, the organization (data owner) may have concerns about the privacy of its data. In this paper, ...

In distance-bounding authentication protocols, a verifier assesses that a prover is (1) legitimate and (2) in the verifier's proximity. Proximity checking is done by running time-critical exchanges between both parties. This enables the verifier to ...

Vertical composition of security protocols means that an application protocol (e.g., a banking service) runs over a channel established by another protocol (e.g., a secure channel provided by TLS). This naturally gives rise to a compositionality ...

We present a novel method for Quantitative Information Flow analysis. We show how the problem of computing information leakage can be viewed as an extension of the Satisfiability Modulo Theories (SMT) problem. This view enables us to develop a framework ...

Near Field Communication (NFC) is a promising short distance radio communication technology for many useful applications. Although its communication range is short, NFC alone does not guarantee secure communication and is subject to security attacks, ...

The large amounts of malware, and its diversity, have made it necessary for the security community to use automated dynamic analysis systems. These systems often rely on virtualization or emulation, and have recently started to be available to process ...

Web applications require exchanging parameters between a client and a server to function properly. In real-world systems such as online banking transfer, traversing multiple pages with parameters contributed by both the user and server is a must, and ...

As outsourcing data to remote storage servers gets popular, protecting user's pattern in accessing these data has become a big concern. ORAM constructions are promising solutions to this issue, but their application in practice has been impeded by the ...

Outsourcing private data and heavy computation tasks to the cloud may lead to privacy breach as attackers (e.g., malicious outsiders or cloud administrators) may correlate any relevant information to penetrate information of their interests. Therefore, ...