-
Chapter and Conference Paper
What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature val...
-
Chapter and Conference Paper
Towards Quantum Large-Scale Password Guessing on Real-World Distributions
Password-based authentication is a central tool for end-user security. As part of this, password hashing is used to ensure the security of passwords at rest. If quantum computers become available at sufficient...
-
Chapter and Conference Paper
Evaluation of Risk-Based Re-Authentication Methods
Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RB...
-
Article
Recht auf Vergessen
Die Forschung zum ,,digitalen Vergessen‘‘ widmet sich unter anderem dem Thema, wie und in welchem Umfang personenbezogene Daten vom Internet ,,vergessen‘‘ werden sollen. Durch Suchdienstleister und Online-Arch...
-
Chapter and Conference Paper
Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation inform...
-
Chapter and Conference Paper
Towards Contractual Agreements for Revocation of Online Data
Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy
-
Chapter and Conference Paper
Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper)
Personal Knowledge Questions are widely used for fallback authentication, i.e., recovering access to an account when the primary authenticator is lost. It is well known that the answers only have low-entropy a...
-
Chapter and Conference Paper
On Password Guessing with GPUs and FPGAs
Passwords are still by far the most widely used form of user authentication, for applications ranging from online banking or corporate network access to storage encryption. Password guessing thus poses a serio...
-
Chapter and Conference Paper
OMEN: Faster Password Guessing Using an Ordered Markov Enumerator
Passwords are widely used for user authentication, and will likely remain in use in the foreseeable future, despite several weaknesses. One important weakness is that human-generated passwords are far from bei...
-
Chapter and Conference Paper
Statistics on Password Re-use and Adaptive Strength for Financial Accounts
Multiple studies have demonstrated that users select weak passwords. However, the vast majority of studies on password security uses password lists that only have passwords for one site, which means that sever...
-
Chapter and Conference Paper
Achieving Anonymity against Major Face Recognition Algorithms
An ever-increasing number of personal photos is stored online. This trend can be problematic, because face recognition software can undermine user privacy in unexpected ways. Face de-identification aims to pre...
-
Chapter and Conference Paper
Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms
Passwords are still the preferred method of user authentication for a large number of applications. In order to derive cryptographic keys from (human-entered) passwords, key-derivation functions are used. One ...
-
Chapter and Conference Paper
Deniable Encryption with Negligible Detection Probability: An Interactive Construction
Deniable encryption, introduced in 1997 by Canetti, Dwork, Naor, and Ostrovsky, guarantees that the sender or the receiver of a secret message is able to “fake” the message encrypted in a specifi...
-
Chapter and Conference Paper
Speaker Recognition in Encrypted Voice Streams
Transmitting voice communication over untrusted networks puts personal information at risk. Although voice streams are typically encrypted to prevent unwanted eavesdrop**, additional features of voice commun...
-
Article
Conditional reactive simulatability
Simulatability has established itself as a salient notion for defining and proving the security of cryptographic protocols since it entails strong security and compositionality guarantees, which are achieved b...
-
Chapter and Conference Paper
OAEP Is Secure under Key-Dependent Messages
Key-dependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. We extend ...
-
Chapter and Conference Paper
On Simulatability Soundness and Map** Soundness of Symbolic Cryptography
The abstraction of cryptographic operations by term algebras, called Dolev-Yao models or symbolic cryptography, is essential in almost all tool- supported methods for proving security protocols. Recently signi...
-
Chapter and Conference Paper
Conditional Reactive Simulatability
Simulatability has established itself as a salient notion for defining and proving the security of cryptographic protocols since it entails strong security and compositionality guarantees, which are achieved b...
-
Chapter and Conference Paper
An Algebra for Composing Enterprise Privacy Policies
Enterprise privacy enforcement allows enterprises to internally enforce a privacy policy that the enterprise has decided to comply to. To facilitate the compliance with different privacy policies when several ...