2,089 research outputs found
Passwords and the evolution of imperfect authentication
Theory on passwords has lagged practice, where large providers use back-end smarts to survive with imperfect technology.This is the author accepted manuscript. The final version is available from ACM via http://dx.doi.org/10.1145/269939
A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends
This paper examines the security vulnerabilities and threats imposed by the
inherent open nature of wireless communications and to devise efficient defense
mechanisms for improving the wireless network security. We first summarize the
security requirements of wireless networks, including their authenticity,
confidentiality, integrity and availability issues. Next, a comprehensive
overview of security attacks encountered in wireless networks is presented in
view of the network protocol architecture, where the potential security threats
are discussed at each protocol layer. We also provide a survey of the existing
security protocols and algorithms that are adopted in the existing wireless
network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term
evolution (LTE) systems. Then, we discuss the state-of-the-art in
physical-layer security, which is an emerging technique of securing the open
communications environment against eavesdropping attacks at the physical layer.
We also introduce the family of various jamming attacks and their
counter-measures, including the constant jammer, intermittent jammer, reactive
jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the
integration of physical-layer security into existing authentication and
cryptography mechanisms for further securing wireless networks. Finally, some
technical challenges which remain unresolved at the time of writing are
summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale
In this paper we provide evidence of an emerging criminal infrastructure
enabling impersonation attacks at scale. Impersonation-as-a-Service (ImpaaS)
allows attackers to systematically collect and enforce user profiles
(consisting of user credentials, cookies, device and behavioural fingerprints,
and other metadata) to circumvent risk-based authentication system and
effectively bypass multi-factor authentication mechanisms. We present the
ImpaaS model and evaluate its implementation by analysing the operation of a
large, invite-only, Russian ImpaaS platform providing user profiles for more
than Internet users worldwide. Our findings suggest that the ImpaaS
model is growing, and provides the mechanisms needed to systematically evade
authentication controls across multiple platforms, while providing attackers
with a reliable, up-to-date, and semi-automated environment enabling target
selection and user impersonation against Internet users as scale.Comment: Presented at ACM CCS 2020. Appendix on "Deriving a Threat Model from
Observation" available at
https://michelecampobasso.github.io/publication/2020-11-10-impaa
- …