Password-Based Authentication and Phishing

The most common mechanism for online authenti- cation is the username-password. Majority of e- commerce applications are designed to provide pass- word authentication via an HTML form, with the assumption that the user needs to determine if it is safe to enter the password. In order to avoid phish- ing attacks, the user is expected to distinguish be- tween a phishing and a genuine website by checking the browser security indicators. Alternative authentication models suggest using images for authentication, introducing variations of Password Authenticated Key Exchange (PAKE) pro- tocols into TLS, using digital objects as passwords. Some authentication models suggest sending one- time password (OTP) tokens out-of-band to the user. Most computer users have too many passwords and keep forgetting them. Common issue for all authen- tication models is how to restore a legitimate user access to their account without authentication, i.e. password reset. In this paper, we investigate current password based authentication models and review their impact on phishing. We investigate two categories of issues 1) deployment obstacles for the \u27stronger\u27 authenti- cation models, and 2) security issues created by the number of passwords user needs to memorize

Security and privacy aspects of mobile applications for post-surgical care

Mobile technologies have the potential to improve patient monitoring, medical decision making and in general the efficiency and quality of health delivery. They also pose new security and privacy challenges. The objectives of this work are to (i) Explore and define security and privacy requirements on the example of a post-surgical care application, and (ii) Develop and test a pilot implementation Post-Surgical Care Studies of surgical out- comes indicate that timely treatment of the most common complications in compliance with established post-surgical regiments greatly improve success rates. The goal of our pilot application is to enable physician to optimally synthesize and apply patient directed best medical practices to prevent post-operative complications in an individualized patient/procedure specific fashion. We propose a framework for a secure protocol to enable doctors to check most common complications for their patient during in-hospital post- surgical care. We also implemented our construction and cryptographic protocols as an iPhone application on the iOS using existing cryptographic services and libraries