Reliable Password Hardening Service with Opt-Out

As the most dominant authentication mechanism, password-based authentication suffers catastrophic offline password guessing attacks once the authentication server is compromised and the password database is leaked. Password hardening (PH) service, an external/third-party crypto service, has been recently proposed to strengthen password storage and reduce the damage of authentication server compromise. However, all existing schemes are unreliable because they overlook the important restorable property: PH service opt-out. In existing PH schemes, once the authentication server has subscribed to a PH service, it must adopt this service forever, even if it wants to stop the external/third-party PH service and restore its original password storage (or subscribe to another PH service). To fill the gap, we propose a new PH service called PW-Hero that equips its PH service with an option to terminate its use (i.e., opt-out). In PW-Hero, password authentication is strengthened against offline attacks by adding external secret spices to password records. With the opt-out property, authentication servers can proactively request to end the PH service after successful authentications. Then password records can be securely migrated to their traditional salted hash state, ready for subscription to other PH services. Besides, PW-Hero achieves all existing desirable properties, such as comprehensive verifiability, rate limits against online attacks, and user privacy. We define PW-Hero as a suite of protocols that meet desirable properties and build a simple, secure, and efficient instance. Moreover, we develop a prototype implementation and evaluate its performance, which shows the practicality of our PW-Hero service

Denial-of-Service Attacks on Host-Based Generic Unpackers

China National Science FoundationThis research was mostly done when the first three authors, Limin Liu, Jiang Ming, and Zhi Wang, were researchers working in Singapore Management University. It was partially supported by National Science Foundation (NSF) China under the agreements 90718005, 70890084/G021102, and 60573015.</p

Predicting Driver Behavior during the Yellow Interval Using Video Surveillance

At a signalized intersection, drivers must make a stop/go decision at the onset of the yellow signal. Incorrect decisions would lead to red light running (RLR) violations or crashes. This study aims to predict drivers’ stop/go decisions and RLR violations during yellow intervals. Traffic data such as vehicle approaching speed, acceleration, distance to the intersection, and occurrence of RLR violations are gathered by a Vehicle Data Collection System (VDCS). An enhanced Gaussian Mixture Model (GMM) is used to extract moving vehicles from target lanes, and the Kalman Filter (KF) algorithm is utilized to acquire vehicle trajectories. The data collected from the VDCS are further analyzed by a sequential logit model, and the relationship between drivers’ stop/go decisions and RLR violations is identified. The results indicate that the distance of vehicles to the stop line at the onset of the yellow signal is an important predictor for both drivers’ stop/go decisions and RLR violations. In addition, vehicle approaching speed is a contributing factor for stop/go decisions. Furthermore, the accelerations of vehicles after the onset of the yellow signal are positively related to RLR violations. The findings of this study can be used to predict the probability of drivers’ RLR violations and improve traffic safety at signalized intersections