LEADER 08495nam 22009135 450 001 9910483382603321 005 20200629230540.0 010 $a3-319-29938-7 024 7 $a10.1007/978-3-319-29938-9 035 $a(CKB)3710000000627338 035 $a(SSID)ssj0001661094 035 $a(PQKBManifestationID)16438005 035 $a(PQKBTitleCode)TC0001661094 035 $a(PQKBWorkID)14986037 035 $a(PQKB)11745679 035 $a(DE-He213)978-3-319-29938-9 035 $a(MiAaPQ)EBC6283747 035 $a(MiAaPQ)EBC5591871 035 $a(Au-PeEL)EBL5591871 035 $a(OCoLC)946031151 035 $a(PPN)192771620 035 $a(EXLCZ)993710000000627338 100 $a20160330d2016 u| 0 101 0 $aeng 135 $aurnn|008mamaa 181 $ctxt 182 $cc 183 $acr 200 10$aTechnology and Practice of Passwords $e9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings /$fedited by Frank Stajano, Stig F. Mjølsnes, Graeme Jenkinson, Per Thorsheim 205 $a1st ed. 2016. 210 1$aCham :$cSpringer International Publishing :$cImprint: Springer,$d2016. 215 $a1 online resource (XV, 151 p. 19 illus. in color.) 225 1 $aSecurity and Cryptology ;$v9551 300 $aBibliographic Level Mode of Issuance: Monograph 311 $a3-319-29937-9 320 $aIncludes bibliographical references and index. 327 $aIntro -- Preface -- Organization -- Non-refereed Presentations -- Contents -- Human Factors -- Expert Password Management -- 1 Introduction -- 2 Background -- 2.1 Coping Strategies -- 2.2 Security Practices of Experts and Non-Experts -- 3 Study -- 4 Results Overview -- 5 Thematic Analysis -- 5.1 Expert Awareness -- 5.2 Combining Strategies to Remember Passwords -- 5.3 A Personal Assessment of Risk -- 5.4 Usability Problems -- 6 Discussion -- 6.1 What Do Experts Do Right? -- 6.2 What Do Experts Do Wrong? -- 7 Conclusion -- References -- Assessing the User Experience of Password Reset Policies in a University -- 1 Introduction -- 2 Related Work -- 3 Methodology -- 3.1 Systems Under Analysis -- 3.2 Helpdesk Log Analysis -- 3.3 User Interviews -- 3.4 NASA Raw Task Load Index (NASA-RTLX) -- 4 Results: Helpdesk Log Analysis -- 4.1 Results -- 5 Results: User Interviews and NASA-RTLX -- 5.1 Results -- 5.2 RTLX Data Analysis -- 6 Discussion -- 6.1 Recommendations for Practitioners -- 7 Conclusions -- References -- Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper) -- 1 Introduction -- 1.1 Related Work -- 2 Methodology -- 3 Strength Evaluation -- 4 Conclusion -- References -- ITSME: Multi-modal and Unobtrusive Behavioural User Authentication for Smartphones -- 1 Introduction -- 2 Related Work -- 2.1 Unimodal Systems -- 2.2 Multimodal Systems -- 3 Background -- 3.1 Considered Sensors -- 3.2 Considered Classifiers -- 3.3 Performance Metric -- 4 Our Solution -- 4.1 Setup -- 4.2 Data Collection -- 4.3 Feature Extraction -- 4.4 Data Fusion -- 4.5 Decision Making -- 5 Parameters -- 5.1 Parameters -- 6 Results -- 6.1 Unimodal Systems -- 6.2 Multimodal Systems -- 7 Discussion -- 8 Conclusion and Future Work -- References -- Attacks -- Verification Code Forwarding Attack (Short Paper) -- 1 Introduction. 327 $a2 SMS-Based Verification and Its Security -- 3 Study Procedures -- 3.1 Experiment -- 3.2 Semi-structured Interview -- 3.3 Survey -- 4 Conclusion -- References -- What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks -- 1 Introduction -- 2 Related Work -- 3 Data Collection Methodology -- 4 Characteristics of Attacking Systems -- 4.1 Number of IPs per /24 -- 4.2 Countries with the Most Aggressive Sources -- 4.3 IP Addresses as a Ratio of the Total Allocation per Country -- 5 Password Analysis -- 5.1 Password Length -- 5.2 Password Composition Compared to Known Dictionaries -- 5.3 Dictionary Sharing and Splitting Among Sources -- 5.4 Reattempting Username-Password Combination -- 6 Username Analysis -- 7 Timing Analysis -- 8 Recommendations -- 9 Conclusion -- References -- Cryptography -- Catena Variants -- 1 Introduction -- 2 Preliminaries -- 2.1 Notational Conventions -- 2.2 Catena -- 3 Hash-Function Instantiations -- 4 Using Different Graphs -- 4.1 (g,)-Bit-Reversal Graph -- 4.2 Shifted (g,)-Bit-Reversal Graph -- 4.3 (g,,)-Gray-Reverse Graph -- 4.4 Tradeoff Resistance -- 5 Extensions -- 6 Discussion and Recommendations -- 7 Conclusion -- A Memory-Hardness and Garbage-Collector Attacks -- A.1 Memory-Hardness -- A.2 (Weak) Garbage-Collector Attacks -- B Hash-Function Instantiations -- B.1 Compression Function of Argon2 -- B.2 BlaMka -- B.3 Galois-Field Multiplication -- B.4 MultHash -- C Extensions of Catena -- C.1 Password-Independent Random Layer -- C.2 Password-Dependent Random Layer -- D Penalties Caused by Shifting Sampling Points -- References -- On Password-Authenticated Key Exchange Security Modeling -- 1 Introduction -- 2 Different BPR-style Models -- 2.1 The Models' Main Foundations -- 2.2 Differences in Accepting, Terminating, and Partnering -- 2.3 A Bug in the RoR Model -- 3 A Well-Motivated Definition -- 3.1 The Definition Itself. 327 $a3.2 Examples of How It Functions -- 4 The Quality of Partner Uniqueness -- 4.1 An Obstacle Caused by the test query -- 4.2 A ``secure'' PAKE Protocol Where Non-negligible Multiple Partnering May Occur -- 4.3 Lessons Learned on Requirements -- 5 Conclusion and Future Work -- A BPR-style Models Revisited -- References -- Strengthening Public Key Authentication Against Key Theft (Short Paper) -- 1 Introduction -- 1.1 Threat Model -- 2 Revocable Public Key Authentication -- 2.1 Basic RSA Authentication -- 2.2 The Mediator Service -- 3 Rate Limiting Password Guesses -- 3.1 Key Fragment Encryption -- 3.2 Authenticating Requests to the Mediator -- 4 Conclusion -- References -- Author Index. 330 $aThis book constitutes the thoroughly refereed post-conference proceedings of the 9th International Conference on Passwords, PASSWORDS 2015, held in Cambridge, UK, in December 2015. The 6 revised full papers presented together with 3 revised short papers were carefully reviewed and selected from 32 initial submissions. The papers are organized in topical sections on human factors, attacks, and cryptography. 410 0$aSecurity and Cryptology ;$v9551 606 $aComputer security 606 $aComputer communication systems 606 $aData encryption (Computer science) 606 $aManagement information systems 606 $aComputer science 606 $aAlgorithms 606 $aComputers and civilization 606 $aSystems and Data Security$3https://scigraph.springernature.com/ontologies/product-market-codes/I28060 606 $aComputer Communication Networks$3https://scigraph.springernature.com/ontologies/product-market-codes/I13022 606 $aCryptology$3https://scigraph.springernature.com/ontologies/product-market-codes/I28020 606 $aManagement of Computing and Information Systems$3https://scigraph.springernature.com/ontologies/product-market-codes/I24067 606 $aAlgorithm Analysis and Problem Complexity$3https://scigraph.springernature.com/ontologies/product-market-codes/I16021 606 $aComputers and Society$3https://scigraph.springernature.com/ontologies/product-market-codes/I24040 615 0$aComputer security. 615 0$aComputer communication systems. 615 0$aData encryption (Computer science). 615 0$aManagement information systems. 615 0$aComputer science. 615 0$aAlgorithms. 615 0$aComputers and civilization. 615 14$aSystems and Data Security. 615 24$aComputer Communication Networks. 615 24$aCryptology. 615 24$aManagement of Computing and Information Systems. 615 24$aAlgorithm Analysis and Problem Complexity. 615 24$aComputers and Society. 676 $a005.82 702 $aStajano$b Frank$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aMjølsnes$b Stig F$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aJenkinson$b Graeme$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aThorsheim$b Per$4edt$4http://id.loc.gov/vocabulary/relators/edt 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910483382603321 996 $aTechnology and Practice of Passwords$92831059 997 $aUNINA