Go back to homepage.
Authentication and Authorization
- (Oakland'19) Why Does Your Data Leak? Uncovering the Data Leakage in Cloud From Mobile Apps
This project seeks to understand data leaks in mobile backend as a service (mBaaS) due to lack of authentication, misuse of various authentication keys, and misconfiguration of user permissions in authorization.
- (ACSAC'18) A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites
This project conducts a measurement study of such countermeasures against online password cracking. Towards this end, we propose a black-box approach to modeling and validating the websites' implementation of the rate-limiting mechanisms. We applied the tool to examine all 182 websites that we were able to analyze in the Alexa Top 500 websites in the United States.
- (NDSS'18) Face Flashing: A Secure Liveness Detection Protocol based on Light Reflections
Liveness detection is an important technique for defending face authentication systems against media-based facial forgery attacks. This paper proposes a new liveness detection protocol called Face Flashing: by randomly flashing well-designed pictures on a screen and analyzing the reflected light, our protocol has leveraged physical characteristics of human faces to detect real human faces.
- (CCS'10) The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis
In this project, we conducted the first large-scale study of the success of password expiration in meeting its intended purpose, namely revoking access to an account by an attacker who has captured the account's password.