• Publications
  • Influence
Crowds: anonymity for Web transactions
The design, implementation, security, performance, and scalability of the Crowds system for protecting users' anonymity on the world-wide-web are described and degrees of anonymity as an important tool for describing and proving anonymity properties are introduced.
The Design and Analysis of Graphical Passwords
This work proposes and evaluates new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords and describes the prototype implementation of one of the schemes on a personal digital assistants (PDAs) namely the Palm PilotTM.
Zerocoin: Anonymous Distributed E-Cash from Bitcoin
Zerocoin is proposed, a cryptographic extension to Bitcoin that augments the protocol to allow for fully anonymous currency transactions and uses standard cryptographic assumptions and does not introduce new trusted parties or otherwise change the security model of Bitcoin.
Keystroke dynamics as a biometric for authentication
A framework for detection and measurement of phishing attacks
It is found that it is often possible to tell whether or not a URL belongs to a phishing attack without requiring any knowledge of the corresponding page data.
Charm: a framework for rapidly prototyping cryptosystems
The modular architecture of Charm is described, which includes a built-in benchmarking module to compare the performance of Charm primitives to existing C implementations, and it is shown that in many cases the techniques result in an order of magnitude decrease in code size, while inducing an acceptable performance impact.
Authentication via keystroke dynamics
A database of 42 profiles was constructed based on keystroke patterns gathered from various users performing structured and unstructured tasks, and a toolkit for analyzing system performance under varying criteria is presented.
Analysis of an electronic voting system
It is shown that voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal software, and that any paperless electronic voting system might suffer similar flaws, despite any certification it could have otherwise received.
Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
It is concluded that 802.11 WEP is totally insecure, and some recommendations are provided to make the attack more efficient.
Anonymous Web transactions with Crowds
The thesis is Web users should have the ability to limit what information is revealed about them and to whom it is revealed.