Learn More
Fallback authentication, i.e., recovering access to an account after the password is lost, is an important aspect of real-world deployment of authentication solutions. However, most proposed and deployed mechanisms have substantial weaknesses that seriously degrade security and/or usability. e.g., the well-known security questions are often easy to guess. A(More)
In this paper, we address the overlooked problem of Cross-Site Scripting (XSS) on mobile versions of web applications. We have surveyed 100 popular mobile versions of web applications and detected XSS vulnerabilities in 81 of them. The inspected sites present a simplified version of the desktop web application for mobile devices; the survey includes sites(More)
The Advanced Encryption Standard (AES) became the standard for en-cryption to protect the sensitive information. With the increasing use of portable and wireless devices and demanding information security needs in embedded systems , prompted efforts to find fast software based implementation of AES encryp-tion/decryption capable of running on resource(More)
  • Ashar Javed
  • 2013
In this paper, we investigate the footprints of third-party tracking on the mobile web. The survey of 100 popular mobile versions of web applications indicates that third-party tracking is also prevalent on mobile web. The results show that 62 sites are tracking users' activities on mobile web and Google Analytics is the most widespread tracker on mobile(More)
This paper deals with the problem of privacy issues caused by the tracking activities of web advertisers. Web advertisers place cookies in the browser to track users' surfing behaviour across websites, mostly without his knowledge or consent. This paper proposes a fine-grained, per-site cookie management protocol. We implement our proposal as Mozilla(More)
Formal analysis is of importance in order to increase confidence that the protocol satisfies its security requirements. In particular, the results obtained from the formal analysis of the smart card security protocols when smart cards are used as a specific type of Secure Signature Creation Devices (SSCDs) are presented. SSCDs are developed to support the(More)
  • Ashar Javed
  • 2011
Modern web applications combine content from several sources (with varying security characteristics), and incorporate significant portion of user-supplied contents to enrich browsing experience. However, the de facto web protection model, the same-origin policy (SOP), has not adequately evolved to manage the security consequences of this additional(More)