Learn More
—People enjoy the convenience of on-line services, but online environments may bring many risks. In this paper, we discuss how to prevent users' passwords from being stolen by adversaries. We propose a virtual password concept involving a small amount of human computing to secure users' passwords in on-line environments. We adopt user-determined randomized(More)
In most cases authors are permitted to post their version of the article (e.g. in Word or Tex form) to their personal website or institutional repository. Authors requiring further information regarding Elsevier's archiving and manuscript policies are encouraged to visit: Keywords: Security Password On-line services User ID ATM machines a b s t r a c t(More)
—In this paper, we discuss how to prevent users' passwords from being stolen by adversaries. We propose differentiated security mechanisms in which a user has the freedom to choose a virtual password scheme ranging from weak security to strong security. The tradeoff is that the stronger the scheme, the more complex the scheme may be. Among the schemes, we(More)
In this paper, based on a Linear Congruential Generator (LCG), we propose a new block cipher that is suitable for constructing a lightweight secure protocol for resource-constrained wireless sensor networks. Based on the Plum-stead's inference algorithm, we are motivated to embed the generated pseudo-random numbers with sensor data messages in order to(More)
In this paper, based on a Linear Congruential Generator (LCG), we propose a new block cipher that is suitable for constructing a lightweight secure protocol for resource-constrained wireless sensor networks. From the cryptanalysis point of view, our building block is considered secure if the attacker cannot obtain the pseudo-random numbers generated by the(More)
—People enjoy the convenience of on-line services, Automated Teller Machines (ATMs), and pervasive computing, but online environments, ATMs, and pervasive computing may bring many risks. In this paper, we discuss how to prevent users' passwords from being stolen by adversaries. We propose a virtual password concept involving a small amount of human(More)
Modern web applications often suffer from command injection attacks. Even when equipped with sanitization code, many systems can be penetrated due to software bugs. It is desirable to automatically discover such vulnerabilities, given the bytecode of a web application. One approach would be symbolically executing the target system and constructing(More)
In most cases authors are permitted to post their version of the article (e.g. in Word or Tex form) to their personal website or institutional repository. Authors requiring further information regarding Elsevier's archiving and manuscript policies are encouraged to visit: a b s t r a c t Recent advances in wireless networks and embedded systems have created(More)
Given the bytecode of a software system, is it possible to automatically generate attack signatures that reveal its vulnerabilities? A natural solution would be symbolically executing the target system and constructing constraints for matching path conditions and attack patterns. Clearly, the constraint solving technique is the key to the above research.(More)