Passwords and PINs are still the most deployed authentica-tion mechanisms and their protection is a classical branch of research in computer security. Several password schemes, as well as more sophisticated tokens, algorithms, and protocols, have been proposed during the last years. Some proposals require dedicated devices, such as biometric sensors,… (More)
In this paper we address the problem of estimating the number of stations in a wireless network. Under the assumption that each station can detect collisions, we show that it is possible to estimate the number stations in the network within a factor 2 from the correct value in time O(log n log log n). We further show that if no station can detect… (More)
Context-aware access control systems should reactively adapt access control decisions to dynamic environmental conditions. In this paper we present an extension of the TRBAC model that allows the specification and enforcement of general reactive policies. Then we extend XACML to support the new model, and illustrate a prototype implementation of the PDP.
Introduction The economic value of user profiles Rich user profiles = Money An incentive for providers to collect lots of personal (sensitive) information (and sell it!) user name, birth date, gender, detailed address, credit card information ESORICS'11 – 14/9/2011 Introduction The economic value of user profiles Rich user profiles = Money An incentive for… (More)
We study network load games, a class of routing games in networks which generalize selfish routing games on networks consisting of parallel links. In these games, each user aims to route some traffic from a source to a destination so that the maximum load she experiences in the links of the network she occupies is minimum given the routing decisions of… (More)
Graphical passwords are a promising research branch, but implementation of many proposed schemes often requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, such as old-fashioned ATM terminals. Furthermore, most of the time, such schemes lack a careful security analysis. In this paper, we… (More)
In this paper we evaluate the security of a two-factor Graph-ical Password scheme proposed in . As in the original paper, we model the attack of a passive adversary as a boolean formula whose truth assignment corresponds to the user secret. We show that there exist a small number of secrets that a passive adversary cannot extract, independently from the… (More)