Learn More
Passwords and PINs are still the most deployed authentica-tion mechanisms and their protection is a classical branch of research in computer security. Several password schemes, as well as more sophisticated tokens, algorithms, and protocols, have been proposed during the last years. Some proposals require dedicated devices, such as biometric sensors,(More)
In this paper we describe a primitive, which we call, Certified Information Access, in which a database answers to a query by providing the information matching the query along with a proof that such information are consistent with the actual content of the database. We show that such a primitive can be securely implemented in a distributed fashion.(More)
Introduction The economic value of user profiles Rich user profiles = Money An incentive for providers to collect lots of personal (sensitive) information (and sell it!) user name, birth date, gender, detailed address, credit card information ESORICS'11 – 14/9/2011 Introduction The economic value of user profiles Rich user profiles = Money An incentive for(More)
In this paper, we propose a new proactive password checker, a program which prevents the choice of easy-to-guess passwords. The checker uses a decision tree, constructed applying the minimum description length principle and a pessimistic pruning technique. Experimental results show a substantial improvement in performance of this checker compared to(More)
It is often observed that agents tend to imitate the behavior of their neighbors in a social network. This imitating behavior might lead to the strategic decision of adopting a public behavior that differs from what the agent believes is the right one and this can subvert the behavior of the population as a whole. In this paper, we consider the case in(More)
This paper deals with the access control problem. We assume that valuable resources need to be protected against unauthorized users and that, to this aim, a password-based access control scheme is employed. Such an abstract scenario captures many applicative settings. The issue we focus our attention on is the following: password-based schemes provide a(More)