Cormac Herley

Learn More
In recent years, BitTorrent has emerged as a very scalable peer-to-peer file distribution mechanism. While early measurement and analytical studies have verified BitTorrent’s performance, they have also raised questions about various metrics (upload utilization, fairness, etc.), particularly in settings other than those measured. In this paper, we present a(More)
Wavelets, filter banks and multiresolution signal analysis, have been used independently in the fields of applied mathematics, computer vision and signal processing. It is interesting to note that they performed similar functions in different fields. It is recently, that they converged to form a single theory. In the paper, it is shown that the fundamental(More)
We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical(More)
It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users' rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs(More)
We examine the password policies of 75 different websites. Our goal is understand the enormous diversity of requirements: some will accept simple six-character passwords, while others impose rules of great complexity on their users. We compare different features of the sites to find which characteristics are correlated with stronger policies. Our results(More)
Much attention has been devoted recently to the underground economy, and in particular to the IRC markets for stolen identities, phishing kits, botnets, and cybercrime related services. It is suggested that sophisticated underground markets show great specialization and maturity. There are complex divisions of labor and service offerings for every need.(More)
We propose to strengthen user-selected passwords against statistical-guessing attacks by allowing users of Internetscale systems to choose any password they want—so long as it’s not already too popular with other users. We create an oracle to identify undesirably popular passwords using an existing data structure known as a count-min sketch, which we(More)