In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approac...In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approach to embedding sophisticated phishing detection within a password manager’s framework, called PhishGuard. PhishGuard uses a Large Language Model (LLM), specifically a fine-tuned BERT algorithm that works in real time, where URLs fed by the user in the credentials are analyzed and authenticated. This approach enhances user security with its provision of real-time protection from phishing attempts. Through rigorous testing, this paper illustrates how PhishGuard has scored well in tests that measure accuracy, precision, recall, and false positive rates.展开更多
With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware ...With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.展开更多
To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnera...To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.展开更多
An intelligent detecting system based on wireless transmission is designed. Its hardware includes the card reading module, the wireless digital transmission module, the LCD module, the random password keyboard module ...An intelligent detecting system based on wireless transmission is designed. Its hardware includes the card reading module, the wireless digital transmission module, the LCD module, the random password keyboard module and a 16×16 lattice word database based on e-Flash MM36SB020. Its software is a communication protocol between the central control computer and the entrance management base station. To resolve the conflicting problems occurred during the data transmission, a method of delaying time at random is proposed.展开更多
Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et ...Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et al. proposed the first constant-round password-based group key ex- change with different passwords for such net- works. In 2008, Nam et al. discovered the short- comings of the scheme, and modified it. But the works only provide the group key. In this paper, we propose a password-based secure communication scheme for the loT, which could be applied in the battlefield communication systems and support dy- namic group, in which the nodes join or leave. By performing the scheme, the nodes in the heteroge- neous MANET can realize secure broadcast, secure unicast, and secure direct communication across realms. After the analyses, we demonstrate that the scheme is secure and efficient.展开更多
Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However...Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.展开更多
Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Sh...Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text-password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.展开更多
文摘In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approach to embedding sophisticated phishing detection within a password manager’s framework, called PhishGuard. PhishGuard uses a Large Language Model (LLM), specifically a fine-tuned BERT algorithm that works in real time, where URLs fed by the user in the credentials are analyzed and authenticated. This approach enhances user security with its provision of real-time protection from phishing attempts. Through rigorous testing, this paper illustrates how PhishGuard has scored well in tests that measure accuracy, precision, recall, and false positive rates.
基金funded by the College-level Characteristic Teaching Material Project(Project No.20220119Z0221)The College Teaching Incubation Project(Project No.20220120Z0220)+3 种基金The Ministry of Education Industry-University Cooperation Collaborative Education Project(Project No.20220163H0211)The Central Universities Basic Scientific Research Fund(Project No.3282024009,20230051Z0114,and 20230050Z0114)The Beijing Higher Education“Undergraduate Teaching Reform and Innovation Project”(Project No.20220121Z0208 and 202110018002)The College Discipline Construction Project(Project No.20230007Z0452 and 20230010Z0452)。
文摘With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.
基金Acknowledgements This work was supported by the National Natural ScienceFoundation of China under Grants No. 60873191, No. 60903152, No. 60821001, and the Beijing Natural Science Foundation under Grant No. 4072020.
文摘To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.
文摘An intelligent detecting system based on wireless transmission is designed. Its hardware includes the card reading module, the wireless digital transmission module, the LCD module, the random password keyboard module and a 16×16 lattice word database based on e-Flash MM36SB020. Its software is a communication protocol between the central control computer and the entrance management base station. To resolve the conflicting problems occurred during the data transmission, a method of delaying time at random is proposed.
基金supported by National Natural Science Foundation of China(Grant Nos.60873191,60903152,61003286,60821001)
文摘Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et al. proposed the first constant-round password-based group key ex- change with different passwords for such net- works. In 2008, Nam et al. discovered the short- comings of the scheme, and modified it. But the works only provide the group key. In this paper, we propose a password-based secure communication scheme for the loT, which could be applied in the battlefield communication systems and support dy- namic group, in which the nodes join or leave. By performing the scheme, the nodes in the heteroge- neous MANET can realize secure broadcast, secure unicast, and secure direct communication across realms. After the analyses, we demonstrate that the scheme is secure and efficient.
基金This work is supported by The National Natural Science Foundation of China (Nos.U1536121,61370195).
文摘Android applications are associated with a large amount of sensitive data,therefore application developers use encryption algorithms to provide user data encryption,authentication and data integrity protection.However,application developers do not have the knowledge of cryptography,thus the cryptographic algorithm may not be used correctly.As a result,security vulnerabilities are generated.Based on the previous studies,this paper summarizes the characteristics of password misuse vulnerability of Android application software,establishes an evaluation model to rate the security level of the risk of password misuse vulnerability and develops a repair strategy for password misuse vulnerability.And on this basis,this paper designs and implements a secure container for Android application software password misuse vulnerability:CM-Droid.
文摘Text-based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy and Minimum entropy. We show how to substantially improve upon the strength of passwords based on the analysis of text-password entropies. By analyzing the passwords datasets of Rockyou and 163.com, we believe strong password can be designed based on good usability, deployability, rememberbility, and security entropies.
