| |
| | When Keystroke Meets Password: Attacks and Defenses |
| LIU Ximing
PhD Candidate
School of Information Systems
Singapore Management University
|
Research Area
Dissertation Committee
Chairman
Committee Members
|
| |
Date
August 23, 2018 (Thursday) |
Time
10.00am - 11.00am |
Venue
Meeting Room 4.4, Level 4,
School of Information Systems,
Singapore Management University,
80 Stamford Road
Singapore 178902 | We look forward to seeing you at this research seminar.
|
|
|
| | About The Talk
Password is a prevalent mean used for user authentication in pervasive computing environments due to its simplicity and convenience. However, the use of passwords has its intrinsic problems because of the involvement of keystroke. In this dissertation proposal, we propose the first user-independent inter-keystroke timing attack on PINs. Our attack method is based on an inter-keystroke timing dictionary built from a human cognitive model whose parameters can be determined by a small amount of training data on any users. Keystroke timing information can also be used to protect users' accounts. We further propose Typing-Proof, a usable, secure and low-cost two-factor authentication mechanism. It eliminates the user-phone interaction in the most cases and can effectively defend against the existing attacks to recent 2FA mechanisms. | | | Speaker Biography
LIU Ximing is a PhD candidate in Cybersecurity at School of Information Systems, Singapore Management University. He is advised by Associate Professor Yingjiu Li and AXA Chair Professor Robert H. Deng. In his PhD study, he focuses on user authentication and side-channel attacks. |
|
