Authentication and Identity Management

• Identity Theft and Authentication

  • M. Mannan, P.C. van Oorschot. Localization of Credential Information to Address Increasingly Inevitable Data Breaches. New Security Paradigms Workshop 2008 (NSPW'08), Lake Tahoe, California, USA, Sept. 22-25, 2008.
  • D. Nali, P.C. van Oorschot, A. Adler. VideoTicket: Detecting Identity Fraud Attempts via Audiovisual Certificates and Signatures. New Security Paradigms Workshop (NSPW'07), Sep. 2007, New Hampshire, USA.
  • M. Mannan, P.C. van Oorschot. Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. Financial Cryptography and Data Security (FC'07), Lowlands, Scarborough, Trinidad and Tobago, Feb.12-15, 2007. Extended version: Technical Report TR-07-11 (Mar 2007).
  • D. Nali, P.C. van Oorschot. CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud. European Symposium on Research in Computer Security (ESORICS'08). Oct. 2008, Malaga, Spain. Extended version (December 2008): Technical Report TR-06-14.
  • P.C. van Oorschot, S. Stubblebine. Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling. Financial Cryptography and Data Security (FC'05). Feb. 2005, Roseau, The Commonwealth Of Dominica. Extended version (December 2005): Technical Report TR-05-12.

  • Bank-card PIN Security

    • M. Mannan, P.C. van Oorschot. Reducing Threats from Flawed Security APIs: The Banking PIN Case. Computers & Security (vol.28 no.6, pp.410-420). Sept. 2009.
    • M. Mannan, P.C. van Oorschot. Weighing Down "The Unbearable Lightness of PIN Cracking". Financial Cryptography and Data Security (FC'08), Jan. 2008, Cozumel, Mexico. Extended version: Technical Report TR-08-08 (April 2008).

• Passwords and Alternatives

  (See also Security and Usability.)
  
  
  • C. Herley, P.C. van Oorschot, A.S. Patrick. Passwords: If We're So Smart, Why Are We Still Using Them?. Financial Cryptography and Data Security (FC 2009), 13th International Conference, Rockley, Christ Church, Barbados, Feb. 2009.

  • ObPwd

    • M. Mannan, P.C. van Oorschot. Digital Objects as Passwords. USENIX HotSec'08 (3rd Workshop on Hot Topics in Security). July 2008, San Jose, CA, USA.
    • Selected press; Information/Download page

  • Graphical Passwords

    • P.C. van Oorschot, T. Wan. TwoStep: An Authentication Method Combining Text and Graphical Passwords. MCETECH 2009: 4th International MCETECH Conference on eTechnologies, Ottawa, Canada, May 2009.
    • S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. User Interface Design Affects Security: Patterns in Click-Based Graphical Passwords. Int. J. Inf. Security 8(6):387-398 (Dec.2009, Springer).
    • A. Salehi-Abari, J. Thorpe, P.C. van Oorschot. On Purely Automated Attacks and Click-Based Graphical Passwords. 24th Annual Computer Security Applications Conference (ACSAC'08). Dec. 2008, Anaheim, CA, USA. Technical Report (June 2008): TR-08-15.
    • S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. Human-Computer Interaction (HCI'08), Sep. 2008, Liverpool, UK.
    • S. Chiasson, J. Srinivasan, R. Biddle, P. van Oorschot. Centered Discretization with Application to Graphical Passwords. USENIX Usability, Psychology and Security (UPSEC'08), Apr. 2008, San Francisco, CA, USA.
    • P.C. van Oorschot, J. Thorpe. On Predictive Models and User-Drawn Graphical Passwords. ACM TISSEC, Vol. 10, No. 4. Jan. 2008.
    • S. Chiasson, P.C. van Oorschot, R. Biddle. Graphical Password Authentication Using Cued Click Points. ESORICS Sep. 2007, Dresden, Germany.
    • S. Chiasson, Robert Biddle, P.C. van Oorschot. A Second Look at the Usability of Click-Based Graphical Passwords. 2007 Symposium on Usable Privacy and Security (SOUPS 2007), July 18-20 2007, Pittsburgh, PA. USA.
    • J. Thorpe, P.C. van Oorschot. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. 16th USENIX Security Symposium, Aug.6-10 2007, Boston, MA, USA.
    • J. Thorpe, P. C. van Oorschot. Towards Secure Design Choices for Implementing Graphical Passwords. Annual Computer Security Applications Conference (ACSAC'04). Dec. 2004,Tucson, AZ, USA.
    • J. Thorpe, P. C. van Oorschot. Graphical Dictionaries and the Memorable Space of Graphical Passwords. USENIX Security Symposium. Aug. 2004, San Diego, CA, USA.

  • PassThoughts

    • J. Thorpe, P. C. van Oorschot, A. Somayaji. Pass-thoughts: Authenticating With Our Minds. New Security Paradigms Workshop, (NSPW'05). Sep. 2005, Lake Arrowhead, CA, USA.
    • Selected press

  • Online Dictionary Attacks and Defenses

    • P. C. van Oorschot, S. Stubblebine. On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. ACM Transactions on Information and System Security (TISSEC), Vol. 9, No. 3, Aug. 2006.
    • S. Stubblebine, P. C. van Oorschot. Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. Financial Cryptography and Data Security (FC'04). Feb. 2004, Key West, FL, USA.

• Message Authentication Through Corroboration

  • P. C. van Oorschot. Message Authentication by Integrity with Public Corroboration. New Security Paradigms Workshop, (NSPW'05), Sep. 2005, Lake Arrowhead, CA, USA.