As a widely used security device,the electronic passworded locker is designed to protect personal property and space.However,once the password is leaked to an unauthorized person,its security is lost.Here,with the ass...As a widely used security device,the electronic passworded locker is designed to protect personal property and space.However,once the password is leaked to an unauthorized person,its security is lost.Here,with the assistance of triboelectric nanogenerators(TENGs),we present an intelligent electronic passworded locker(IEPL)based on unique and personalized security barriers,which can accurately extract users’habits of entering passwords through integrated deep learning.The key of the IEPL adopts the single electrode mode of TENG that accurately recognizes the input behavior of a person based on machine learning,which serves as a reliable,unique,unreproducible gate,with advantages of thin thickness,diversified structure,and simple preparation method.Finally,the proposed IEPL offers a reliable solution for improving the overall security of passworded lockers and extending the application of TENG-based sensors in the smart home.展开更多
TarGuess-I is a leading model utilizing Personally Identifiable Information for online targeted password guessing.Due to its remarkable guessing performance,the model has drawn considerable attention in password secur...TarGuess-I is a leading model utilizing Personally Identifiable Information for online targeted password guessing.Due to its remarkable guessing performance,the model has drawn considerable attention in password security research.However,through an analysis of the vulnerable behavior of users when constructing passwords by combining popular passwords with their Personally Identifiable Information,we identified that the model fails to consider popular passwords and frequent substrings,and it uses overly broad personal information categories,with extensive duplicate statistics.To address these issues,we propose an improved password guessing model,TGI-FPR,which incorporates three semantic methods:(1)identification of popular passwords by generating top 300 lists from similar websites,(2)use of frequent substrings as new grammatical labels to capture finer-grained password structures,and(3)further subdivision of the six major categories of personal information.To evaluate the performance of the proposed model,we conducted experiments on six large-scale real-world password leak datasets and compared its accuracy within the first 100 guesses to that of TarGuess-I.The results indicate a 2.65%improvement in guessing accuracy.展开更多
“Li Ziqi”is not only a Chinese girl,but also a cultural brand of new media with certain international influence.Currently,she has more than 20 million fans on the YouTube platform.In July 2021,she stopped making wor...“Li Ziqi”is not only a Chinese girl,but also a cultural brand of new media with certain international influence.Currently,she has more than 20 million fans on the YouTube platform.In July 2021,she stopped making works,and then gradually faded from the public eye.Until November 12,2024,she released her new work“Carved Lacquer With Hidden Flowers,Carrying Auspiciousness!”For a while,the whole network was boiling,netizens rushed to tell each other,the video has been played more than 100 million times,and she easily returned to the“top of flow rate”.In today’s ever-changing world,why does her work continue to be popular after she stopped working for 1,200 days?The way of management is worth thinking about.This paper analyzes the Weibo comments data of her first work of comeback,to explore the cultural brand management strategy of new media.展开更多
In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approac...In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approach to embedding sophisticated phishing detection within a password manager’s framework, called PhishGuard. PhishGuard uses a Large Language Model (LLM), specifically a fine-tuned BERT algorithm that works in real time, where URLs fed by the user in the credentials are analyzed and authenticated. This approach enhances user security with its provision of real-time protection from phishing attempts. Through rigorous testing, this paper illustrates how PhishGuard has scored well in tests that measure accuracy, precision, recall, and false positive rates.展开更多
With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware ...With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.展开更多
Because the modified remote user authentication scheme proposed by Shen, Lin and Hwang is insecure, the Shen-Lin-Hwang' s scheme is improved and a new secure remote user authentication scheme based on the bi- linear ...Because the modified remote user authentication scheme proposed by Shen, Lin and Hwang is insecure, the Shen-Lin-Hwang' s scheme is improved and a new secure remote user authentication scheme based on the bi- linear parings is proposed. Moreover, the effectiveness of the new scheme is analyzed, and it is proved that the new scheme can prevent from all kinds of known attack. The one-way hash function is effective in the new scheme. The new scheme is proved that it has high effectiveness and fast convergence speed. Moreover, the ap- plication of the new scheme is easy and operational.展开更多
Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recent...Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.展开更多
To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnera...To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.展开更多
Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the ...Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the primary method in the future due to their simplicity and low cost.Considering the security and usability of passwords,we propose AvoidPwd,which is a novel mnemonic password generation strategy that is based on keyboard transformation.AvoidPwd helps users customize a“route”to bypass an“obstacle”and choose the characters on the“route”as the final password.The“obstacle”is a certain word using any language and the keys adjacent to the“obstacle”are typed with the“Shift”key.A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets.The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets.Meanwhile,AvoidPwd outperformed the KbCg,SpIns,and Alphapwd in balancing security and usability.In addition,there are more symbols in the character distribution of AvoidPwd than the other strategies.AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.展开更多
The Internet has penetrated all aspects of human society and has promoted social progress.Cyber-crimes in many forms are commonplace and are dangerous to society and national security.Cybersecurity has become a major ...The Internet has penetrated all aspects of human society and has promoted social progress.Cyber-crimes in many forms are commonplace and are dangerous to society and national security.Cybersecurity has become a major concern for citizens and governments.The Internet functions and software applications play a vital role in cybersecurity research and practice.Most of the cyber-attacks are based on exploits in system or application software.It is of utmost urgency to investigate software security problems.The demand for Wi-Fi applications is proliferating but the security problem is growing,requiring an optimal solution from researchers.To overcome the shortcomings of the wired equivalent privacy(WEP)algorithm,the existing literature proposed security schemes forWi-Fi protected access(WPA)/WPA2.However,in practical applications,the WPA/WPA2 scheme still has some weaknesses that attackers exploit.To destroy a WPA/WPA2 security,it is necessary to get a PSK pre-shared key in pre-shared key mode,or an MSK master session key in the authentication mode.Brute-force cracking attacks can get a phase-shift keying(PSK)or a minimum shift keying(MSK).In real-world applications,many wireless local area networks(LANs)use the pre-shared key mode.Therefore,brute-force cracking of WPA/WPA2-PSK is important in that context.This article proposes a new mechanism to crack theWi-Fi password using a graphical processing unit(GPU)and enhances the efficiency through parallel computing of multiple GPU chips.Experimental results show that the proposed algorithm is effective and provides a procedure to enhance the security of Wi-Fi networks.展开更多
Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices are becoming more popular and security threats are increasing, it is desirable to re...Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices are becoming more popular and security threats are increasing, it is desirable to reduce computational load for these resource-limited devices while still preserving its strong security and convenience for users. In this paper, we propose a new smart-card-based user authenticated key agreement scheme which allows users to memorize passwords, reduces users' device computational load while still preserves its strong security. The proposed scheme effectively improves the computational load of modular exponentiations by 50%, and the security is formally proved.展开更多
An intelligent detecting system based on wireless transmission is designed. Its hardware includes the card reading module, the wireless digital transmission module, the LCD module, the random password keyboard module ...An intelligent detecting system based on wireless transmission is designed. Its hardware includes the card reading module, the wireless digital transmission module, the LCD module, the random password keyboard module and a 16×16 lattice word database based on e-Flash MM36SB020. Its software is a communication protocol between the central control computer and the entrance management base station. To resolve the conflicting problems occurred during the data transmission, a method of delaying time at random is proposed.展开更多
Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et ...Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et al. proposed the first constant-round password-based group key ex- change with different passwords for such net- works. In 2008, Nam et al. discovered the short- comings of the scheme, and modified it. But the works only provide the group key. In this paper, we propose a password-based secure communication scheme for the loT, which could be applied in the battlefield communication systems and support dy- namic group, in which the nodes join or leave. By performing the scheme, the nodes in the heteroge- neous MANET can realize secure broadcast, secure unicast, and secure direct communication across realms. After the analyses, we demonstrate that the scheme is secure and efficient.展开更多
基金the National Natural Science Foundation of China(No.61503051).
文摘As a widely used security device,the electronic passworded locker is designed to protect personal property and space.However,once the password is leaked to an unauthorized person,its security is lost.Here,with the assistance of triboelectric nanogenerators(TENGs),we present an intelligent electronic passworded locker(IEPL)based on unique and personalized security barriers,which can accurately extract users’habits of entering passwords through integrated deep learning.The key of the IEPL adopts the single electrode mode of TENG that accurately recognizes the input behavior of a person based on machine learning,which serves as a reliable,unique,unreproducible gate,with advantages of thin thickness,diversified structure,and simple preparation method.Finally,the proposed IEPL offers a reliable solution for improving the overall security of passworded lockers and extending the application of TENG-based sensors in the smart home.
基金supported by the Joint Funds of National Natural Science Foundation of China(Grant No.U23A20304)the Fund of Laboratory for Advanced Computing and Intelligence Engineering(No.2023-LYJJ-01-033)+1 种基金the Special Funds of Jiangsu Province Science and Technology Plan(Key R&D ProgramIndustryOutlook and Core Technologies)(No.BE2023005-4)the Science Project of Hainan University(KYQD(ZR)-21075).
文摘TarGuess-I is a leading model utilizing Personally Identifiable Information for online targeted password guessing.Due to its remarkable guessing performance,the model has drawn considerable attention in password security research.However,through an analysis of the vulnerable behavior of users when constructing passwords by combining popular passwords with their Personally Identifiable Information,we identified that the model fails to consider popular passwords and frequent substrings,and it uses overly broad personal information categories,with extensive duplicate statistics.To address these issues,we propose an improved password guessing model,TGI-FPR,which incorporates three semantic methods:(1)identification of popular passwords by generating top 300 lists from similar websites,(2)use of frequent substrings as new grammatical labels to capture finer-grained password structures,and(3)further subdivision of the six major categories of personal information.To evaluate the performance of the proposed model,we conducted experiments on six large-scale real-world password leak datasets and compared its accuracy within the first 100 guesses to that of TarGuess-I.The results indicate a 2.65%improvement in guessing accuracy.
文摘“Li Ziqi”is not only a Chinese girl,but also a cultural brand of new media with certain international influence.Currently,she has more than 20 million fans on the YouTube platform.In July 2021,she stopped making works,and then gradually faded from the public eye.Until November 12,2024,she released her new work“Carved Lacquer With Hidden Flowers,Carrying Auspiciousness!”For a while,the whole network was boiling,netizens rushed to tell each other,the video has been played more than 100 million times,and she easily returned to the“top of flow rate”.In today’s ever-changing world,why does her work continue to be popular after she stopped working for 1,200 days?The way of management is worth thinking about.This paper analyzes the Weibo comments data of her first work of comeback,to explore the cultural brand management strategy of new media.
文摘In the digital age, phishing attacks have been a persistent security threat leveraged by traditional password management systems that are not able to verify the authenticity of websites. This paper presents an approach to embedding sophisticated phishing detection within a password manager’s framework, called PhishGuard. PhishGuard uses a Large Language Model (LLM), specifically a fine-tuned BERT algorithm that works in real time, where URLs fed by the user in the credentials are analyzed and authenticated. This approach enhances user security with its provision of real-time protection from phishing attempts. Through rigorous testing, this paper illustrates how PhishGuard has scored well in tests that measure accuracy, precision, recall, and false positive rates.
基金funded by the College-level Characteristic Teaching Material Project(Project No.20220119Z0221)The College Teaching Incubation Project(Project No.20220120Z0220)+3 种基金The Ministry of Education Industry-University Cooperation Collaborative Education Project(Project No.20220163H0211)The Central Universities Basic Scientific Research Fund(Project No.3282024009,20230051Z0114,and 20230050Z0114)The Beijing Higher Education“Undergraduate Teaching Reform and Innovation Project”(Project No.20220121Z0208 and 202110018002)The College Discipline Construction Project(Project No.20230007Z0452 and 20230010Z0452)。
文摘With the increasing demand for information security,traditional single-factor authentication technology can no longer meet security requirements.To this end,this paper proposes a Universal Serial Bus(USB)Key hardware and software system based on a two-factor authentication protocol,aiming to improve the security and reliability of authentication.This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication.The system consists of a host computer and a USB Key device.The host computer interacts with the USB Key through a graphical user interface.The Secure Hash Algorithm 1(SHA-1)and MySQL database are used to implement the authentication function.Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering,and improve the security of authentication.If the corresponding USB Key is not inserted,the system will prompt that the device is not found.Once the USB Key is inserted,user identity is confirmed through two-factor verification,which includes impact/response authentication and static password authentication.
基金Supported by the National Science Foundation for Young Scholars of China(61001091)~~
文摘Because the modified remote user authentication scheme proposed by Shen, Lin and Hwang is insecure, the Shen-Lin-Hwang' s scheme is improved and a new secure remote user authentication scheme based on the bi- linear parings is proposed. Moreover, the effectiveness of the new scheme is analyzed, and it is proved that the new scheme can prevent from all kinds of known attack. The one-way hash function is effective in the new scheme. The new scheme is proved that it has high effectiveness and fast convergence speed. Moreover, the ap- plication of the new scheme is easy and operational.
基金supported by the Basic Science ResearchProgram through the National Research Foundation of Korea funded by the Ministry of Education under Grant No.NRF-2010-0020210
文摘Nowadays, the password-based remote user authentication mechanism using smart card is one of the simplest and convenient authentication ways to ensure secure communications over the public network environments. Recently, Liu et al. proposed an efficient and secure smart card based password authentication scheme. However, we find that Liu et al.’s scheme is vulnerable to the off-line password guessing attack and user impersonation attack. Furthermore, it also cannot provide user anonymity. In this paper, we cryptanalyze Liu et al.’s scheme and propose a security enhanced user authentication scheme to overcome the aforementioned problems. Especially, in order to preserve the user anonymity and prevent the guessing attack, we use the dynamic identity technique. The analysis shows that the proposed scheme is more secure and efficient than other related authentication schemes.
基金Acknowledgements This work was supported by the National Natural ScienceFoundation of China under Grants No. 60873191, No. 60903152, No. 60821001, and the Beijing Natural Science Foundation under Grant No. 4072020.
文摘To achieve privacy and authentication sinmltaneously in mobile applications, various Three-party Password-authenticated key exchange (3PAKE) protocols have been proposed. However, some of these protocols are vulnerable to conventional attacks or have low efficiency so that they cannot be applied to mobile applications. In this paper, we proposed a password-authenticated multiple key exchange protocol for mobile applications using elliptic curve cryptosystem. The proposed protocol can achieve efficiency, reliability, flexibility and scalability at the same time. Compared with related works, the proposed protocol is more suitable and practical for mobile applications.
基金supported in part by the National Natural Science Foundation of China (No. 61803149 and No. 61977021)in part by the Technology Innovation Special Program of Hubei Province (No. 2020AEA008)in part by the Hubei Province Project of Key Research Institute of Humanities and Social Sciences at Universities (Research Center of Information Management for Performance Evaluation)
文摘Identity authentication is the first line of defense for network security.Passwords have been the most widely used authentication method in recent years.Although there are security risks in passwords,they will be the primary method in the future due to their simplicity and low cost.Considering the security and usability of passwords,we propose AvoidPwd,which is a novel mnemonic password generation strategy that is based on keyboard transformation.AvoidPwd helps users customize a“route”to bypass an“obstacle”and choose the characters on the“route”as the final password.The“obstacle”is a certain word using any language and the keys adjacent to the“obstacle”are typed with the“Shift”key.A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets.The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets.Meanwhile,AvoidPwd outperformed the KbCg,SpIns,and Alphapwd in balancing security and usability.In addition,there are more symbols in the character distribution of AvoidPwd than the other strategies.AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.
文摘The Internet has penetrated all aspects of human society and has promoted social progress.Cyber-crimes in many forms are commonplace and are dangerous to society and national security.Cybersecurity has become a major concern for citizens and governments.The Internet functions and software applications play a vital role in cybersecurity research and practice.Most of the cyber-attacks are based on exploits in system or application software.It is of utmost urgency to investigate software security problems.The demand for Wi-Fi applications is proliferating but the security problem is growing,requiring an optimal solution from researchers.To overcome the shortcomings of the wired equivalent privacy(WEP)algorithm,the existing literature proposed security schemes forWi-Fi protected access(WPA)/WPA2.However,in practical applications,the WPA/WPA2 scheme still has some weaknesses that attackers exploit.To destroy a WPA/WPA2 security,it is necessary to get a PSK pre-shared key in pre-shared key mode,or an MSK master session key in the authentication mode.Brute-force cracking attacks can get a phase-shift keying(PSK)or a minimum shift keying(MSK).In real-world applications,many wireless local area networks(LANs)use the pre-shared key mode.Therefore,brute-force cracking of WPA/WPA2-PSK is important in that context.This article proposes a new mechanism to crack theWi-Fi password using a graphical processing unit(GPU)and enhances the efficiency through parallel computing of multiple GPU chips.Experimental results show that the proposed algorithm is effective and provides a procedure to enhance the security of Wi-Fi networks.
基金the National Science Council(No.NSC102-2221-E-260-011)
文摘Authenticated Diffie-Hellman key agreement is quite popular for establishing secure session keys. As resource-limited mobile devices are becoming more popular and security threats are increasing, it is desirable to reduce computational load for these resource-limited devices while still preserving its strong security and convenience for users. In this paper, we propose a new smart-card-based user authenticated key agreement scheme which allows users to memorize passwords, reduces users' device computational load while still preserves its strong security. The proposed scheme effectively improves the computational load of modular exponentiations by 50%, and the security is formally proved.
文摘An intelligent detecting system based on wireless transmission is designed. Its hardware includes the card reading module, the wireless digital transmission module, the LCD module, the random password keyboard module and a 16×16 lattice word database based on e-Flash MM36SB020. Its software is a communication protocol between the central control computer and the entrance management base station. To resolve the conflicting problems occurred during the data transmission, a method of delaying time at random is proposed.
基金supported by National Natural Science Foundation of China(Grant Nos.60873191,60903152,61003286,60821001)
文摘Mobile Ad hoc NETwork (MANET) is a part of the Internet of Things (IoT). In battlefield communication systems, ground soldiers, tanks, and unmanned aerial vehicles comprise a heterogeneous MANET. In 2006, Byun et al. proposed the first constant-round password-based group key ex- change with different passwords for such net- works. In 2008, Nam et al. discovered the short- comings of the scheme, and modified it. But the works only provide the group key. In this paper, we propose a password-based secure communication scheme for the loT, which could be applied in the battlefield communication systems and support dy- namic group, in which the nodes join or leave. By performing the scheme, the nodes in the heteroge- neous MANET can realize secure broadcast, secure unicast, and secure direct communication across realms. After the analyses, we demonstrate that the scheme is secure and efficient.
