Harsha et al., 2021 - Google Patents
Bicycle attacks considered harmful: Quantifying the damage of widespread password length leakageHarsha et al., 2021
View PDF- Document ID
- 15438249578483502391
- Author
- Harsha B
- Morton R
- Blocki J
- Springer J
- Dark M
- Publication year
- Publication venue
- Computers & Security
External Links
Snippet
This work examines the issue of password length leakage via encrypted traffic ie, bicycle attacks. We aim to quantify both the prevalence of password length leakage bugs as well as the potential harm to users. We discuss several ways in which an eavesdropping attacker …
- 238000004458 analytical method 0 abstract description 34
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
- H04L63/083—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ma et al. | Security flaws in two improved remote user authentication schemes using smart cards | |
| Canard et al. | BlindIDS: Market-compliant and privacy-friendly intrusion detection system over encrypted traffic | |
| Choi et al. | Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems: Case study with KakaoTalk, NateOn and QQ messenger | |
| Shetty et al. | Are you dating danger? An interdisciplinary approach to evaluating the (in) security of android dating apps | |
| Khan et al. | [Retracted] A Robust and Privacy‐Preserving Anonymous User Authentication Scheme for Public Cloud Server | |
| Harsha et al. | Bicycle attacks considered harmful: Quantifying the damage of widespread password length leakage | |
| Hossain et al. | OAuth-SSO: A framework to secure the OAuth-based SSO service for packaged web applications | |
| Hurkała et al. | Architecture of context-risk-aware authentication system for web environments | |
| Zmezm et al. | A Novel Scan2Pass Architecture for Enhancing Security towards E-Commerce | |
| Huber et al. | Who on earth is “Mr. Cypher”: automated friend injection attacks on social networking sites | |
| Kobeissi | An analysis of the protonmail cryptographic architecture | |
| Jurcut et al. | Design requirements to counter parallel session attacks in security protocols | |
| Ahmed et al. | Securing user credentials in web browser: review and suggestion | |
| Sharma et al. | Implementing side-channel attacks on suggest boxes in web applications | |
| Shen et al. | AMOGAP: Defending against man-in-the-middle and offline guessing attacks on passwords | |
| Nash et al. | Security Analysis of Google Authenticator, Microsoft Authenticator, and Authy | |
| Yu et al. | Advanced analysis of email sender spoofing attack and related security problems | |
| Jussila | HTTP cookie weaknesses, attack methods and defense mechanisms: a systematic literature review | |
| Wijitrisnanto et al. | HTTPS contribution in web application security: A systematic literature review | |
| Varshney et al. | Cyber crime awareness and corresponding countermeasures | |
| Joarder et al. | Exploring QUIC Security and Privacy: A Comprehensive Survey on QUIC Security and Privacy Vulnerabilities, Threats, Attacks and Future Research Directions | |
| Bortolameotti | C&C botnet detection over SSL | |
| Azrour et al. | Weakness in Zhang et al.’s authentication protocol for session initiation protocol | |
| Wijkhuizen et al. | Security analysis of the iTasks framework | |
| Harsha | Modeling rational adversaries: Predicting behavior and developing deterrents |