Paper Review: W32.Stuxnet Dossier

In this paper, the authors analyze Stuxnet, an extremely sophisticated computer worm that uses previously unknown Windows vulnerabilities to infect an spread itself. Stuxnet was developed to target the industrial control system of Iran to derail or at least delay their nuclear program. It reprograms the Programmable logic controllers (PLCs) so that the attackers get … Continue reading Paper Review: W32.Stuxnet Dossier →

Paper Review: Keys Under Doormats

Earlier, law enforcement agencies used to lobby to develop software and services in such a way that the agencies have access to all the data, which was later abandoned due to "freedom of internet". But this call for "exceptional" access to data by law agencies has surfaced up again. In this paper, the authors discuss … Continue reading Paper Review: Keys Under Doormats →

Paper Review: The Moral Character of Cryptographic Work

This paper discusses the moral responsibility of cryptographers and their group. Part 1 discusses the social responsibility of Engineers and Scientists where they describe the period after a war and mentions that Engineers and scientists should have moral values in deciding how their work will be used. For example, the scientist can use his work … Continue reading Paper Review: The Moral Character of Cryptographic Work →

Paper Review: SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit

Over the past decade, there have been efforts to develop "Science of Security" which can help in solving some unique challenges faced in the area of security. The authors have reviewed the work both done in the context of history/philosophy and "science". The authors then identify the opportunities which may help driving security research in … Continue reading Paper Review: SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit →

Paper Review: Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks

In this paper, the authors develop a neural network model for password guessing and then show how different architectures, training data, training techniques, and model size affect its guessing effectiveness. These neural networks can be highly compressed to just 100s of kilobytes, without much impacting the performance. They have built a first client-side model which … Continue reading Paper Review: Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks →

Paper Review: The Tangled Web of Password Reuse

This is an extremely interesting paper which investigates how an attacker can use their knowledge of knowing password on one site to guess the password on another site for the same user. Text-based passwords are commonly used across the web. Instead of creating and remembering different passwords across different sites, most of the users reuse … Continue reading Paper Review: The Tangled Web of Password Reuse →

Paper Review: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0

In this paper, the authors argue that even though the user errors contribute to most computer security failures, yet user interfaces for security are almost non-existent. They perform a case study on PGP 5.0, a program that provides security and authentication for data communication. As per their findings, PGP 5.0, even though it has an … Continue reading Paper Review: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0 →

Paper Review: Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness

This paper analyses to what extent, the browser security warnings are effective in practice.  The authors use Mozilla Firefox and Google Chrome browsers to observe over 25 million warning messages in May and June 2013. They have presented the rate at which the users bypass three types of warnings: malware, phishing, and SSL. It is … Continue reading Paper Review: Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness →

Paper Review: Click trajectories: End-to-end analysis of the spam value chain

Although it is widely hated, spam-based advertising is a multi-billion dollar business. Each click on a spam is a series of events, consisting of both technical and business components which provide an infrastructure to monetize a consumer visit. But today, we do not know the answers to even the most basic questions in this entire … Continue reading Paper Review: Click trajectories: End-to-end analysis of the spam value chain →

Paper Review: Spamalytics: An Empirical Analysis of Spam Marketing Conversion

This paper proposes a methodology to measure the "conversion rate" of spam i.e. what is the probability that an unsolicited email will ultimately generate a sale and make money. Out of the basic parameters to measure the spam value, the one to measure the "conversion rate" is the hardest. The only obvious way is to … Continue reading Paper Review: Spamalytics: An Empirical Analysis of Spam Marketing Conversion →