Other affiliations: Harbin Engineering University, Peking University, Nankai University ...read more
Bio: Ding Wang is an academic researcher from Kunming University of Science and Technology. The author has contributed to research in topics: Password & Authentication. The author has an hindex of 29, co-authored 130 publications receiving 3780 citations. Previous affiliations of Ding Wang include Harbin Engineering University & Peking University.
TL;DR: The present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which is believed to facilitate better design of anonymousTwo-factor protocols that offer acceptable trade-offs among usability, security and privacy.
Abstract: Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.’s scheme and Li’s scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.
TL;DR: This paper proposes a biometrics-based authentication scheme for multiserver environment using elliptic curve cryptography and demonstrates the completeness of the proposed scheme using the Burrows-Abadi-Needham logic.
Abstract: The authentication scheme is an important cryptographic mechanism, through which two communication parties could authenticate each other in the open network environment To satisfy the requirement of practical applications, many authentication schemes using passwords and smart cards have been proposed However, passwords might be divulged or forgotten, and smart cards might be shared, lost, or stolen In contrast, biometric methods, such as fingerprints or iris scans, have no such drawbacks Therefore, biometrics-based authentication schemes gain wide attention In this paper, we propose a biometrics-based authentication scheme for multiserver environment using elliptic curve cryptography To the best of our knowledge, the proposed scheme is the first truly three-factor authenticated scheme for multiserver environment We also demonstrate the completeness of the proposed scheme using the Burrows–Abadi–Needham logic
TL;DR: In this paper, a security model that can accurately capture the practical capabilities of an adversary is defined and a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum.
Abstract: As the most prevailing two-factor authentication mechanism, smart-card-based password authentication has been a subject of intensive research in the past two decades, and hundreds of this type of schemes have wave upon wave been proposed. In most of these studies, there is no comprehensive and systematical metric available for schemes to be assessed objectively, and the authors present new schemes with assertions of the superior aspects over previous ones, while overlooking dimensions on which their schemes fare poorly. Unsurprisingly, most of them are far from satisfactory—either are found short of important security goals or lack of critical properties, especially being stuck with the security-usability tension. To overcome this issue, in this work we first explicitly define a security model that can accurately capture the practical capabilities of an adversary and then suggest a broad set of twelve properties framed as a systematic methodology for comparative evaluation, allowing schemes to be rated across a common spectrum. As our main contribution, a new scheme is advanced to resolve the various issues arising from user corruption and server compromise, and it is formally proved secure under the harshest adversary model so far. In particular, by integrating “honeywords”, traditionally the purview of system security, with a “fuzzy-verifier”, our scheme hits “two birds”: it not only eliminates the long-standing security-usability conflict that is considered intractable in the literature, but also achieves security guarantees beyond the conventional optimal security bound.
••24 Oct 2016
TL;DR: TarGuess, a framework that systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker, is proposed to design novel and efficient guessing algorithms.
Abstract: While trawling online/offline password guessing has been intensively studied, only a few studies have examined targeted online guessing, where an attacker guesses a specific victim's password for a service, by exploiting the victim's personal information such as one sister password leaked from her another account and some personally identifiable information (PII). A key challenge for targeted online guessing is to choose the most effective password candidates, while the number of guess attempts allowed by a server's lockout or throttling mechanisms is typically very small. We propose TarGuess, a framework that systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker. These models allow us to design novel and efficient guessing algorithms. Extensive experiments on 10 large real-world password datasets show the effectiveness of TarGuess. Particularly, TarGuess I~IV capture the four most representative scenarios and within 100 guesses: (1) TarGuess-I outperforms its foremost counterpart by 142% against security-savvy users and by 46% against normal users; (2) TarGuess-II outperforms its foremost counterpart by 169% on security-savvy users and by 72% against normal users; and (3) Both TarGuess-III and IV gain success rates over 73% against normal users and over 32% against security-savvy users. TarGuess-III and IV, for the first time, address the issue of cross-site online guessing when given the victim's one sister password and some PII.
TL;DR: Li et al. as discussed by the authors proposed two Zipf-like models (i.e., PDF-Zipf and CDF-ZipF) to characterize the distribution of passwords and proposed a new metric for measuring the strength of password data sets.
Abstract: Despite three decades of intensive research efforts, it remains an open question as to what is the underlying distribution of user-generated passwords. In this paper, we make a substantial step forward toward understanding this foundational question. By introducing a number of computational statistical techniques and based on 14 large-scale data sets, which consist of 113.3 million real-world passwords, we, for the first time, propose two Zipf-like models (i.e., PDF-Zipf and CDF-Zipf) to characterize the distribution of passwords. More specifically, our PDF-Zipf model can well fit the popular passwords and obtain a coefficient of determination larger than 0.97; our CDF-Zipf model can well fit the entire password data set, with the maximum cumulative distribution function (CDF) deviation between the empirical distribution and the fitted theoretical model being 0.49%~4.59% (on an average 1.85%). With the concrete knowledge of password distributions, we suggest a new metric for measuring the strength of password data sets. Extensive experimental results show the effectiveness and general applicability of the proposed Zipf-like models and security metric.
TL;DR: This Review introduces several typical energy storage systems, including thermal, mechanical, electromagnetic, hydrogen, and electrochemical energy storage, and the current status of high-performance hydrogen storage materials for on-board applications and electrochemicals for lithium-ion batteries and supercapacitors.
Abstract: [Liu, Chang; Li, Feng; Ma, Lai-Peng; Cheng, Hui-Ming] Chinese Acad Sci, Inst Met Res, Shenyang Natl Lab Mat Sci, Shenyang 110016, Peoples R China.;Cheng, HM (reprint author), Chinese Acad Sci, Inst Met Res, Shenyang Natl Lab Mat Sci, 72 Wenhua Rd, Shenyang 110016, Peoples R China;firstname.lastname@example.org
TL;DR: In this paper, the performance characteristics of transition metal oxides based on the α-NaFeO 2, spinel and olivine structures have been compared and approaches for improving their performances have been proposed.
Abstract: One of the challenges for improving the performance of lithium ion batteries to meet increasingly demanding requirements for energy storage is the development of suitable cathode materials. Cathode materials must be able to accept and release lithium ions repeatedly (for recharging) and quickly (for high current). Transition metal oxides based on the α-NaFeO 2 , spinel and olivine structures have shown promise, but improvements are needed to reduce cost and extend effective lifetime. In this paper, recent developments in cathode materials for lithium ion batteries are reviewed. This includes comparison of the performance characteristics of the promising cathode materials and approaches for improving their performances.
TL;DR: LiFePO4 is a competitive candidate of cathode material for the next generation of a green and sustainable lithium-ion battery system due to its long life span, abundant resources, low toxicity, and high thermal stability.
Abstract: The olivine LiFePO4 now stands as a competitive candidate of cathode material for the next generation of a green and sustainable lithium-ion battery system due to its long life span, abundant resources, low toxicity, and high thermal stability. In this review, we focus on LiFePO4 and discuss its structure, synthesis, electrochemical behavior, mechanism, and the problems encountered in its application. The major goal is to highlight some recent development of LiFePO4 with high rate capability, high energy density, and excellent cyclability resulting from conductive coating, nanocrystallization, or preparation.
TL;DR: LiNi0.6Co0.2Mn 0.2O2 (NCM) is a highly potential cathode material for lithium-ion batteries (LIBs), but its poor rate capability and cycling performance at high cutoff voltages have seriously hindered further commercialization.
Abstract: LiNi0.6Co0.2Mn0.2O2 (NCM) is a highly potential cathode material for lithium-ion batteries (LIBs). However, its poor rate capability and cycling performance at high cutoff voltages have seriously hindered further commercialization. In this study, we successfully design an ultra-thin lithium aluminum oxide (LiAlO2) coating on NCM for LIBs. Compared to Al2O3, the utilization of lithium-ion conducting LiAlO2 significantly improves the NCM performance at high cutoff voltages of 4.5/4.7 V. The study reveals that the LiAlO2-coated NCM can maintain a reversible capacity of more than 149 mA h g−1 after 350 cycles with 0.078% decay per cycle. Furthermore, LiAlO2-coated NCM exhibits higher rate capacities [206.8 mA h g−1 at 0.2 C (50 mA g−1) and 142 mA h g−1 at 3 C] than the Al2O3-coated NCM (196.9 mA h g−1 at 0.2 C and 131.9 mA h g−1 at 3 C). Our study demonstrates that the ultra-thin LiAlO2 coating is superior to Al2O3 and significantly improves the capacity retention and rate capability of NCM for LIBs.