Jihong Chen

Bio: Jihong Chen is an academic researcher from Florida Atlantic University. The author has contributed to research in topics: Password psychology & Password. The author has an hindex of 2, co-authored 2 publications receiving 5 citations.

State based authentication

Abstract: Access to systems that need protection is usually restricted by asking the user to prove her identity and to authenticate. Combination of user name and password (or PIN) is the most common technique used for this purpose. Unfortunately, user-name/password based authentication is vulnerable to various types of password guessing attacks. Some techniques of making password guessing very difficult do exist. With these techniques, policies for very strong passwords can be avoided, however, they usually rely on manual intervention by the security administrator to manually reset the passwords. Such manual steps result in significant expense in large enterprises to deal with password issues. Here we present a novel technique that uses a State Based Authentication method to significantly increase the cost of brute-force and dictionary attack on passwords. When deployed, it has the potential to reduce the cost of password helpdesk significantly by eliminating the need of most password-reset requests.

System, apparatus, and methods for performing state-based authentication

Abstract: A system for authenticating access to a data processing device or database is provided. The system includes a comparison module for comparing an attempt identifier with an account identifier, and a state-determining module for determining a state variable associated with at least one of the attempt identifier and the account identifier. The state-determining module determines the state variable by incrementing the state variable if the attempt identifier does not match the account identifier and if the state variable is less than a predetermined upper bound threshold, decrementing the state variable if the attempt identifier does match the account identifier and if the state variable is greater than a predetermined lower bound threshold, and authenticating the attempt identifier if the attempt identifier does match the account identifier and if the state variable equals the predetermined lower bound threshold.

Data security

Abstract: The need for computer security has grown every year since the creation of computer systems, but yet with such a high demand, there are many systems that are, by no means, adecuetly protected.This paper will discuss the three classes of vulnerabilities of security. The three classes are: those that threaten the physical integrity of the computer installation and its data, those that threaten the loss or compromise of the data from outside the computersite, and those that threaten loss or compromise of data from inside the computer site.The chief physical risk to a computer site is fire, acts of sabotage, industrial accidents, natural disasters, and mechanical or electrial malfunction of the computer system. Outside threats are those people who do not work for a particular firm, but yet wish to gain information about it that is not readily accessible to them. Inside threats come from employees who wish to compromise the computer system weither for gain, accident, or past time. Each one of these topics will be dealt withThe next part of the paper deals with the subject of setting up a security program. The first step in this subject is the study to access the probability of an event occuring, and determining it as either fatal to the business, very serious, moderately serious, relatively unimportant, or seriousness unknown. Some of the security techniques of checks and tests on the system are then discused.

Tethered device systems and methods

Abstract: Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided.

System and method for securely identifying and authenticating devices in a symmetric encryption system

Abstract: The present invention describes a system and method for securely identifying and authenticating devices in a symmetric encryption system. An RFID tag can generate indicators using encryption state variables and a symmetric key. An RFID reader, after receiving the encryption state variables from the tag, may identify the tag by performing an exhaustive key search in a key database. Each key in the database may be tested by using the key and encryption state variables to perform an encryption operation similar to that performed by the tag. The result is then compared with the received tag indicators to determine if the tag has been identified. A rotor-based encryption scheme provides for a low cost key search while providing resilience against cloning, tracking, tampering and replay attacks.

A simulation model of IS security

Abstract: Determination of the actual value of security measures is an area currently undergoing scrutiny by many researchers. One method to determine this is to devise a simulation model that incorporates interactions between an information system, its users and a population of attackers. Initial simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. Policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting IT security policy.