scispace - formally typeset
Search or ask a question
Author

Joseph Bonneau

Bio: Joseph Bonneau is an academic researcher from Stanford University. The author has contributed to research in topics: Password & Computer science. The author has an hindex of 37, co-authored 76 publications receiving 8375 citations. Previous affiliations of Joseph Bonneau include University of Wisconsin-Madison & New York University.


Papers
More filters
Proceedings ArticleDOI
20 May 2012
TL;DR: It is concluded that many academic proposals to replace text passwords for general-purpose user authentication on the web have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints.
Abstract: We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals.

914 citations

Proceedings ArticleDOI
17 May 2015
TL;DR: In this paper, the authors provide a systematic exposition of Bit coin and the many related crypto currencies or "altcoins" and identify three key components of BitCoin's design that can be decoupled, which enables a more insightful analysis of Bitcoin's properties and future stability.
Abstract: Bit coin has emerged as the most successful cryptographic currency in history. Within two years of its quiet launch in 2009, Bit coin grew to comprise billions of dollars of economic value despite only cursory analysis of the system's design. Since then a growing literature has identified hidden-but-important properties of the system, discovered attacks, proposed promising alternatives, and singled out difficult future challenges. Meanwhile a large and vibrant open-source community has proposed and deployed numerous modifications and extensions. We provide the first systematic exposition Bit coin and the many related crypto currencies or 'altcoins.' Drawing from a scattered body of knowledge, we identify three key components of Bit coin's design that can be decoupled. This enables a more insightful analysis of Bit coin's properties and future stability. We map the design space for numerous proposed modifications, providing comparative analyses for alternative consensus mechanisms, currency allocation mechanisms, computational puzzles, and key management tools. We survey anonymity issues in Bit coin and provide an evaluation framework for analyzing a variety of privacy-enhancing proposals. Finally we provide new insights on what we term disinter mediation protocols, which absolve the need for trusted intermediaries in an interesting set of applications. We identify three general disinter mediation strategies and provide a detailed comparison.

865 citations

Book
19 Jul 2016
TL;DR: The history and development of Bitcoin and cryptocurrencies are traced, and the conceptual and practical foundations you need to engineer secure software that interacts with the Bitcoin network are given as well as to integrate ideas from Bitcoin into your own projects.
Abstract: Bitcoin and Cryptocurrency Technologies provides a comprehensive introduction to the revolutionary yet often misunderstood new technologies of digital currency. Whether you are a student, software developer, tech entrepreneur, or researcher in computer science, this authoritative and self-contained book tells you everything you need to know about the new global money for the Internet age. How do Bitcoin and its block chain actually work? How secure are your bitcoins? How anonymous are their users? Can cryptocurrencies be regulated? These are some of the many questions this book answers. It begins by tracing the history and development of Bitcoin and cryptocurrencies, and then gives the conceptual and practical foundations you need to engineer secure software that interacts with the Bitcoin network as well as to integrate ideas from Bitcoin into your own projects. Topics include decentralization, mining, the politics of Bitcoin, altcoins and the cryptocurrency ecosystem, the future of Bitcoin, and more. An essential introduction to the new technologies of digital currency Covers the history and mechanics of Bitcoin and the block chain, security, decentralization, anonymity, politics and regulation, altcoins, and much more Features an accompanying website that includes instructional videos for each chapter, homework problems, programming assignments, and lecture slides Also suitable for use with the authors' Coursera online course Electronic solutions manual (available only to professors)

858 citations

Proceedings ArticleDOI
20 May 2012
TL;DR: It is estimated that passwords provide fewer than 10 bits of security against an online, trawling attack, and only about 20 bits ofSecurity against an optimal offline dictionary attack, when compared with a uniform distribution which would provide equivalent security against different forms of guessing attack.
Abstract: We report on the largest corpus of user-chosen passwords ever studied, consisting of anonymized password histograms representing almost 70 million Yahoo! users, mitigating privacy concerns while enabling analysis of dozens of subpopulations based on demographic factors and site usage characteristics. This large data set motivates a thorough statistical treatment of estimating guessing difficulty by sampling from a secret distribution. In place of previously used metrics such as Shannon entropy and guessing entropy, which cannot be estimated with any realistically sized sample, we develop partial guessing metrics including a new variant of guesswork parameterized by an attacker's desired success rate. Our new metric is comparatively easy to approximate and directly relevant for security engineering. By comparing password distributions with a uniform distribution which would provide equivalent security against different forms of guessing attack, we estimate that passwords provide fewer than 10 bits of security against an online, trawling attack, and only about 20 bits of security against an optimal offline dictionary attack. We find surprisingly little variation in guessing difficulty; every identifiable group of users generated a comparably weak password distribution. Security motivations such as the registration of a payment card have no greater impact than demographic factors such as age and nationality. Even proactive efforts to nudge users towards better password choices with graphical feedback make little difference. More surprisingly, even seemingly distant language communities choose the same weak passwords and an attacker never gains more than a factor of 2 efficiency gain by switching from the globally optimal dictionary to a population-specific lists.

711 citations

Book ChapterDOI
01 Jan 2010
TL;DR: A diverse corpus of real-world statistical distributions for likely answer categories such as the names of people, pets, and places is examined and it is found that personal knowledge questions are significantly less secure than graphical or textual passwords.
Abstract: We study the efficiency of statistical attacks on human authentication systems relying on personal knowledge questions. We adapt techniques from guessing theory to measure security against a trawling attacker attempting to compromise a large number of strangers’ accounts. We then examine a diverse corpus of real-world statistical distributions for likely answer categories such as the names of people, pets, and places and find that personal knowledge questions are significantly less secure than graphical or textual passwords. We also demonstrate that statistics can be used to increase security by proactively shaping the answer distribution to lower the prevalence of common responses.

625 citations


Cited by
More filters
01 Jan 2012

3,692 citations

Proceedings ArticleDOI
25 Jun 2017
TL;DR: An overview of blockchain architechture is provided and some typical consensus algorithms used in different blockchains are compared and possible future trends for blockchain are laid out.
Abstract: Blockchain, the foundation of Bitcoin, has received extensive attentions recently. Blockchain serves as an immutable ledger which allows transactions take place in a decentralized manner. Blockchain-based applications are springing up, covering numerous fields including financial services, reputation system and Internet of Things (IoT), and so on. However, there are still many challenges of blockchain technology such as scalability and security problems waiting to be overcome. This paper presents a comprehensive overview on blockchain technology. We provide an overview of blockchain architechture firstly and compare some typical consensus algorithms used in different blockchains. Furthermore, technical challenges and recent advances are briefly listed. We also lay out possible future trends for blockchain.

2,642 citations

Journal ArticleDOI
TL;DR: This article presents an introduction to the Health Belief Model (HBM), which states that the perception of a personal health behavior threat is influenced by at least three factors: general health values, interest and concern about health; specific beliefs about vulnerability to a particular health threat; and beliefs about the consequences of the health problem.
Abstract: This article presents an introduction to the Health Belief Model (HBM). The HBM states that the perception of a personal health behavior threat is influenced by at least three factors: general health values, interest and concern about health; specific beliefs about vulnerability to a particular health threat; and beliefs about the consequences of the health problem. Once an individual perceives a threat to his health and is simultaneously cued to action, if his perceived benefits outweighs his perceived costs, then the individual is most likely to undertake the recommended preventive health action. Key words: health promotion, health belief model, perceived susceptibility, perceived severity, perceived benefits, perceived barriers, cues to action, self-efficacy. Content available only in Romanian.

2,163 citations

Journal ArticleDOI
TL;DR: The blockchain taxonomy is given, the typical blockchain consensus algorithms are introduced, typical blockchain applications are reviewed, and the future directions in the blockchain technology are pointed out.
Abstract: Blockchain has numerous benefits such as decentralisation, persistency, anonymity and auditability. There is a wide spectrum of blockchain applications ranging from cryptocurrency, financial services, risk management, internet of things (IoT) to public and social services. Although a number of studies focus on using the blockchain technology in various application aspects, there is no comprehensive survey on the blockchain technology in both technological and application perspectives. To fill this gap, we conduct a comprehensive survey on the blockchain technology. In particular, this paper gives the blockchain taxonomy, introduces typical blockchain consensus algorithms, reviews blockchain applications and discusses technical challenges as well as recent advances in tackling the challenges. Moreover, this paper also points out the future directions in the blockchain technology.

1,928 citations