scispace - formally typeset
Search or ask a question
Author

Yajun Guo

Bio: Yajun Guo is an academic researcher from Central China Normal University. The author has contributed to research in topics: Password & Authentication (law). The author has an hindex of 4, co-authored 8 publications receiving 38 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: Optiwords is a new textual-password creation policy that is based on picture superiority effect, which provides users with a direct “drawing-to-text” method for creating user-friendly passwords.

23 citations

Journal ArticleDOI
TL;DR: This work proposes a dynamic personalized password policy (DPPP), which can personally recommend different password policies according to the user’s personality traits, and shows that DPPP is more effective than Basic8 and 3class8 in resisting online and offline guessing attacks.

23 citations

Journal ArticleDOI
TL;DR: This work proposes an authentication scheme suitable for fog computing environment, which implements mutual authentication between fog users and fog devices with the cooperation of incompletely trusted fog servers, and shows that the proposed scheme can resist known attacks.
Abstract: Fog computing can effectively provide a variety of application support for the fast-growing number of Internet of Things devices. However, the unique characteristics of fog computing also bring new security problems, especially the identity authentication in fog computing will face new challenges: Low latency (cloud servers should not be involved in authentication); fog servers are not completely trusted; robustness (no user reregistration is required when a fog server leaves fog) and lightweight (fog devices have constrained resources). In order to solve these problems faced by identity authentication in fog computing, we propose an authentication scheme suitable for fog computing environment, which implements mutual authentication between fog users and fog devices with the cooperation of incompletely trusted fog servers. Formal security analysis using the extended real-or-random (ROR) model shows that the proposed scheme is provably secure, and informal security analysis shows that the proposed scheme can resist known attacks. Compared with existing schemes, the proposed scheme supports more functionality features. In addition, a comparative analysis of the communication costs and calculation costs of various schemes shows that our scheme is more suitable for application in fog computing environment than the existing schemes.

22 citations

Journal ArticleDOI
TL;DR: Zhang et al. as discussed by the authors designed a secure remote user authentication scheme, SecFHome, which supports secure communication at the edge of the network and remote authentication in fog-enabled smart home systems.
Abstract: Fog computing is the best solution for IoT applications with low latency and real-time interaction. Fog can endow smart home with many smart functions and services. One of the most important services is that users can remotely access and control smart devices. Since remote users and smart homes communicate through insecure channels, it is necessary to design a secure and effective remote authentication scheme to guarantee secure communications. The existing authentication schemes designed for smart homes have some security issues and are not suitable for fog-enabled smart home environments. Therefore, this paper designs a secure remote user authentication scheme, SecFHome. It supports secure communication at the edge of the network and remote authentication in fog-enabled smart home systems. Specifically, We present an efficient authentication mode in the fog-enabled environment, which includes the edge negotiation phase and the authentication phase. SecFHome adds updated information to the authenticator, which can verify the message synchronization simultaneously with the authentication, thus improving the authentication efficiency. In addition, SecFHome does not store sensitive information of users and smart devices in the memory of the smart gateway, which can avoid various attacks caused by the compromised gateway. The formal security proof and informal security analysis show that the SecFHome is secure and can resist known attacks. Compared with the related authentication schemes, SecFHome only needs fewer communication costs and computation costs, and achieves more security features.

21 citations

Journal ArticleDOI
TL;DR: Usability results shown that these mnemonic tips exhibit inconsistent memorability, and the strength of passwords created by the 4 tips is stronger than those in the two control groups.

18 citations


Cited by
More filters
24 Oct 2016
TL;DR: This paper found that people do tend to re-use each password on 1.7-3.4 different websites, they reuse passwords that are more complex, and mostly they tend to use passwords that they have to enter frequently.
Abstract: From email to online banking, passwords are an essential component of modern internet use. Yet, users do not always have good password security practices, leaving their accounts vulnerable to attack. We conducted a study which combines self-report survey responses with measures of actual online behavior gathered from 134 participants over the course of six weeks. We find that people do tend to re-use each password on 1.7-3.4 different websites, they reuse passwords that are more complex, and mostly they tend to re-use passwords that they have to enter frequently. We also investigated whether self-report measures are accurate indicators of actual behavior, finding that though people understand password security, their self-reported intentions have only a weak correlation with reality. These findings suggest that users manage the challenge of having many passwords by choosing a complex password on a website where they have to enter it frequently in order to memorize that password, and then re-using that strong password across other websites.

30 citations

Posted Content
Ding Wang1, Ping Wang1
TL;DR: Wang et al. as discussed by the authors conducted an extensive empirical study of 50 password creation policies that are currently imposed on high-profile web services, including 20 policies mainly from US and 30 ones from mainland China.
Abstract: While much has changed in Internet security over the past decades, textual passwords remain as the dominant method to secure user web accounts and they are proliferating in nearly every new web services. Nearly every web services, no matter new or aged, now enforce some form of password creation policy. In this work, we conduct an extensive empirical study of 50 password creation policies that are currently imposed on high-profile web services, including 20 policies mainly from US and 30 ones from mainland China. We observe that no two sites enforce the same password creation policy, there is little rationale under their choices of policies when changing policies, and Chinese sites generally enforce more lenient policies than their English counterparts.

27 citations

Journal ArticleDOI
TL;DR: A privacy-preserving node and message authentication scheme, along with a trust model was developed, which met the VANETs' security requirements and had a lower communication and computation overhead, compared to the other related works.

25 citations

Journal ArticleDOI
TL;DR: Optiwords is a new textual-password creation policy that is based on picture superiority effect, which provides users with a direct “drawing-to-text” method for creating user-friendly passwords.

23 citations

Journal ArticleDOI
TL;DR: This work proposes a dynamic personalized password policy (DPPP), which can personally recommend different password policies according to the user’s personality traits, and shows that DPPP is more effective than Basic8 and 3class8 in resisting online and offline guessing attacks.

23 citations