International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR Local Search

Possible queries include homomorphic author:david.
Found 19000 results
Browsers Defenses Against Phishing, Spoofing and Malware
Amir Herzberg
Web users are increasingly victims of phishing, spoofing and malware attacks. In this article, we discuss existing and proposed defense mechanisms. We highlight the vulnerabilities of current defenses, and the challenges of...
last revised 12 Sep 2006
Security and Identification Indicators for Browsers against Spoofing and Phishing Attacks
Amir Herzberg Ahmad Gbara
In spite of the use of standard web security measures (SSL/TLS), users enter sensitive information such as passwords into scam web sites. Such scam sites cause substantial damages to individuals and corporations. In this work,...
last revised 3 Sep 2006
Off-Path Hacking: The Illusion of Challenge-Response Authentication
Yossi Gilad Amir Herzberg Haya Shulman
Everyone is concerned about Internet security, yet most traffic is not cryptographically protected. Typical justification is that most attackers are off-path and cannot intercept traffic; hence, intuitively, challenge-response...
received 26 Sep 2013
Amir Herzberg
Bar Ilan University
Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception
Luka Malisa Kari Kostiainen Srdjan Capkun
Mobile application spoofing is an attack where a malicious mobile application mimics the visual appearance of another one. If such an attack is successful, the integrity of what the user sees as well as the confidentiality of...
last revised 9 Jan 2017
Probabilistic and Considerate Attestation of IoT Devices against Roving Malware
Xavier Carpent Norrathep Rattanavipanon Gene Tsudik
Remote Attestation (RA) is a popular means of detecting malware presence (or verifying its absence) on embedded and IoT devices. It is especially relevant to low-end devices that are incapable of protecting themselves against...
last revised 18 Dec 2017
Provable Virus Detection: Using the Uncertainty Principle to Protect Against Malware
Richard J. Lipton Rafail Ostrovsky Vassilis Zikas
Protecting software from malware injection is the holy grail of modern computer security. Despite intensive efforts by the scientific and engineering community, the number of successful attacks continues to increase. We have...
received 20 Jul 2015
Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware
Jong Youl Choi Philippe Golle Markus Jakobsson
We introduce the notion of tamper-evidence for digital signature generation in order to defend against attacks aimed at covertly leaking secret information held by corrupted network nodes. This is achieved by letting observers...
received 23 May 2005
Distributed Phishing Attacks
Markus Jakobsson Adam Young
We identify and describe a new type of phishing attack that circumvents what is probably today's most efficient defense mechanism in the war against phishing, namely the shutting down of sites run by the phisher. This attack...
received 25 Mar 2005
Single Password Authentication
Tolga Acar Mira Belenkiy Alptekin Küpçü
Users frequently reuse their passwords when authenticating to various online services. Combined with the use of weak passwords or honeypot/phishing attacks, this brings high risks to the security of the user's account...
last revised 11 Jun 2013
Committing Encryption and Publicly-Verifiable SignCryption
Yitchak Gertner Amir Herzberg
Encryption is often conceived as a committing process, in the sense that the ciphertext may serve as a commitment to the plaintext. But this does not follow from the standard definitions of secure encryption. We define and...
received 17 Dec 2003
Towards Adoption of DNSSEC: Availability and Security Challenges
Amir Herzberg Haya Shulman
DNSSEC deployment is long overdue; however, it seems to be finally taking off. Recent cache poisoning attacks motivate protecting DNS, with strong cryptography, rather than with challenge-response ‘defenses’. Our goal is to...
last revised 10 May 2013
PillarBox: Combating next-generation malware with fast forward-secure logging
Kevin D. Bowers Catherine Hart Ari Juels Nikos Triandopoulos
Security analytics is a catchall term for vulnerability assessment in large organizations capturing a new emerging approach to intrusion detection. It leverages a combination of automated and manual analysis of security logs...
last revised 23 Oct 2014
Cut and Paste Attacks with Java
Serge Lefranc David Naccache
This paper describes malicious applets that use Java's sophisticated graphic features to rectify the browser's padlock area and cover the address bar with a false https domain name. The attack was successfully tested on...
last revised 27 Jan 2002
Efficient Unobservable Anonymous Reporting against Strong Adversaries
Nethanel Gelernter Amir Herzberg
We present DURP, a decentralized protocol for unobservable, anonymous reporting to an untrusted destination, with low latency and overhead. DURP provably ensures strong anonymity properties, as required for some applications...
last revised 26 Aug 2013
ADIoT 2018: International Workshop on Attacks and Defenses for Internet-of-Things
Beijing, China, 30 May - 1 June 2018
Event date: 30 May to 1 June 2018 Submission deadline: 5 March 2018 Notification: 26 March 2018
On the Construction of Authentication Codes With Secrecy and Codes Withstanding Spoofing Attacks of Order L >= 2
Ben J. M. Smeets Peter Vanroose Zhe-xian Wan
Eurocrypt 1990
Malware encryption schemes - rerandomizable ciphertexts encrypted using environmental keys
Herman Galteland Kristian Gjøsteen
Protecting malware using encryption prevents an analyst, defending some computer(s) in the network, from analyzing the malicious code and identifying the intentions of the malware author. We discuss malware encryption schemes...
received 10 Oct 2017
Environmental Authentication in Malware
Jeremy Blackthorne Benjamin Kaiser Benjamin Fuller Bulent Yener
Malware needs to execute on a target machine while simultaneously keeping its payload confidential from a malware analyst. Standard encryption can be used to ensure the confidentiality, but it does not address the problem of...
last revised 24 Sep 2017
Non-invasive Spoofing Attacks for Anti-lock Braking Systems
Yasser Shoukry Paul Martin Paulo Tabuada Mani B. Srivastava
Ches 2013
Next ►