At the Network & Distributed System Security (NDSS) Symposium 2012 held in San Diego, California from 5-8 Feb, four members of SMU School of Information Systems (SIS) - PhD students Yan Qiang and Han Jin, Assoc Prof Li Yingjiu and Prof Robert Deng, won a Distinguished Paper Award with their co-authored paper, "On Limitations of Designing Leakage-Resilient Password Systems: Attacks, Principles and Usability".
The success of the SIS team marks the first time SMU achieved recognition for research excellence at this leading international conference on information security. Research papers were submitted by 65 top institutions from 13 countries such as the UK, US, Germany, China, France, Korea and Switzerland. Apart from SMU, one other paper by researchers from the University of London was also given the Distinguished Paper Award.
Password has been the dominant means of user authentication since the advent of computers. However, designing leakage-resilient password systems (LRPSs) against shoulder-surfing or keystroke logging remains a challenge today despite two decades of intensive research. The award-winning paper demonstrates that most existing LRPSs suffer from two generic attacks. The SIS authors introduced five design principles and a quantitative analysis framework on the usability costs of LRPSs. Their findings revealed that there is a strong tradeoff between security and usability due to cognitive limitations of human beings and hence the necessity to incorporate a trusted token to design a usable password system for password leakage prevention.
Kudos and warm congratulations to Yan Qiang, Han Jin, Assoc Prof Li and Prof Deng for their accomplishment!
