The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth...
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based single sign-on (SSO) scheme is enabled by OAuth 2.0, a web...
View ArticleInvestigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and...
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. However, the average user's perception of...
View ArticleTowards Improving the Usability and Security of Web Single Sign-On Systems
OpenID and OAuth are open and lightweight web single sign-on (SSO) protocols that have been adopted by high-profile identity providers (IdPs), such as Facebook, Google, Microsoft, and Yahoo, and...
View ArticleAndroid Rooting: Methods, Detection, and Evasion
Android rooting enables device owners to freely customize their own devices and run useful apps that require root privileges. While useful, rooting weakens the security of Android devices and opens the...
View ArticleDecoupling data-at-rest encryption and smartphone locking with wearable devices
Smartphones store sensitive and confidential data, e.g., business related documents or emails. If a smartphone is stolen, such data are at risk of disclosure. To mitigate this risk, modern smartphones...
View Article
