中文用户口令的大规模实证分
时间,2014.10.31,下午14:30-15:30
地点:新科技楼1012会议室
摘要
Password-based authentication is one of the most widely used methods to authenticate a user before granting accesses to secure websites: it is easy for a user to enter her password anywhere by a keyboard or a touch screen without any other assistant devices. However, the password creation has significant regional features. The password leakage events offer us a chance to know how different patterns different regional passwords have. In this talk, I will introduce our recent research of the empirical study on Chinese Web Passwords, because it is important to understand the password patterns in the Chinese Netizens who are the biggest user group (0ver 600 million) in the world. We found several interesting patterns in Chinese Web passwords, and quantitatively analyze them. Finally, we introduce how to leverage these patterns to improve the efficiency of password guessing.
简介
韩伟力,博士,复旦大学副教授,软件学院副院长,中国电子学会信息安全专家委员会副主任委员,CCF YOCSEF上海副主席。研究方向:访问控制与安全策略、物联网安全、数字身份管理。 1998年毕业于中国科技大学,于2003年在浙江大学计算机系获得博士学位,同年进入复旦大学软件学院,从事教学和科研工作。 2008年9月到2009年9月,前往普渡大学计算机系访学。为国家商用密码管理局RFID工作专项组专家成员,International Journal of Communication Systems副编辑, Security and Communication Networks客座编辑。曾参与组织多个国际重要学术会议 (SecureCom 2013: Publicity Chair;IoT Security Workshop:与Daniel Engels共同主持;IoT 2012:任出版主席) 及担任会议程序委员会委员 (如WWW、IEEE POLICY、ACM DIM等)。近几年在USENIX Security, Computers & Security, IEEE TPDS, Computer Networks等权威会议期刊发表系列高水平论文。