Markus Jakobsson | Qualcomm inc (original) (raw)
Papers by Markus Jakobsson
This chapter focuses on identity manipulation tactics in email and Web pages. It describes the ef... more This chapter focuses on identity manipulation tactics in email and Web pages. It describes the effects of features ranging from URL plausibility to trust endorsement graphics on a population of 398 subjects. The experiment presents these trust indicators in a variety of stimuli, since reactions vary according to context. In addition to testing specific features, the test gauges the potential of a tactic that spoofs third-party contractors rather than a brand itself. The results show that indeed graphic design can change authenticity evaluations and that its impact varies with context. We expected that authenticity-inspiring design changes would have the opposite effect when paired with an unreasonable request, but our data suggest that narrative strength, rather than underlying legitimacy, limits the impact of graphic design on trust and that these authenticity-inspiring design features improve trust in both legitimate and illegitimate media. Thus, it is not what is said that matters but how it is said: An eloquently stated unreasonable request is more convincing than a poorly phrased but quite reasonable request.
IEEE Security & Privacy, Mar 1, 2020
The foundation for a structural change that improves privacy is presented in this article. This a... more The foundation for a structural change that improves privacy is presented in this article. This approach constitutes an important alternative to increased regulation and an opportunity for big data companies to improve their image in the eyes of the public.
Journal of Cryptology, Aug 2, 2005
John Wiley & Sons, Inc. eBooks, Jul 9, 2012
IACR Cryptology ePrint Archive, 2018
More than ten years ago, a devastating data substitution attack was shown to successfully comprom... more More than ten years ago, a devastating data substitution attack was shown to successfully compromise all previously proposed remote attestation techniques. In fact, the authors went further than simply attacking previously proposed methods: they called into question whether it is theoretically possible for remote attestation methods to exist in face of their attack. Subsequently, it has been shown that it is possible, by relying on self-modifying code. We show that it is possible to create remote attestation that is secure against all data substitution attacks, without relying on self-modifying code. Our proposed method relies on a construction of the checksum process that forces frequent L2 cache overflows if any data substitution attack takes place.
Springer eBooks, 2016
References to various copyrighted trademarks, servicemarks, marks and registered marks may appear... more References to various copyrighted trademarks, servicemarks, marks and registered marks may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image, this book uses the names, logos, and images only in an editorial fashion with no intention of infringement of the trademark.
Lecture Notes in Computer Science, 2002
In most password-authenticated key exchange systems there is a single server storing password ver... more In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values), rather than the password itself. However, if the server is compromised, this password verification data can be used to perform an offline dictionary attack on the user's password. In this paper we propose an efficient password-authenticated key exchange system involving a set of servers, in which a certain threshold of servers must participate in the authentication of a user, and in which the compromise of any fewer than that threshold of servers does not allow an attacker to perform an offline dictionary attack. We prove our system is secure in the random oracle model under the Decision Diffie-Hellman assumption against an attacker that may eavesdrop on, insert, delete, or modify messages between the user and servers, and that compromises fewer than that threshold of servers.
arXiv (Cornell University), Jan 16, 2020
Attackers increasingly, and with high success rates, use social engineering techniques to circumv... more Attackers increasingly, and with high success rates, use social engineering techniques to circumvent second factor authentication (2FA) technologies, compromise user accounts and sidestep fraud detection technologies. We introduce a social engineering resistant approach that we term device-aware 2FA 1 , to replace the use of traditional security codes.
raud isn't new, but in the eyes of many experts, phishing and crimeware threaten to topple societ... more raud isn't new, but in the eyes of many experts, phishing and crimeware threaten to topple society's overall stability because they erode trust in its underlying computational infrastructure. Most people agree that phishing and crimeware must be fought,
Computer Fraud & Security, 2018
Deception is rapidly on the rise on the Internet, and email is the attack vector of choice for a ... more Deception is rapidly on the rise on the Internet, and email is the attack vector of choice for a broad array of attacks, including ransomware distribution, enterprise-facing cons, and mass-deployed phishing attacks. It is widely believed that this is due to the ubiquity of email and the limited extent to which relevant email security measures have been rolled out. The most troubling type of attack is the targeted attack, in which the attacker poses as somebody the intended victim knows. There are three common ways used by attackers to masquerade as somebody trusted: spoofing, look-alike domain attacks and display name attacks. We collectively refer to these as impersonation attacks.
Wiley eBooks, May 18, 2006
Lecture Notes in Computer Science, 2010
We introduce a model for electronic election schemes that involves a more powerful adversary than... more We introduce a model for electronic election schemes that involves a more powerful adversary than in previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be coercion-resistant if it is infeasible for the adversary to determine whether a coerced voter complies with the demands. A first contribution of this paper is to describe and characterize a new and strengthened adversary for coercion in elections. (In doing so, we additionally present what we believe to be the first formal security definitions for electronic elections of any type.) A second contribution is to demonstrate a protocol that is secure against this adversary. While it is clear that a strengthening of attack models is of theoretical relevance, it is important to note that our results lie close to practicality. This is true both in that we model real-life threats (such as vote-buying and vote-cancelling), and in that our proposed protocol combines a fair degree of efficiency with an unusual lack of structural complexity. Furthermore, while previous schemes have required use of an untappable channel, ours only carries the much more practical requirement of an anonymous channel.
John Wiley & Sons, Inc. eBooks, Feb 15, 2007
The Distributed Computing Column covers the theory of systems that are composed of a number of in... more The Distributed Computing Column covers the theory of systems that are composed of a number of interacting computing elements. These include problems of communication and networking, databases, distributed shared memory, multiprocessor architectures, operating systems, verification, Internet, and the Web. This issue consists of: • "Delayed Password Disclosure," by Markus Jakobsson and Steven Myers. Many thanks to them for their contribution to this issue. Request for Collaborations: Please send me any suggestions for material I should be including in this column, including news and communications, open problems, and authors willing to write a guest column or to review an event related to theory of distributed computing.
This chapter focuses on identity manipulation tactics in email and Web pages. It describes the ef... more This chapter focuses on identity manipulation tactics in email and Web pages. It describes the effects of features ranging from URL plausibility to trust endorsement graphics on a population of 398 subjects. The experiment presents these trust indicators in a variety of stimuli, since reactions vary according to context. In addition to testing specific features, the test gauges the potential of a tactic that spoofs third-party contractors rather than a brand itself. The results show that indeed graphic design can change authenticity evaluations and that its impact varies with context. We expected that authenticity-inspiring design changes would have the opposite effect when paired with an unreasonable request, but our data suggest that narrative strength, rather than underlying legitimacy, limits the impact of graphic design on trust and that these authenticity-inspiring design features improve trust in both legitimate and illegitimate media. Thus, it is not what is said that matters but how it is said: An eloquently stated unreasonable request is more convincing than a poorly phrased but quite reasonable request.
IEEE Security & Privacy, Mar 1, 2020
The foundation for a structural change that improves privacy is presented in this article. This a... more The foundation for a structural change that improves privacy is presented in this article. This approach constitutes an important alternative to increased regulation and an opportunity for big data companies to improve their image in the eyes of the public.
Journal of Cryptology, Aug 2, 2005
John Wiley & Sons, Inc. eBooks, Jul 9, 2012
IACR Cryptology ePrint Archive, 2018
More than ten years ago, a devastating data substitution attack was shown to successfully comprom... more More than ten years ago, a devastating data substitution attack was shown to successfully compromise all previously proposed remote attestation techniques. In fact, the authors went further than simply attacking previously proposed methods: they called into question whether it is theoretically possible for remote attestation methods to exist in face of their attack. Subsequently, it has been shown that it is possible, by relying on self-modifying code. We show that it is possible to create remote attestation that is secure against all data substitution attacks, without relying on self-modifying code. Our proposed method relies on a construction of the checksum process that forces frequent L2 cache overflows if any data substitution attack takes place.
Springer eBooks, 2016
References to various copyrighted trademarks, servicemarks, marks and registered marks may appear... more References to various copyrighted trademarks, servicemarks, marks and registered marks may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image, this book uses the names, logos, and images only in an editorial fashion with no intention of infringement of the trademark.
Lecture Notes in Computer Science, 2002
In most password-authenticated key exchange systems there is a single server storing password ver... more In most password-authenticated key exchange systems there is a single server storing password verification data. To provide some resilience against server compromise, this data typically takes the form of a one-way function of the password (and possibly a salt, or other public values), rather than the password itself. However, if the server is compromised, this password verification data can be used to perform an offline dictionary attack on the user's password. In this paper we propose an efficient password-authenticated key exchange system involving a set of servers, in which a certain threshold of servers must participate in the authentication of a user, and in which the compromise of any fewer than that threshold of servers does not allow an attacker to perform an offline dictionary attack. We prove our system is secure in the random oracle model under the Decision Diffie-Hellman assumption against an attacker that may eavesdrop on, insert, delete, or modify messages between the user and servers, and that compromises fewer than that threshold of servers.
arXiv (Cornell University), Jan 16, 2020
Attackers increasingly, and with high success rates, use social engineering techniques to circumv... more Attackers increasingly, and with high success rates, use social engineering techniques to circumvent second factor authentication (2FA) technologies, compromise user accounts and sidestep fraud detection technologies. We introduce a social engineering resistant approach that we term device-aware 2FA 1 , to replace the use of traditional security codes.
raud isn't new, but in the eyes of many experts, phishing and crimeware threaten to topple societ... more raud isn't new, but in the eyes of many experts, phishing and crimeware threaten to topple society's overall stability because they erode trust in its underlying computational infrastructure. Most people agree that phishing and crimeware must be fought,
Computer Fraud & Security, 2018
Deception is rapidly on the rise on the Internet, and email is the attack vector of choice for a ... more Deception is rapidly on the rise on the Internet, and email is the attack vector of choice for a broad array of attacks, including ransomware distribution, enterprise-facing cons, and mass-deployed phishing attacks. It is widely believed that this is due to the ubiquity of email and the limited extent to which relevant email security measures have been rolled out. The most troubling type of attack is the targeted attack, in which the attacker poses as somebody the intended victim knows. There are three common ways used by attackers to masquerade as somebody trusted: spoofing, look-alike domain attacks and display name attacks. We collectively refer to these as impersonation attacks.
Wiley eBooks, May 18, 2006
Lecture Notes in Computer Science, 2010
We introduce a model for electronic election schemes that involves a more powerful adversary than... more We introduce a model for electronic election schemes that involves a more powerful adversary than in previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be coercion-resistant if it is infeasible for the adversary to determine whether a coerced voter complies with the demands. A first contribution of this paper is to describe and characterize a new and strengthened adversary for coercion in elections. (In doing so, we additionally present what we believe to be the first formal security definitions for electronic elections of any type.) A second contribution is to demonstrate a protocol that is secure against this adversary. While it is clear that a strengthening of attack models is of theoretical relevance, it is important to note that our results lie close to practicality. This is true both in that we model real-life threats (such as vote-buying and vote-cancelling), and in that our proposed protocol combines a fair degree of efficiency with an unusual lack of structural complexity. Furthermore, while previous schemes have required use of an untappable channel, ours only carries the much more practical requirement of an anonymous channel.
John Wiley & Sons, Inc. eBooks, Feb 15, 2007
The Distributed Computing Column covers the theory of systems that are composed of a number of in... more The Distributed Computing Column covers the theory of systems that are composed of a number of interacting computing elements. These include problems of communication and networking, databases, distributed shared memory, multiprocessor architectures, operating systems, verification, Internet, and the Web. This issue consists of: • "Delayed Password Disclosure," by Markus Jakobsson and Steven Myers. Many thanks to them for their contribution to this issue. Request for Collaborations: Please send me any suggestions for material I should be including in this column, including news and communications, open problems, and authors willing to write a guest column or to review an event related to theory of distributed computing.