Visible to the public Biblio

Filters: Author is Kikuchi, H.  [Clear All Filters]
2019-02-08
Sasa, K., Kikuchi, H..  2018.  Impact Assessment of Password Reset PRMitM Attack with Two-Factor Authentication. 2018 IEEE Conference on Dependable and Secure Computing (DSC). :1-8.

In 2017, Gelernter et al. identified the ``password-reset man-in-the-middle'' attack, which can take over a user's account during two-factor authentication. In this attack, a password reset request is sent via an SMS message instead of an expected authentication request, and the user enters a reset code at the malicious man-in-the-middle website without recognizing that the code resets the password. Following this publication, most vulnerable websites attempted to remove the vulnerability. However, it is still not clear whether these attempts were sufficient to prevent careless users from being attacked. In this paper, we describe the results of an investigation involving domestic major websites that were vulnerable to this type of attack. To clarify the causes of vulnerability, we conducted experiments with 180 subjects. The SMS-message parameters were ``with/without warning'', ``numeric/alphanumeric code'', and ``one/two messages'', and subjects were tested to see if they input the reset code into the fake website. According to the result of the experiment, we found that the PRMitM risk odds were increased 4.6, 1.86, and 11.59 times higher in a no-warning case, a numeric-only reset code, and a behavior that change passwords very frequently, respectively.

2017-12-20
Yamaguchi, M., Kikuchi, H..  2017.  Audio-CAPTCHA with distinction between random phoneme sequences and words spoken by multi-speaker. 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC). :3071–3076.
Audio-CAPTCHA prevents malicious bots from attacking Web services and provides Web accessibility for visually-impaired persons. Most of the conventional methods employ statistical noise to distort sounds and let users remember and spell the words, which are difficult and laborious work for humans. In this paper, we utilize the difficulty on speaker-independent recognition for ASR machines instead of distortion with statistical noise. Our scheme synthesizes various voices by changing voice speed, pitch and native language of speakers. Moreover, we employ semantic identification problems between random phoneme sequences and meaningful words to release users from remembering and spelling words, so it improves the accuracy of humans and usability. We also evaluated our scheme in several experiments.