Anupam Das scite author profile

Abstract-Today's Internet services rely heavily on text-based passwords for user authentication. The pervasiveness of these services coupled with the difficulty of remembering large numbers of secure passwords tempts users to reuse passwords at multiple sites. In this paper, we investigate for the first time how an attacker can leverage a known password from one site to more easily guess that user's password at other sites. We study several hundred thousand leaked passwords from eleven web sites and conduct a user survey on password reuse; we estimate that 43-51% of users reuse the same password across multiple sites. We further identify a few simple tricks users often employ to transform a basic password between sites which can be used by an attacker to make password guessing vastly easier. We develop the first cross-site password-guessing algorithm, which is able to guess 30% of transformed passwords within 100 attempts compared to just 14% for a standard password-guessing algorithm without cross-site password knowledge.

show abstract

Adaptation to High Ethanol Reveals Complex Evolutionary Pathways

Voordeckers

et al. 2015

View full text Add to dashboard Cite

Tolerance to high levels of ethanol is an ecologically and industrially relevant phenotype of microbes, but the molecular mechanisms underlying this complex trait remain largely unknown. Here, we use long-term experimental evolution of isogenic yeast populations of different initial ploidy to study adaptation to increasing levels of ethanol. Whole-genome sequencing of more than 30 evolved populations and over 100 adapted clones isolated throughout this two-year evolution experiment revealed how a complex interplay of de novo single nucleotide mutations, copy number variation, ploidy changes, mutator phenotypes, and clonal interference led to a significant increase in ethanol tolerance. Although the specific mutations differ between different evolved lineages, application of a novel computational pipeline, PheNetic, revealed that many mutations target functional modules involved in stress response, cell cycle regulation, DNA repair and respiration. Measuring the fitness effects of selected mutations introduced in non-evolved ethanol-sensitive cells revealed several adaptive mutations that had previously not been implicated in ethanol tolerance, including mutations in PRT1, VPS70 and MEX67. Interestingly, variation in VPS70 was recently identified as a QTL for ethanol tolerance in an industrial bio-ethanol strain. Taken together, our results show how, in contrast to adaptation to some other stresses, adaptation to a continuous complex and severe stress involves interplay of different evolutionary mechanisms. In addition, our study reveals functional modules involved in ethanol resistance and identifies several mutations that could help to improve the ethanol tolerance of industrial yeasts.

show abstract

SecuredTrust: A Dynamic Trust Computation Model for Secured Communication in Multiagent Systems

Das

Islam

2012

IEEE Trans. Dependable and Secure Comput.

195

100

View full text Add to dashboard Cite

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses

Das

Borisov

Caesar

2016

View full text Add to dashboard Cite

Abstract-Modern smartphones contain motion sensors, such as accelerometers and gyroscopes. These sensors have many useful applications; however, they can also be used to uniquely identify a phone by measuring anomalies in the signals, which are a result of manufacturing imperfections. Such measurements can be conducted surreptitiously by web page publishers or advertisers and can thus be used to track users across applications, websites, and visits.We analyze how well sensor fingerprinting works under realworld constraints. We first develop a highly accurate fingerprinting mechanism that combines multiple motion sensors and makes use of inaudible audio stimulation to improve detection. We evaluate this mechanism using measurements from a large collection of smartphones, in both lab and public conditions. We then analyze techniques to mitigate sensor fingerprinting either by calibrating the sensors to eliminate the signal anomalies, or by adding noise that obfuscates the anomalies. We evaluate the impact of calibration and obfuscation techniques on the classifier accuracy; we also look at how such mitigation techniques impact the utility of the motion sensors.

show abstract

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting

Melicher

Das

Sharif

et al. 2018

View full text Add to dashboard Cite

Cross-site scripting (XSS) vulnerabilities are the most frequently reported web application vulnerability. As complex JavaScript applications become more widespread, DOM (Document Object Model) XSS vulnerabilities-a type of XSS vulnerability where the vulnerability is located in client-side JavaScript, rather than server-side code-are becoming more common. As the first contribution of this work, we empirically assess the impact of DOM XSS on the web using a browser with taint tracking embedded in the JavaScript engine. Building on the methodology used in a previous study that crawled popular websites, we collect a current dataset of potential DOM XSS vulnerabilities. We improve on the methodology for confirming XSS vulnerabilities, and using this improved methodology, we find 83% more vulnerabilities than previous methodology applied to the same dataset. As a second contribution, we identify the causes of and discuss how to prevent DOM XSS vulnerabilities. One example of our findings is that custom HTML templating designs-a design pattern that could prevent DOM XSS vulnerabilities analogous to parameterized SQL-can be buggy in practice, allowing DOM XSS attacks. As our third contribution, we evaluate the error rates of three static-analysis tools to detect DOM XSS vulnerabilities found with dynamic analysis techniques using in-the-wild examples. We find static-analysis tools to miss 90% of bugs found by our dynamic analysis, though some tools can have very few false positives and at the same time find vulnerabilities not found using the dynamic analysis.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Anupam Das

The Tangled Web of Password Reuse

Adaptation to High Ethanol Reveals Complex Evolutionary Pathways

SecuredTrust: A Dynamic Trust Computation Model for Secured Communication in Multiagent Systems

Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses

Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting

Contact Info

Product

Resources

About