Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
OAuth 2.0 Redirect URI Validation Falls Short, Literally
ACSAC '23: Proceedings of the 39th Annual Computer Security Applications ConferencePages 256–267https://doi.org/10.1145/3627106.3627140OAuth 2.0 requires a complex redirection trail between websites and Identity Providers (IdPs). In particular, the "redirect URI" parameter included in the popular Authorization Grant Code flow governs the callback endpoint that users are routed to, ...
- research-articleSeptember 2023
User Behavior Analysis for Detecting Compromised User Accounts: A Review Paper
Cybernetics and Information Technologies (CYBAIT), Volume 23, Issue 3Pages 102–113https://doi.org/10.2478/cait-2023-0027AbstractThe rise of online transactions has led to a corresponding increase in online criminal activities. Account takeover attacks, in particular, are challenging to detect, and novel approaches utilize machine learning to identify compromised accounts. ...
- research-articleJuly 2020
Hacksaw: biometric-free non-stop web authentication in an emerging world of wearables
WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile NetworksPages 13–24https://doi.org/10.1145/3395351.3399366The currently deployed web authentication model, involving only entry-point authentication of users, does not do anything to protect against account takeover attacks. Once the attacker has compromised the entry-point authentication method, such as by ...
- research-articleSeptember 2019
Internet Fraud: The Case of Account Takeover in Online Marketplace
HT '19: Proceedings of the 30th ACM Conference on Hypertext and Social MediaPages 181–190https://doi.org/10.1145/3342220.3343651Account takeover is a form of online identity theft where a fraudster gains unauthorized access to an individual's account in a given system. Depending on the system, this unauthorized access can lead to severe consequences of privacy breach and ...
- research-articleMay 2019
Evaluating Login Challenges as aDefense Against Account Takeover
- Periwinkle Doerfler,
- Kurt Thomas,
- Maija Marincenko,
- Juri Ranieri,
- Yu Jiang,
- Angelika Moscicki,
- Damon McCoy
In this paper, we study the efficacy of login challenges at preventing account takeover, as well as evaluate the amount of friction these challenges create for normal users. These secondary authentication factors-presently deployed at Google, Microsoft, ...
- research-articleJanuary 2018
Continuous Authentication Using Eye Movement Response of Implicit Visual Stimuli
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), Volume 1, Issue 4Article No.: 177, Pages 1–22https://doi.org/10.1145/3161410Smart head-worn or head-mounted devices, including smart glasses and Virtual Reality (VR) headsets, are gaining popularity. Online shopping and in-app purchase from such headsets are presenting new e-commerce opportunities to the app developers. For ...