(1) RFID Security

(1)  RFID Security

(a)  Spiekermann, S. 2009. RFID and privacy: what consumers really want and fear. Personal Ubiquitous Comput. 13, 6 (Aug. 2009), 423-434.

(b)  Konomi, S. and Roussos, G. 2007. Ubiquitous computing in the real world: lessons learnt from large scale RFID deployments. Personal Ubiquitous Comput. 11, 7 (Oct. 2007), 507-521.

(c)  Radu-Ioan Paise and Serge Vaudenay. 2008. Mutual authentication in RFID: security and privacy. In Proceedings of the 2008 ACM symposium on Information, computer and communications security (ASIACCS '08).

(d)  Ari Juels, Ravikanth Pappu, and Bryan Parno. 2008. Unidirectional key distribution across time and space with applications to RFID security. In Proceedings of the 17th conference on Security symposium (SS'08). USENIX Association, Berkeley, CA, USA, 75-90.

(e)  Alomair, B.; Clark, A.; Cuellar, J.; Poovendran, R., Scalable RFID systems: a privacy-preserving protocol with constant-time identification, in IEEE DSN 2010.

(f)  Peris-Lopez, P.; Hernandez-Castro, J.C.; Tapiador, J.M.E.; Palomar, E.; van der Lubbe, J.C.A., Cryptographic puzzles and distance-bounding protocols: Practical tools for RFID security. In IEEE RFID 2010.

(2)  Privacy in Social Network

(a)  A Practical Attack to De-Anonymize Social Network Users, by Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel

(b)  (Under)mining Privacy in Social Networks, by: Monica Chew, Dirk Balfanz, Ben Laurie

(c)  Jagatic, T. N., Johnson, N. A., Jakobsson, M., and Menczer, F. 2007. Social phishing. Commun. ACM 50, 10 (Oct. 2007), 94-100.

(d)  Bonneau, J. & Preibusch, S., The Privacy Jungle: On the Market for Data Protection in Social Networks, 2009, The Eighth Workshop on the Economics of Information Security WEIS.

(e)  Bilge, L., Strufe, T., Balzarotti, D., and Kirda, E. 2009. All your contacts are belonging to us: automated identity theft attacks on social networks. In Proceedings of the 18th international Conference on World Wide Web (Madrid, Spain, April 20 - 24, 2009). WWW '09.

(f)  Bin Zhou; Jian Pei, Preserving Privacy in Social Networks Against Neighborhood Attacks, IEEE ICDE 2008.

(g)  Lujun Fang, Heedo Kim, Kristen LeFevre, and Aaron Tami. 2010. A privacy recommendation wizard for users of social networking sites. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10).

(3)  How to attack captcha

(a)  Yan, J. and El Ahmad, A. S. 2008. A low-cost attack on a Microsoft captcha. In Proceedings of the 15th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 27 - 31, 2008). CCS '08. ACM, New York, NY, 543-554.

(b)  von Ahn, L., Blum, M., and Langford, J. 2004. Telling humans and computers apart automatically. Commun. ACM 47, 2 (Feb. 2004), 56-60.

(c)  2007. Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 - 31, 2007).

(d)  H. S. Baird and J. L. Bentley, "Implicit CAPTCHAs," Proc., SPIE/IS&T Conf. on Document Recognition and Retrieval XII (DR&R2005), San Jose, CA, January, 2005.

(e)  ScatterType: A Legible but Hard-to-Segment CAPTCHA, Henry S. Baird and Michael A. Moll and Sui-Yu Wang.

(f)  P. Golle, Machine learning attacks against the Asirra CAPTCHA, in ACM CCS 2008.

(g)  Manuel Egele, Leyla Bilge, Engin Kirda, and Christopher Kruegel. 2010. CAPTCHA smuggling: hijacking web browsing sessions to create CAPTCHA farms. In Proceedings of the 2010 ACM Symposium on Applied Computing (SAC '10).

(4)  Graphical passwords

(a)  Dhamija, R. and Perrig, A. 2000. Déjà Vu: a user study using images for authentication. In Proceedings of the 9th Conference on USENIX Security Symposium - Volume 9 (Denver, Colorado, August 14 - 17, 2000).

(b)  Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., and Memon, N. 2005. Authentication using graphical passwords: effects of tolerance and image choice. In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 06 - 08, 2005). SOUPS '05, vol. 93. ACM, New York, NY, 1-12.

(c)  Dunphy, P. and Yan, J. 2007. Do background images improve "draw a secret" graphical passwords?. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 28 - 31, 2007).

(d)  Chiasson, S., Biddle, R., and van Oorschot, P. C. 2007. A second look at the usability of click-based graphical passwords. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 18 - 20, 2007).

(e)  Moncur, W. and Leplâtre, G. 2007. Pictures at the ATM: exploring the usability of multiple graphical passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (San Jose, California, USA, April 28 - May 03, 2007).

(f)  Modeling user choice in the PassPoints graphical password scheme, in Usable Privacy and Security, 2007.

(g)  Ian Molloy and Ninghui Li. Attack on the GridCode One-Time Password. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), March 2011.

(5)  Power analysis for hardware safety

(a)  D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. Trojan detection using ic fingerprinting. In IEEE Symposium on Security and Privacy, pages 296–310, 2007.

(b)  G.O. Dyrkolbotn and E. Snekkenes. Modified template attack: Detecting address bus signals of equal hamming weight. NISK 2009.

(c)  S. Mangard, E. Oswald, and T. Popp. Power Analysis Attack - Revealing the Secret of Smart Cards. Springer, 2007.

(d)  Ors, S.B.; Gurkaynak, F.; Oswald, E.; Preneel, B., Power-analysis attack on an ASIC AES implementation, IEEE ITCC 2004.

(e)  Tiri, K.; Akmal, M.; Verbauwhede, I., A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards, ESSCIRC 2002.

(f)  Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou. 2008. Designing and implementing malicious hardware. In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET'08), Fabian Monrose (Ed.).

(g)  Xiaoxiao Wang, Mohammad Tehranipoor, Jim Plusquellic, "Detecting malicious inclusions in secure hardware: Challenges and solutions," hst, pp.15-19, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust, 2008.

(6)  Flow based traffic analysis

(a)  S. Cabuk, C. E. Brodley, and C. Shields. IP covert timing channels: Design and detection. In CCS, pages 178–187, 2004.

(b)  M. P. Collins and M. K. Reiter. Finding peer-to-peer file-sharing using coarse network behaviors. In ESORICS, pages 1–17, Sept. 2006.

(c)  M. P. Collins and M. K. Reiter. On the limits of payload-oblivious network attack detection. In RAID, pages 251–270, Sept. 2008.

(d)  Y. Gao, Y. Zhao, R. Schweller, S. Venkataraman, Y. Chen, D. Song, and M.-Y. Kao. Detecting stealthy attacks using online histograms. In 15th IEEE Intern. Workshop on Quality of Service, June 2007.

(e)  G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol and structure independent botnet detection. In USENIX Security, 2008.

(f)  T.-F. Yen and M. K. Reiter. Traffic aggregation for malware detection. In DIMVA, pages 207–227, 2008.

(g)  Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis.Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. Appeared in the Proceedings of the 14th ACM Conference on Computer and Communication Security (CCS'07),

(7)  Security in cloud computing

(a)  Alexander Shraer et al, Venus: Verification for Untrusted Cloud Storage, in ACM CCSW 2010.

(b)  Bo Chen et al, Remote Data Checking for Network Coding-based Distributed Storage Systems, in ACM CCSW 2010.

(c)  Qian Wang et al. Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing, ESORICS 2009.

(d)  Thomas Ristenpart et al, Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, ACM CCS 2009.

(e)  Miranda Mowbray et al, A client-based privacy manager for cloud computing, in COMSWARE 2009.

(f)  Ari Juels and Burton S. Kaliski Jr., PORs: Proofs of Retrievability for Large Files.

(g)  "A new form of DOS attack in a cloud and its prevention mechanism", Huan Liu (Accenture Technology Labs), in ACM CCSW 2010.