Independent Panel on Internet Voting in British Columbia
I’ve been invited to serve on the independent panel on Internet voting appointed by Elections B.C.. Other members of the panel are Keith Archer (chair), Chief electoral officer; Lee-Ann Crane, chief administrative officer for the East Kootenay Regional District; Valerie King, professor in the department of computer science at the University of Victoria; and George Morfitt, former auditor general of B.C.
The Devil is in (Implementation) Details
It’s hard to get a security protocol right. It seems even harder to get its implementations right, even more so when millions use it on daily basis. LERSSE’s Sun-Tsai will present at ACM CCSthis October several critical vulnerabilities he has uncovered in implementation of OAuth 2.0, used by Facebook, Microsoft, Google, and many other identity providers and relying parties. These […]
Systematically breaking and fixing OpenID security
Do you use OpenID? I bet you do, even if you don’t know this. OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. Well, the security of this protocol is clearly critical! Yet, its security analysis has only been done so […]
On vulnerability of Facebook users to social botnets
How likely for a Facebook user to accept a friendship request from a stranger (albeit a pretty/handsome one)? By how much do such chances correlate with “promiscuity” of the user in terms of FB friends? Can such requests be automated? What can an adversary gain from befriending users? These and other questions were investigated in the […]
Towards Usable Web Single Sign-On
OpenID is an open and promising Web single sign-on (SSO) solution. The research led by my Ph.D. student San-Tsai Sun investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in the login flow could improve the users’ experience and adoption incentives. We found our participants had several behaviors, […]