Is the Internet ready for prime time, in the sense of being suitable for people using applications requiring security and/or protection of privacy? We review progress over the past few years in selected areas of usable security, with a particular focus on "everyday" people. Applications and tools on our tour include online banking, anonymous browsing, CAPTCHAs, password managers and graphical passwords.


Paul Van Oorschot (Ph.D., Waterloo, 1988) is a Professor in the School of Computer Science at Carleton University (Ottawa), Canada Research Chair in Network and Software Security, and founding director of Carleton.s Digital Security Group. He has worked in research and development in applied cryptography and network security at Bell-Northern Research (Ottawa), at Entrust Inc. (Ottawa) as VP and Chief Scientist, and as Chief Scientist at Cloakware Corp. (Ottawa). He serves regularly on international conference program committees in security and cryptography, and is co-author of the standard reference Handbook of Applied Cryptography. His current research interests include authentication, application security, software protection, network security, and security infrastructures.

"Quantifying Resistance to the Sybil Attack", N. Boris Margolin, Brian Levine (UMass Amherst)

"Evaluating the Wisdom of Crowds in Assessing Phishing Websites", Tyler Moore, Richard Clayton (University of Cambridge)

"Don't clog the queue! Circuit clogging and mitigation in P2P anonymity schemes", Jon McLachlan, Nicholas Hopper (University of Minnesota)

"SHORT PAPER: An Efficient Fully Deniable Key Exchange Protocol", Shaoquan Jiang, Rei Safavi-Naini (University of Calgary) (slides)

"Revisiting pairing based group key exchange", Yvo Desmedt (University College London), Tanja Lange (Technische Universiteit Eindhoven) (slides:ps)

"Constant-Round Password-Based Authenticated Key Exchange Protocol for Dynamic Groups", Shuhua Wu, Yuefei Zhu (Zhengzhou Information Science Technology Institute)

Moderator: Yvo Desmedt (University College London, UK)
Panelists: Jon Callas (PGP Corporation, USA), Daniel Nagy (ELTECRYPT, Eotvos University, Hungary), Akira Otsuka (National Institute of Advanced Industrial Science and Technology, Japan), Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium), Moti Yung (Google Research, USA)

"A Practical Universal Circuit Construction and Secure Evaluation of Private Functions", Vladimir Kolesnikov (Bell laboratories), Thomas Schneider (University of Erlangen-Nuremberg) (slides)

"Generalized Non-interactive Oblivious Transfer using Count-Limited Objects with Applications to Secure Mobile Agents", Stephen Tate (UNC Greensboro), Vandana Gunupudi (University of North Texas) (slides)

"PBS: Private Bartering Systems", Keith Frikken, Lukasz Opyrchal (Miami University)

"Breaking Legacy Banking Standards with Special-Purpose Hardware", Tim Gueneysu, Christof Paar (Ruhr University Bochum)

"ePassport: Securing International Contacts with Contactless Chips", Gildas Avoine, Kassem Kalach, Jean-Jacques Quisquater (UCL, Louvain-la-Neuve) (slides)

"Good Variants of HB+ are Hard to Find", Yannick Seurin, Henri Gilbert, Matthew Robshaw (France Telecom R&D) (slides)

"SHORT PAPER: Augmenting Internet-based Card Not Present Transactions with Trusted Computing" Shane Balfe, Kenneth Paterson (Royal Holloway) (slides)

Ken Huang and Paul Douthit, CGI - Payment Card Industry (PCI) Data Security Standard and ST&E

N. Asokan and Jan-Erik Ekberg, Nokia Research Center - A Platform for OnBoard Credentials

Peter Williams, Stony Brook University - Privacy Threats in Online Stock Quotes

William Yurcik, Clay Woolam, Greg Hellings, Latifur Khan, Bhavani Thuraisingham, University of Texas at Dallas - Making Quantitative Measurements of Privacy/Analysis Tradeoffs Inherent to Packet Trace Anonymization

Antonio San Martino and Xavier Perramon, Universitat Pompeu Fabra - Securing Web Banking Applications

Abstract: TBD

"SHORT PAPER: Weighing Down The Unbearable Lightness of PIN Cracking", Mohammad Mannan, Paul Van Oorschot (Carleton University) (slides)

"SHORT PAPER: Phishwish: A Stateless Phishing Filter Using Minimal Rules", Vijay Gurbani (Bell Labs/Alcatel-Lucent), Debra Cook, Michael Daniluk

"SHORT PAPER: Competition and Fraud in Online Advertising Markets" Bob Mungamuru (Stanford University), Stephen Weis (Google)

"SHORT PAPER: Identity Theft: Much too Easy? A Study of Online Systems in Norway", Andre Klingsheim, Kjell Jgen Hole (University of Bergen)

"SHORT PAPER: On the Security of Next Generation E-Commerce in Norway-a Red Team Approach", Yngve Espelid, Lars-Helge Netland, Andre Klingsheim, Kjell Jgen Hole (University of Bergen)

"Improvement of Efficiency in (Unconditional) Anonymous Transferable E-Cash", Sebastien Canard (Orange Labs), Aline Gouget (Gemalto), Jacques Traore (Orange Labs)

"Proactive RSA Signatures with Non-Interactive Signing" Stanislaw Jarecki, Josh Olsen (UC Irvine) (slides)

"Fair Traceable Multi-Group Signatures", Vicente Benjumea (Univ. of Malaga), Seung Geol Choi (Columbia University), Javier Lopez (Univ. of Malaga), Moti Yung (Google) (slides)

"Identity-Based Online/Offline Encryption", Fuchun Guo (Fujian Normal University,China), Yi Mu (University of Wollongong), Zhide Chen (slides)

Moderator: Mary Ellen Zurko (IBM)
Panelists: Gene Tsudik (UC Irvine), Phil Hallam-Baker (Verisign), Andrew Patrick (NRC)

"SHORT PAPER: Countermeasures against Government-Scale Monetary Forgery", Alessandro Acquisti, Nicolas Christin, Bryan Parno, Adrian Perrig (Carnegie Mellon University) (slides)

"SHORT PAPER: OpenPGP-based Financial Instruments and Dispute Arbitration", Daniel Nagy (ELTECRYPT), Nadzeya Shakel (Belarusian State University) (slides)

"An Efficient Anonymous Credential System", Norio Akagi (Kyoto University, Japan), Yoshifumi Manabe (NTT), Tatsuaki Okamoto (NTT) (slides)

"Practical Anonymous Divisible E-Cash From Bounded Accumulators", Man Ho Au, Willy Susilo, Yi Mu (University of Wollongong) (slides)