Morning Keynote by Dr. Kun Sun

Title: On Enhancing Security of Password-based Authentication


Password remains the dominant authentication scheme for more than 30 years, and it cannot be totally replaced in the foreseeable future. However, password authentication has been long plagued to have many security and usability drawbacks, mainly due to human memory limitations. We present two research projects that focus on the security of password authentication and its ecosystem. First, we observe that personal information plays an important role when a user creates a password. Enlightened by this, we conduct a study on how users create their passwords using their personal information based on a leaked password dataset. Then, we develop a novel password cracker, named personal-PCFG, that leverages personal information for password cracking. Second, we investigate an overlooked aspect in the password lifecycle – the password recovery procedure. We study the possibility of mounting an email-based account recovery attack. We examine the account authentication and recovery protocols in 239 traffic-heavy websites, confirming that most of them use emails for account recovery. We further scrutinize the security policy of major email service providers and show that a significant portion of them take no or marginal effort to protect user email accounts. Finally, we propose a lightweight email security enhancement called Secure Email Account Recovery (SEAR) to defend against account recovery attacks as an extra layer of protection to account recovery emails.

Kun Sun
Dr. Kun Sun is an associate professor in the Department of Information Sciences and Technology at George Mason University. He is also the director of Sun Security Laboratory. He received his Ph.D. in Computer Science from North Carolina State University in 2006. Before joining GMU, he was an assistant professor in College of William and Mary. His research focuses on systems and network security. Dr. Sun has more than 15 years working experience in both industry and academia, publishing over 70 conference and journal papers. His current research focuses on trustworthy computing environment, moving target defense, smart phone security, software defined network security, and password management. His homepage is


Afternoon Keynote by Dr. Krishna Venkatasubramanian

Title: TBA

Krishna Venkatasubramanian
Dr. Krishna Venkatasubramanian is an Assistant Professor in the Department of Computer Science at Worcester Polytechnic Institute (WPI) in Worcester, Massachusetts, USA. Prior to coming to WPI, he was a Post-Doctoral Researcher at the University of Pennsylvania, Philadelphia, Pennsylvania, USA. He received his Ph.D. in Computer Science from Arizona State University, Tempe, Arizona, USA. His research interests include security and fault-tolerance in the wearable internet of things, medical cyber-physical systems, biometrics, and assistive technologies. He has co-authored a book titled Body Area Networks: Safety, Security and Sustainability published by Cambridge University Press in 2013. His research has been featured on CBS News, the Discovery Channel website, Clinical Innovations and Technology magazine, and IEEE Engineering in Medicine and Biology magazine. More information on his research activities can be found at: