A web identity is an identifier that uniquely identifies and represents an entity in the Cyberspace. Web identity security focuses on accurate identity verification and prevention of identity impersonation, fraud, leakage, theft, etc. Nowadays, the increasing scale of the Web gives rise to the problems of “Password Fatigue”, “Phishing Attacks” and “Brute Force Password Attacks”, and brings great challenges to the currently dominant password-based web identity authentication scheme.
In this talk, we will first present the threats and challenges to Web identity security and then introduce our solutions and suggestions. In particular, we propose a new web identity authentication mechanism by introducing a module named “Trusted User Agent” in the authentication process, which is compatible with the current password-based mechanism. Specifically, the user account information is automatically generated by, stored in the trusted user agent, and directly sent to the corresponding server, which authorizes the corresponding session on the specific terminal after successful authentication. This forms a secure closed authentication loop, in which credentials will never be sent to, and stolen by phishers at the browser. The proposed mechanism helps users automatically register new accounts with unlinkable identities and strong passwords, thus free from password cracking. We develop a system based on this mechanism and implement automatic change of passwords as well. Analyses and user studies have been conducted to show its security, usability, and deployability, being superior to the current password-based mechanism.
A phishing detection mechanism based on parasitic community will then be presented, which not only reaches an accuracy of 99.2%, but is the only system in the world capable of discovering phishing targets. A deep learning based solution will also be presented, which can detect a phishing URL with a very fast speed (20ms) and a very high precision (TPR=98.45% while FPR=0.01%).
Dr. Liu Wenyin is currently a Professor in School of Computer Science and Technology, Guangdong University of Technology. He was Deputy Director of Multimedia software Engineering Research Centre at the City University of Hong Kong from 2013 to 2016, an assistant professor in the Department of Computer Science at the City University of Hong Kong from 2002 to 2012, and a full time researcher at Microsoft Research China/Asia from 1999 to 2001. His current research interests include blockchain, anti-phishing, Web identity authentication and management. He has BEng and MEng degrees in computer science from Tsinghua University, Beijing and a doctoral degree from the Technion, Israel Institute of Technology, Haifa. In 2003, he was awarded the IAPR/ICDAR Outstanding Young Researcher Award. In 2010, he was elected to IAPR Fellow for his contributions to graphics recognition and anti-phishing. He had been TC10 chair of IAPR for two terms 2006-2010. He had been on the IAPR Fellow Committee for three terms 2010-2016. He had been on the editorial boards of the International Journal of Document Analysis and Recognition (IJDAR) from 2006 to 2011 and the IET Computer Vision journal from 2011-2012. He is also an angel investor in the areas of cybersecurity, blockchain, big data, and Robots.