Markus Jakobsson

• PhD
• Artema Labs

Blockchain technologies rely on the existence of large number of miners. The miners are computers that by contribute resources to time-stamping transactions in return for a chance to benefit financially. It is critical that there is a large number of independent miners. That is because if a majority of miners were controlled by an adversarial entit...

SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authenti...

We introduce a new approach to protect goods, whether physical or virtual, against both counterfeit and theft. As an interesting and valuable side-effect, our approach also enhances ratings and review systems by improving their accuracy and reducing the risk for abuse. Such side-effects are not accidental, but are a result of the entanglement betwe...

We describe a devious new attack that uses social engineering to defraud increasing numbers of consumers and companies. While this new attack, which we term the launchpad attack, defies existing security controls, we show that it can indeed be detected and blocked.

In order for ubiquitous computing to realize its full potential, it is necessary for service providers to detect the presence of user devices to identify the needs and wishes of the associated users—both as this relates to the performance of services and the implementation of privacy preferences. We take a large step in the direction of improving s...

Attackers increasingly, and with high success rates, use social engineering techniques to circumvent second factor authentication (2FA) technologies, compromise user accounts and sidestep fraud detection technologies. We describe an approach, replacing the use of traditional security codes, that thwarts social engineering attacks on 2FA without rel...

Business Email Compromise (BEC) is an attack in which a scammer poses as a colleague of the intended victim or vendor of the targeted organization, and where the scammer either asks the intended victim to perform a payment or to send sensitive data. However, even though BEC is an increasing threat, the shape of the underlying scam is not well under...

We have argued at length that it is vital to understand both the typical user and the malicious user when designing security and privacy systems. We have illustrated this with a series of case studies. We have considered approaches to determine what malicious users do, and why; and we have shown how developing problems, such as launchpad attacks, c...

User privacy is, increasingly, a source of contention. This often-tense relationship between data originators (such as end-users) and data consumers (such as advertisers and service providers) flares up with every revelation of abusive data disclosure. While the essence of the problem is one of incentive misalignment, the problem starts with the di...

The foundation for a structural change that improves privacy is presented in this article. This approach constitutes an important alternative to increased regulation and an opportunity for big data companies to improve their image in the eyes of the public.

Attackers increasingly, and with high success rates, use social engineering techniques to circumvent second factor authentication (2FA) technologies, compromise user accounts and sidestep fraud detection technologies. We introduce a social engineering resistant approach that we term device-aware 2FA, to replace the use of traditional security codes...

This book makes the case that traditional security design does not take the end-user into consideration, and therefore, fails. This book goes on to explain, using a series of examples, how to rethink security solutions to take users into consideration. By understanding the limitations and habits of users – including malicious users, aiming to corru...

Human failure is the weakest link in many, if not most, security systems. As a result, criminals are increasingly relying on social engineering as a way to circumvent security controls. To improve their yield, criminals constantly experiment with methods aimed at making their attacks harder to detect-both to security systems and to the end users be...

The forensic investigation of communication datasets which contain unstructured text, social network information, and metadata is a complex task that is becoming more important due to the immense amount of data being collected. Currently there are limited approaches that allow an investigator to explore the network, text and metadata in a unified m...

There are countless ways to carry out a cyber-attack, but in the vast majority the key is deception – typically involving identity deception in which the attacker poses as a trusted party to the intended victim. Many of these attacks involve stealing passwords from victims in order to access their accounts and pose as them. Therefore, with cyber-cr...

This book constitutes the refereed proceedings of 5 workshops held at the 21st International Conference on Financial Cryptography and Data Security, FC 2017, in Sliema, Malta, in April 2017. The 39 full papers presented were carefully reviewed and selected from 96 submissions. They feature the outcome of the 5th Workshop on Encrypted Computing and...

Deception is rapidly on the rise on the Internet, and email is the attack vector of choice for a broad array of attacks, including ransomware distribution, enterprise-facing cons, and mass-deployed phishing attacks. It is widely believed that this is due to the ubiquity of email and the limited extent to which relevant email security measures have...

SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authenti...

This chapter delivers an overview of traditional mechanisms to detect and stop unwanted emails. These mechanisms include email authentication (e.g., DKIM, SPF, DMARC), blacklisting (e.g., DNSBL), and content-based spam filtering (e.g., Naive Bayes Classifier). We explain the extent to which they can be useful to block scam, and point out evasion te...

SAY YOU RECEIVE an email saying, "We have kidnapped your child. To verify that we are telling the truth, just call your child's cellphone. To get your child back, you need to send us $10,000 within one hour. We will send instructions in a separate email. Do not tell anybody–or else." · Chances are you'd pick up the phone and call your child. Imagin...

We describe a novel approach to reduce the impact of spoofing by a subtle change in the login process. At the heart of our contribution is the understanding that current anti-spoof technologies fail largely as a result of the difficulties to communicate security and risk to typical users. Accordingly, our solution is oblivious to whether the user w...

This chapter focuses on the taxonomy of scam emails collected from various sources and investigates long-term trends in scam emails. We first describe a large-scale compendium of scam emails collected from various sources, and then present an analysis regarding what kind of scams exist, what their structures are, and how they are related to each ot...

This chapter focuses on a common type of consumer-facing scam referred to as the sales scam, focusing on the scam’s occurrence on Craigslist, one of the most popular online market websites, with over 60 million monthly visitors in the U.S. alone. In spite of the prevalence of scams on Craigslist, the community’s understanding of these is still very...

This chapter looks at Business Email Compromise, first describing the structure of common aspects of this scam, and then turning to countermeasures. It is worth noting that many other scams have related structures—for example, scammers commonly use stolen accounts for both Business Email Compromise scams and for Stranded Traveler scams (discussed i...

This chapter describes the romance scam, and an experiment performed to establish metrics around it, including a data collection tool we refer to as the simulated spam filter. We find that while traditional romance scams still account for the large majority of romance scam messages, affiliate marketing scams are increasingly becoming dominant in on...

This short chapter focuses on targeting. Targeting increases the yield of attacks, i.e., the response rate. Targeting also reduces the efficacy of spam filters and related technologies, and as such, vastly improves the profits scammers reap. We overview how to estimate the yield of attacks, and how to identify scams that are likely to become more c...

In this chapter, we demonstrate a vulnerability in existing content-based message filtering methods, showing how an attacker can use a simple obfuscator to modify any message to a homograph version of the same message, thereby avoiding digest and signature based detection methods. We measure the success of this potential attack, showing a total suc...

This chapter identifies and analyzes trends in the terms and expressions used in the content of scam emails and associates those with the principles of human persuasion that they integrate. We discuss and compare both the terms and principles used over time within a sample of scam emails collected between 2006 and 2014. Our analyses shows that diff...

This chapter describes a novel content-based detection method based on the semantics—or meaning—of messages. This is a powerful tool since scammers commonly change formulations but rarely change storylines. We use examples related to the stranded traveler scam, which is a common result of account take-overs, whether of email or of Facebook accounts...

Scam developments and scam countermeasures are both in constant flux, with one reacting to the other. As scammers identify a new human or technical weakness, they change their techniques. This, in turn, refocuses the efforts of scam researchers and practitioners, and drives entrepreneurs to identify new techniques to provide protection. Scammers, i...

In this chapter, a systematic empirical study of the online rental scams on Craigslist and its ecosystem is presented. By developing several effective detection techniques, several major rental scam campaigns on Craigslist were identified. In addition, a system was built to automatically contact suspected rental scammers, which enabled us to unders...

Being able to identify likely trends is the core of building better countermeasures. This chapter describes a light-weight approach to identifying differences in user vulnerabilities. That allows us to quantify vulnerabilities before they are actively abused. By being able to anticipate what fraudsters will be likely to do eventually, it is possibl...

This children’s classic, first published in 1881, which tells the story of the widowed Mrs. Pepper and her five children-Ben, Polly, David, Joel, and Phronsie, continues to resonate with readers today. Without being saccharine, the book reveals the true value of family. When the children, or Five Little Peppers as they are known in Badgertown, wish...

In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using...

We describe a common but poorly known type of fraud – so-called liar buyer fraud – and explain why traditional anti-fraud technology has failed to curb this problem. We then introduce a counter-intuitive technique based on user interface modification to address liar-buyer fraud, and report result of experiments supporting that our technique has the...

The auditing of a device that includes a physical memory is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. Initialization information is also received. The physical memory is selectively written in accordance with a function. The physical memory is selectively read and at least one result is dete...

Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These n...

One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitl...

Preference data is received. The received preference data is compared to stored preference data associated with a user with which the received preference data is associated. A determination is made whether to authorize an action based at least on the comparison. The preference data is received as a selection.

One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates on...

We propose a biometric authentication scheme suitable for multi-touch devices such as tablet computers. Our scheme is based on hand geometry. It improves on prior work by introducing a dynamic element, where movement challenges are issued based on static hand geometry data. Specifically, we demonstrate a set of multi-touch interactions that can cap...

Guest editors M. Angela Sasse and Charles C. Palmer speak with security practitioners about what companies are doing to keep customers secure, and what users can do to stay safe.

This chapter describes the importance of understanding the human factor of security and detail the findings from a study on deceit. Computer science has a long-term tradition of studying and understanding security threats, such as identity theft; the human component of the problem is traditionally ignored. Identity theft is commonly defined as unwa...

This chapter focuses on identity manipulation tactics in email and Web pages. It describes the effects of features ranging from URL plausibility to trust endorsement graphics on a population of 398 subjects. The experiment presents these trust indicators in a variety of stimuli, since reactions vary according to context. In addition to testing spec...

Some embodiments provide a system that facilitates use of a computing device. During operation, the system obtains an event description of an event on the computing device. Next, the system computes a message authentication code (MAC) for the event description using a secure component associated with the computing device. Finally, the system uses t...

Embodiments of present disclosure provide a method and system for remotely auditing a security posture of a client machine at a centralized server. The system receives an integrity-protected report from the client machine, or other devices related to the client machine, the report comprising entries associated with security events or security state...

We describe and analyze a variant of the traditional password scheme. This is designed to take advantage of standard error-correcting methods used to facilitate text entry on handsets. We call the new approach fastwords to emphasize their primary regular passwords; the former being. Fastwords are approximately twice as fast to enter on mobile keybo...

Authentication is one of the issues at the heart of machine security, and there is a great array of authentication types. To begin with, one can classify authentication methods based on who is authenticating to whom, creating a breakdown into machine-to-machine authentication, machine-to-human authentication, human-to-human authentication, and huma...

This chapter describes one approach with which legacy systems can be augmented to provide additional functionality. This is a helpful approach to quickly upgrading systems, and to adapt them to new requirements. We describe this in the context of authentication.

In this chapter, we describe a novel approach to reduce the impact of spoofing by a subtle change in the login process. At the heart of the technique is the understanding that current anti-spoof technologies fail largely as a result of the difficulties to communicate security and risk to typical users. Accordingly, the approach is oblivious to whet...

We study passwords from the perspective of how they are generated, with the goal of better understanding how to distinguish good passwords from bad ones. Based on reviews of large quantities of passwords, we argue that users produce passwords using a small set of rules and types of components, both of which we describe herein. We build a parser of...

This chapter will describe a method of deriving new PINs from existing passwords. This method is useful for obtaining friction-free user onboarding to mobile platforms. It has significant business benefits for organizations that wish to introduce mobile apps to existing users who already have passwords, but are reluctant to authenticate the users w...

The threat of malware and phishing is engulfing the web. It is expected to be an even greater threat in the mobile context as battery power limitations and the lack of handset screen real estate hinder anti-virus and user messaging methods. In addition, people’s continuous handset connectivity makes them more vulnerable to abuse. This paper argues...

We describe a preference-based authentication scheme in which both security and usability of previous approaches are dramatically improved upon. We report on experimental findings supporting a false negative rate on the order (For precise estimates of error rates, large-scale testing is necessary.) of 0.9 % and a false positive rate on the order of...

In an effort to assess the strength of passwords, password strength checkers count lower-case and upper-case letters, digits and other characters. However, this does not truly measure how likely a given password is. To determine the likelihood of a password, one must first understand how passwords are generated—this chapter takes a first step in th...

Fraud poses a significant threat to the Internet. 1.5% of all online advertisements attempt to spread malware. This lowers the willingness to view or handle advertisements, which will severely affect the structure of the web and its viability. It may also destabilize online commerce. In addition, the Internet is increasingly becoming a weapon for p...

Online Advertising: With Secret Security Web Security Remediation Efforts Content-Sniffing XSS Attacks: XSS with Non-HTML Content Our Internet Infrastructure at Risk Social Spam Understanding CAPTCHAs and Their Weaknesses Security Questions Folk Models of Home Computer Security Detecting and Defeating Interception Attacks Against SSL

Security Needs the Best User Experience Fraud and the Future

Human and Social Issues Who are the Criminals?

When and How to Authenticate Fastwords: Adapting Passwords to Constrained Keyboards Deriving PINs from Passwords Visual Preference Authentication The Deadly Sins of Security User Interfaces SpoofKiller—Let's Kiss Spoofing Goodbye! Device Identification and Intelligence How can we Determine if a Device is Infected or not?

Phishing on Mobile Devices Why Mobile Malware will Explode Tapjacking: Stealing Clicks on Mobile Devices

Online Advertising Fraud Toeing the Line: Legal but Deceptive Service Offers Phishing and Some Related Attacks Malware: Current Outlook Monetization

We describe a novel approach to reduce the impact of spoofing by a subtle change in the login process. At the heart of our contribution is the understanding that current antispoof technologies fail largely as a result of the difficulties to communicate security and risk to typical users. Accordingly, our solution is oblivious to whether the user wa...

We describe an improved preference-based password reset scheme in which both security and usability of previous approaches are dramatically improved on. We report on experimental findings supporting these claims. Our experiment shows a false negative rate on the order of 0.9% and a false positive rate on the order of 0.5% for a choice of parameters...

In this position paper we discuss various issues related to so-called stealth attacks. We elaborate on stealth attacks in the context of three common types of wireless networks, namely ad hoc networks, hybrid networks, and sensor networks. We consider the relevance of these settings to various vehicular environments; e.g., emergency and rescue oper...

As part of this special issue on authentication, guest editors Richard Chow, Markus Jakobsson, and Jesus Molina put together a roundtable discussion with leaders in the field, who discuss here their views on the biggest problems in authentication, potential solutions, and the direction in which the field is moving.

Authentication has been a cornerstone of computer security since ancient times. It's an area deserving even more attention today. Better authentication will make the Internet, secured workplaces, and connected homes safer and more convenient for all. The guest editors introduce a special issue on authentication that includes a roundtable discussion...

Software-based attestation can be used for guaranteed detection of any active malware on a device. This promises a significant advance in the battle against malware, including mobile malware. However, most software based attestation methods are either heuristic or unsuitable for mobile computing �?? and often both. One recent software-based attesta...

Users are increasingly dependent on mobile devices. However, current authentication methods like password entry are significantly more frustrating and difficult to perform on these devices, leading users to create and reuse shorter passwords and pins, or no authentication at all. We present implicit authentication - authenticating users based on be...

We describe and analyze a variant of the traditional pass-word scheme. This is designed to take advantage of stan-dard error-correcting methods of the types used to facilitate text entry on handsets. We call the new approach fast-words to emphasize their primary feature compared to reg-ular passwords. Compared with passwords, fastwords are approxim...

Cloud computing is a natural fit for mobile security. Typical handsets have input constraints and practical computational and power limitations, which must be respected by mobile security technologies in order to be effective. We describe how cloud computing can address these issues. Our approach is based on a flexible framework for supporting auth...

We introduce a practical software-based attestation approach. Our new method enables detection of any active malware (e.g., malware that executes or is activated by interrupts) - even if the infection occurred before our security measure was loaded. It works independently of computing platform, and is eminently suited to address the threat of mobil...

Mix-networks, a family of anonymous messaging protocols, have been engineered to withstand a wide range of theoretical internal and external adversaries. An undetectable insider threat—voluntary partial trace disclosures by server administrators—remains a troubling source of vulnerability. An administrator's cooperation could be the resulting coerc...

We introduce a model for electronic election schemes that involves a more powerful adversary than previous work. In particular, we allow the adversary to demand of coerced voters that they vote in a particular manner, abstain from voting, or even disclose their secret keys. We define a scheme to be coercion-resistant if it is infeasible for the adv...

We introduce a new technique that permits servers to har-vest selected Internet browsing history from visiting clients. Privacy-Preserving History Mining (PPHM) requires no in-stallation of special-purpose client-side executables. Para-doxically, it exploits a feature in most browsers (IE, Firefox and Safari) regarded for years as a privacy vulnera...

We describe a method of deriving PINs from passwords. The method is useful to obtain friction-free user onboarding to mobile platforms. It has significant business benefits to organizations that wish to introduce mobile apps to existing users – but which are reluctant to make the users authenticate with passwords. From the user's perspective, a PIN...

David Chaum introduced Visual Voting scheme in which a voter obtains a paper receipt from a voting machine. This receipt can be used to verify that his vote was counted in the final tally, but cannot be used for vote selling. The Chaum's system requires sophisticated printers and application of random-ized partial checking (RPC) method. We propose...

Cloud computing is clearly one of today's most enticing technology areas due, at least in part, to its cost-efficiency and flexibility. However, despite the surge in activity and interest, there are significant, persistent concerns about cloud computing that are impeding momentum and will eventually compromise the vision of cloud computing as a new...

We argue that the CAPTCHA in its current incarnation may be near the end of its useful life, and propose an alternative throttling mechanism to control access to web resources. We analyze our proposed solution against a collection of realistic adversaries and conclude that it is a viable approach. As a result of potential independent value, we desc...

We review the intertwined problems of malware and online fraud, and argue that the fact that service providers often are financially responsible for fraud causes a relative lack of incentives for clients to manage their own security well. This suggests the need for a server-side tool to determine the security posture of clients before letting them...

Naouel Ben Salem, Levente Buttyan, Jean-Pierre Hubaux and Markus Jakobsson abstract: In multi-hop cellular networks, the existence of a communication link between the mobile station and the base station is not required: a mobile station that has no direct connection with a base station can use other mobile stations as relays. Compared with conventi...

We introduce the notion of implicit authentication – the ability to authenticate mobile users based on actions they would carry out anyway. We develop a model for how to per-form implicit authentication, and describe experiments aimed at assessing the benefits of our techniques. Our preliminary findings support that this is a meaningful approach, w...

We describe a technique aimed at addressing longstanding problems for password reset: security and cost. In our ap- proach, users are authenticated using their preferences. Ex- periments and simulations have shown that the proposed approach is secure, fast, and easy to use. In particular, the average time for a user to complete the setup is approxi...

Internet based donations to political candidates are now a vital part of any successful campaign. Tens of millions of dollars are raised online each year, primarily in sub one hundred dollar amounts from individuals around the country. Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and...

ABSTRACT While good user education can hardly secure a system, we believe that poor user education can put it at serious risk. The current problem of online fraud is exasperated by the fact that most users make security decisions, such as whether to install a given piece of software or not, based on a very rudimentary understanding of risk. We desc...

Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good pass- words may sometimes be hard to remember. For years, se- curity practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and fals...

Fraud isn't new, but in the eyes of many experts, phishing and crimeware threaten to topple society's overall stability because they erode trust in its underlying computational infrastructure. Most people agree that phishing and crimeware must be fought, but to do so effectively, we must fully understand both types of threat; that starts by quantif...

We show how to convert regular keyboard-entry CAPTCHAs into clickable CAPTCHAs. The goal of this conversion is to simplify and speed-up the entry of the CAPTCHA so- lution, to minimize user frustration and permit the use of CAPTCHAs on devices where they would otherwise be un- suitable. We propose a technique for producing secure click- able CAPTCH...

We present a new authentication protocol called Delayed Password Disclosure (DPD). Based on the traditional username and password paradigm, the protocol's goal is aimed at reducing the effectiveness of phishing/spoofing attacks that are becoming increasingly problematic for Internet users. This is done by providing the user with dynamic feedback wh...