skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Attention:The NSF Public Access Repository (NSF-PAR) system and access will be unavailable from 7:00 AM ET to 7:30 AM ET on Friday, April 24 due to maintenance. We apologize for the inconvenience.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Exploring Phone-Based Authentication Vulnerabilities in Single Sign-On Systems
Phone-based authenticators (PBAs) are commonly incorporated into multi-factor authentication and passwordless login schemes for corporate networks and systems. These systems require users to prove that they possess a phone or phone number associated with an account. The out-of-band nature of PBAs and their security may not be well understood by users. Further, the frequency of PBA prompts may desensitize users and lead to increased susceptibility to phishing or social engineering. We explore such risks to PBAs by exploring PBA implementation options and two types of attacks. When employed with a real-world PBA system, we found the symptoms of such attacks were subtle. A subsequent user study revealed that none of our participants noticed the attack symptoms, highlighting the limitations and risks associated with PBAs.  more » « less
Award ID(s):
1651540
PAR ID:
10431062
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
International Conference on Information and Communications Security
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ; ; ; ; (, Soft robotics)
    This work presents a unique approach to the design, fabrication, and characterization of paper-based origami robotic systems consisting of stackable pneumatic actuators. These paper-based actuators (PBAs) use materials with high elastic modulus-to-mass ratios, accordion-like structures, and direct coupling with pneumatic pressure for extension and bending. The study contributes to the scientific and engineering understanding of foldable components under applied pneumatic pressure by constructing stretchable and flexible structures with intrinsically nonstretchable materials. Experiments showed that a PBA possesses a power-to-mass ratio greater than 80 W/kg, which is more than four times that of human muscle. This work also illustrates the stackability and functionality of PBAs by two prototypes: a parallel manipulator and a legged locomotor. The manipulator consisting of an array of PBAs can bend in a specific direction with the corresponding actuator inflated. In addition, the stacked actuators in the manipulator can rotate in opposite directions to compensate for relative rotation at the ends of each actuator to work in parallel and manipulate the platform. The locomotor rotates the PBAs to apply and release contact between the feet and the ground. Furthermore, a numerical model developed in this work predicts the mechanical performance of these inflatable actuators as a function of dimensional specifications and folding patterns. Overall, we use stacked origami actuators to implement functionalities of manipulation, gripping, and locomotion as conventional robotic systems. Future origami robots made of paper-like materials may be suitable for single use in contaminated or unstructured environments or low-cost educational materials. 
    more » « less
  2. ; ; ; ; ; ; ; ; ; (, Advanced Energy Materials)
    Abstract Prussian blue analogues (PBAs) cathodes can host diverse monovalent and multivalent metal ions due to their tunable structure. However, their electrochemical performance suffers from poor cycle life associated with chemo‐mechanical instabilities. This study investigates the driving forces behind chemo‐mechanical instabilities in Ni‐ and Mn‐based PBAs cathodes for K‐ion batteries by combining electrochemical analysis, digital image correlation, and spectroscopy techniques. Capacity retention in Ni‐based PBA is 96% whereas it is 91.5% for Mn‐based PBA after 100 cycles at C/5 rate. During charge, the potassium nickel hexacyanoferrate (KNHCF) electrode experiences a positive strain generation whereas the potassium manganese hexacyanoferrate (KMHCF) electrode undergoes initially positive strain generation followed by a reduction in strains at a higher state of charge. Overall, both cathodes undergo similar reversible electrochemical strains in each charge–discharge cycle. There is ~0.80% irreversible strain generation in both cathodes after 5 cycles. XPS studies indicated richer organic layer compounds in the cathode‐electrolyte interface (CEI) layer formed on KMHCF cathodes compared to the KNHCF ones. Faster capacity fades in Mn‐based PBA, compared to Ni‐based ones, is attributed to the formation of richer organic compounds in CEI layers, rather than mechanical deformations. Understanding the driving forces behind instabilities provides a guideline to develop material‐based strategies for better electrochemical performance. 
    more » « less
  3. ; (, Journal of Applied Physics)
    Prussian blue analogs (PBAs) are an important material class for aqueous electrochemical separations and energy storage owing to their ability to reversibly intercalate monovalent cations. However, incorporating interstitial [Formula: see text] molecules in the ab initio study of PBAs is technically challenging, though essential to understanding the interactions between interstitial water, interstitial cations, and the framework lattice that affect intercalation potential and cation intercalation selectivity. Accordingly, we introduce and use a method that combines the efficiency of machine-learning models with the accuracy of ab initio calculations to elucidate mechanisms of (1) lattice expansion upon intercalation of cations of different sizes, (2) selectivity bias toward intercalating hydrophobic cations of large size, and (3) semiconductor–conductor transitions from anhydrous to hydrated lattices. We analyze the PBA nickel hexacyanoferrate [[Formula: see text]] due to its structural stability and electrochemical activity in aqueous electrolytes. Here, grand potential analysis is used to determine the equilibrium degree of hydration for a given intercalated cation (Na[Formula: see text], K[Formula: see text], or Cs[Formula: see text]) and [Formula: see text] oxidation state based on pressure-equilibrated structures determined with the aid of machine learning and simulated annealing. The results imply new directions for the rational design of future cation-intercalation electrode materials that optimize performance in various electrochemical applications, and they demonstrate the importance of choosing an appropriate calculation framework to predict the properties of PBA lattices accurately. 
    more » « less
  4. ; ; ; (, Internet Society (ISOC))
    Mobile messaging applications offer rich features such as contact discovery, nearby user search, and single sign-on (SSO)-based account linking, enabling seamless multi-platform usage but also introducing significant privacy risks. This paper presents an investigative study of privacy vulnerabilities across widely used messaging apps, including KakaoTalk, Telegram, WhatsApp, Signal, and Tinder. The authors demonstrate concrete attacks that exploit contact discovery, exposed SSO tokens, and location-based services to extract sensitive user information. More importantly, they introduce the first cross-platform linking attacks, which combine these techniques to deanonymize users and infer their physical locations with an average error of 324 meters. The study reveals that permissive contact discovery policies and shared identifiers such as phone numbers and profile images enable large-scale linking of private data across platforms. The paper concludes with mitigation strategies to limit abuse and improve privacy protections in messaging ecosystems. 
    more » « less
  5. ; ; ; (, Cryptologia)
    We present and analyze UDM, a new protocol for user discovery in anonymous communication systems that minimizes the information disclosed to the system and users. Unlike existing systems, including those based on private set intersection, UDM learns nothing about the contact lists and social graphs of the users, is not vulnerable to off-line dictionary attacks that expose contact lists, does not reveal platform identifiers to users without the owner’s explicit permission, and enjoys low computation and communication complexity. UDM solves the following user-discovery problem. User Alice wishes to communicate with Bob over an anonymous communication system, such as cMix or Tor. Initially, each party knows each other’s public contact identifier (e.g., email address or phone number), but neither knows the other’s private platform identifier in the communication system. If both parties wish to communicate with each other, UDM enables them to establish a shared key and learn each other’s private platform identifier. UDM uses an untrusted user-discovery system, which processes and stores only public information, hashed values, or values encrypted with keys it does not know. Therefore, UDM cannot learn any information about the social graphs of its users. Using the anonymous communication system, each pair of users who wish to communicate with each other uploads to the user-discovery system their private platform identifier, encrypted with their shared key. Indexing their request by a truncated cryptographic hash of their shared key, each user can then download each other’s encrypted private platform identifier. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email