I am a postdoctoral researcher at Peking University from July 2021, supported by the Peking University Boya Postdoctoral Fellowship 2021. My research focuses on cyber security and machine learning. My work about password and honey encryption appeared at USENIX Security 2021, 2019, ICASSP 2021, NDSS 2018, etc.
Ph.D. in Computer Science, 2021
Peking University, Beijing, China
M.A. in Pure Mathematics, 2015
Peking University, Beijing, China
B.A. in Pure Mathematics, 2011
Nankai University, Tianjin, China
For HE-based honey vault schemes, we 1) propose a new generic construction and an incremental update mechanism, which resists intersection attacks; 2) formally investigate the optimal strategy for online verifications and further propose several practical attacks, which can effectively distinguish real and decoy vaults for the existing honey vault schemes; 3) instantiate our construction with a well-designed multi-similar-password model, which can generate more plausible-looking decoys.
We propose a word extraction approach for passwords, and further present an improved PCFG model, called WordPCFG. The word extraction method can precisely extract semantic segments (called word) from passwords based on cohesion and freedom of words.
For existing honey encryption applications, we propose two types of attacks, encoding attacks and distribution difference attacks, and further show the insecurity of the applications. We propose a generic method to transform an arbitrary probability model to a probability model transforming encoder, which resists encoding attacks.