Dr Shujun Li
Observer-resistant password systems (ORPSs, also known as human authentication against observers or leakage-resilient password systems)have been studied since the early 1990s in both cryptography and computer security contexts, but until today a both secure and usable ORPS remains an open question to the research community. The concept of ORPS can be used to cover a large family of attacks against password-based human authentication systems such as shoulder surfers, hidden cameras, man-in-the-middle, keyloggers and other malware. A key assumption of ORPS is that human users must respond to authentication challenges without using any computational devices (which are considered untrusted). In other words, the threat model behind ORPSs assumes that other than the human user’s brain, nothing is trusted. The main security requirement is to avoid disclosure of the shared secret between the human user and the verifier (i.e., password) even after a practically large number of authentication sessions observed by untrusted parties.
Potential topic: support data analysis of big computer simulations