Mohammad Mannan's Publications

Authentication and Passwords

• Revisiting Defenses Against Large-Scale Online Password Guessing Attacks. M. Alsaleh, M. Mannan, P.C. van Oorschot. IEEE Transactions on Dependable and Secure Computing (TDSC) (under minor revision, Jan.14, 2011). Technical Report TR-10-16, (version Sept.6, 2010), School of Computer Science, Carleton University.
• Mercury: Recovering Forgotten Passwords Using Personal Devices. (Pre-proceedings version: Dec. 17, 2010). Android prototype and test site. M. Mannan, D. Barrera, C. Brown, D. Lie, P.C. van Oorschot. Financial Cryptography and Data Security 2011 (FC'11), St. Lucia, Feb. 28 - Mar. 4 2011.
• User Study, Analysis, and Usable Security of Passwords Based on Digital Objects. R. Biddle, M. Mannan, P.C. van Oorschot, T. Whalen. IEEE Transactions on Information Forensics and Security (TIFS) (revised version to appear; accepted Jan.9, 2011). Technical Report TR-10-02, (version Feb.16, 2010), School of Computer Science, Carleton University.
  • Digital Objects as Passwords. (Version: July 14, 2008, © USENIX). Slides (pdf). Prototype download. M. Mannan, P.C. van Oorschot. USENIX Hot Topics in Security 2008 (HotSec'08), San Jose, California, USA, July 29, 2008.
  • Selected press
• Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers (Draft version: October 6, 2008). M. Mannan, P.C. van Oorschot. Journal of Computer Security (accepted with minor revisions, Jan. 18, 2010). Extends the FC'07 paper (see below).
• Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. (Post-proceedings version: March 30, 2007, © IFCA). Slides (pdf). AVISPA test code. M. Mannan, P.C. van Oorschot. Financial Cryptography and Data Security 2007 (FC'07), Lowlands, Scarborough, Trinidad and Tobago, Feb.12-15 2007. Tech Report (Extended version: March 30, 2007).

Ph.D. Thesis

• Authentication and Securing Personal Information in an Untrusted Internet. M. Mannan. Carleton University, April 2009.

Data Breaches

• Localization of Credential Information to Address Increasingly Inevitable Data Breaches. (Version Nov. 1, 2008, © ACM ). Slides (pdf). M. Mannan, P.C. van Oorschot. New Security Paradigms Workshop 2008 (NSPW'08), Lake Tahoe, California, USA, Sept. 22-25, 2008. Tech Report (Version: July 18, 2008).

Content Sharing

• Privacy-Enhanced Sharing of Personal Content on the Web. (Version: Feb. 24, 2008 © IW3C2). Slides (pdf). M. Mannan, P.C. van Oorschot. World Wide Web conference (WWW2008), Apr. 21-25, 2008, Beijing, China.

Online Banking/PIN Security

• Reducing Threats from Flawed Security APIs: The Banking PIN Case. (Authors' copy, version: March 31, 2009, © Elsevier). M. Mannan, P.C. van Oorschot. Elsevier Computers & Security, volume 28, issue 6, Sept. 2009. Extends the FC'08 short paper (see below).
• Weighing Down ``The Unbearable Lightness of PIN Cracking.'' (Short paper, post-proceedings version: March 10, 2008, © IFCA). M. Mannan, P.C. van Oorschot. Financial Cryptography and Data Security 2008 (FC'08), Jan. 28-31, 2008, Cozumel, Mexico.
  • Tech Report (Extended version: April 29, 2008)
  • Presentation slides (pdf) from Analysis of Security API workshop (ASA-2, co-located with CSF 2008)
• Security and Usability: The Gap in Real-World Online Banking. (Post-proceedings version: October 19, 2007). Slides (pdf). M. Mannan, P.C. van Oorschot. New Security Paradigms Workshop 2007 (NSPW'07), New Hampshire, USA, Sept.18-21 2007.
  • Selected press

Instant Messaging Security

• A Protocol for Secure Public Instant Messaging. (Version: March 30, 2006, © IFCA). Slides (pdf). AVISPA test code. M. Mannan, P.C. van Oorschot. Financial Cryptography and Data Security 2006 (FC'06), Feb.27-Mar.2 2006, Anguilla, British West Indies. Proceedings: Springer LNCS 4107. The extended version of this paper is available as a Tech Report.
• On Instant Messaging Worms, Analysis and Countermeasures. Slides (pdf). M. Mannan, P.C. van Oorschot. Third Workshop on Rapid Malcode (WORM 2005), Fairfax, VA, USA, November 11, 2005. © Copyright 2005 by ACM, Inc.
• Secure Public Instant Messaging: A Survey. M. Mannan, P.C. van Oorschot. Second Annual Conference on Privacy, Security and Trust (PST), Fredericton, NB, pp 69-77, October 13-15, 2004. Slides (ppt).
• Secure Public Instant Messaging. M. Mannan, Master's thesis, Carleton University, August 2005.

Huffman Coding

Undergrad work at Bangladesh University of Engineering and Technology (BUET)

• Block Huffman Coding, M. Mannan, M. Kaykobad. International Journal of Computers and Mathematics with Applications, vol 46, issue 10-11, pp 1581-1587, November - December 2003.
• A Storage Efficient Header for Huffman Coding, M. Mannan, R. Chowdhury, M. Kaykobad. International Conference on Computer and Information Technology (ICCIT 2001), pp 57-59, 2001.
• On Optimal Huffman Compression, M. Mannan, M. Kaykobad. International Conference on Computer and Information Technology (ICCIT 2001), pp. 60-61, 2001.