Password-only authentication is one of the most popular secure mechanisms for real-world online applications. But it easily suffers from a practical threat - password leakage, incurred by external and internal attackers. The external attacker may compromise the password file stored on the authentication server, and the insider may deliberately steal the passwords or inadvertently leak the passwords. So far, there are two main techniques to address the leakage: Augmented password-authentication key exchange (aPAKE) against insiders and honeyword technique for external attackers. But none of them can resist both attacks. To fill the gap, we propose the notion of <italic>honey PAKE (HPAKE)</italic> that allows the authentication server to detect the password leakage and achieve the security beyond the traditional bound of aPAKE. Further, we build an HPAKE construction on the top of the honeyword mechanism, honey encryption, and OPAQUE which is a standardized aPAKE. We formally analyze the security of our design, achieving the insider resistance and the password breach detection. We implement our design and deploy it in the real environment. The experimental results show that our protocol only costs 71.27 ms for one complete run, within 20.67 ms on computation and 50.6 ms on communication. This means our design is secure and practical for real-world applications.

Biodegradable stents can provide scaffolding and anti-restenosis benefits in the short term and then gradually disappear over time to free the vessel, among which the Mg-based biodegradable metal stents have been prosperously developed. In the present study, a Mg-8.5Li (wt.%) alloy (RE- and Al-free) with high ductility (> 40%) was processed into mini-tubes, and further fabricated into finished stent through laser cutting and electropolishing. In-vitro degradation test was performed to evaluate the durability of this stent before and after balloon dilation. The influence of plastic deformation and residual stress (derived from the dilation process) on the degradation was checked with the assistance of finite element analysis. In addition, in-vivo degradation behaviors and biocompatibility of the stent were evaluated by performing implantation in iliac artery of minipigs. The balloon dilation process did not lead to deteriorated degradation, and this stent exhibited a decent degradation rate (0.15 mm/y) in vitro, but divergent result (> 0.6 mm/y) was found in vivo. The stent was almost completely degraded in 3 months, revealing an insufficient scaffolding time. Meanwhile, it did not induce possible thrombus, and it was tolerable by surrounding tissues in pigs. Besides, endothelial coverage in 1 month was achieved even under the severe degradation condition. In the end, the feasibility of this stent for treatment of benign vascular stenosis was generally discussed, and perspectives on future improvement of Mg-Li-based stents were proposed.

Password vault applications allow a user to store multiple passwords in a vault and choose a master password to encrypt the vault. In practice, attackers may steal the storage file of the vault and further compromise all stored passwords by offline guessing the master password. Honey vaults have been proposed to address the threat. By producing plausible-looking decoy vaults for wrong master passwords, honey vaults force attackers to shift offline guessing to online verifications. However, the existing honey vault schemes all suffer from intersection attacks in the multi-leakage case where an old version of the storage file (e.g., a backup) is stolen along with the current version. The attacker can offline identify the decoys and completely break the schemes. We design a generic construction based on a multi-similar-password model and further propose an incremental update mechanism. With our mechanism, the attacker cannot get any extra advantages from the old storage, and therefore degenerates to an attacker only with knowledge of the current version. To further evaluate the security in the traditional single-leakage case where only the current version is stolen, we investigate the theoretically optimal strategy for online verifications, and propose practical attacks. Targeting the existing schemes, our attacks crack 33%-55% of real vaults via only one-time online guess and achieve 85%-94% accuracy in distinguishing real vaults from decoys. In contrast, our design reduces the values of the two metrics to 2% and 58% (close to the ideal values 0% and 50%), respectively. This indicates that the attackers needs to carry out 2.8x-7.5x online verifications to break our scheme.

Multi-factor authentication (MFA) has been widely used to safeguard high-value assets. Unlike single-factor authentication (e.g., password-only login), t-factor authentication (tFA) requires a user always to carry and present t specified factors so as to strengthen the security of login. Nevertheless, this may restrict user experience in limiting the flexibility of factor usage, e.g., the user may prefer to choose any factors at hand for login authentication. To bring back usability and flexibility without loss of security, we introduce a new notion of authentication, called (t, n) threshold MFA, that allows a user to actively choose t factors out of n based on preference. We further define the &#x201C;most-rigorous&#x201D; multi-factor security model for the new notion, allowing attackers to control public channels, launch active/passive attacks, and compromise/corrupt any subset of parties as well as factors. We state that the model can capture the most practical security needs in the literature. We design a threshold MFA key exchange (T-MFAKE) protocol built on the top of a threshold oblivious pseudorandom function and an authenticated key exchange protocol. Our protocol achieves the &#x201C;highest-attainable&#x201D; security against all attacking attempts in the context of parties/factors being compromised/corrupted. As for efficiency, our design only requires 4+t exponentiations, 2 multi-exponentiations and 2 communication rounds. Compared with existing tFA schemes, even the degenerated (t, t) version of our protocol achieves the strongest security (stronger than most schemes) and higher efficiency on computational and communication. We instantiate our design on real-world platform to highlight its practicability and efficiency.