Jingwei Jiang, Ding Wang*, Guoyin Zhang. QPause: Quantum-resistant password-protected data outsourcing for cloud storage, IEEE transactions on Services Computing (TSC), 2023, Doi: 10.1109/TSC.2023.3331000 pdf
Yanzhao Tian, Lixiang Li, Haipeng Peng, Ding Wang, Yixian Yang. Honeywords generation mechanism based on zero-divisor graph sequences, IEEE transactions on Services Computing (TSC), 2023, Doi: 10.1109/TSC.2023.3329013 pdf
Ding Wang*, Xuan Shan, Qiying Dong, Yaosheng Shen, Chunfu Jia. No Single Silver Bullet: Measuring the Accuracy of Password Strength Meters. Proc. of 32nd USENIX Security Symposium (USENIX Security 2023). pp. 1-28. pdf
Ding Wang*, Yunkai Zou, Yuan-An Xiao, Siqi Ma, Xiaofeng Chen. Pass2Edit: A Multi-Step Generative Model for Guessing Edited Passwords. Proc. of 32nd USENIX Security Symposium (USENIX Security 2023). pp. 1-21. pdf
(Covered by the Wall Street Journal )
Ding Wang*, Yunkai Zou, Zijian Zhang, Kedong Xiu. Password Guessing Using Random Forest. Proc. of 32nd USENIX Security Symposium (USENIX Security 2023). pp. 1-23. pdf
Zhenduo Hou, Ding Wang*. New Observations on Zipf’s Law in Passwords, IEEE Transactions on Information Forensics and Security (TIFS), 2023, 18: 517-532. pdf
Chenyu Wang, Ding Wang*, Yihe Duan, Xiaofeng Tao. Secure and Lightweight User Authentication Scheme for Cloud-Assisted Internet of Things, IEEE Transactions on Information Forensics and Security (TIFS), 2023, Doi: 10.1109/TIFS.2023.3272772 pdf
Qingxuan Wang, Ding Wang*. Understanding Failures in Security Proofs of Multi-factor Authentication for Mobile Devices, IEEE Transactions on Information Forensics and Security (TIFS), 2023, 18: 597-612. pdf
Qingxuan Wang, Ding Wang*, Chi Cheng, Debiao He. Quantum2FA: Efficient Quantum-Resistant Two-Factor Authentication Scheme for Mobile Devices, IEEE Transactions on Dependable and Secure Computing (TDSC), 2023, 20(1): 193-208 pdf
Zengpeng Li, Ding Wang*, and Eduardo Morais. Quantum-Safe Round-Optimal Password Authentication for Mobile Devices. IEEE Trans. on Dependable and Secure Computing, 2022, 19(3): 1885-1899 pdf
Chenyu Wang, Ding Wang*, Yi Tu, Guoai Xu, Huaxiong Wang. Understanding Node Capture Attacks in User Authentication Schemes for Wireless Sensor Networks, IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 507-523 (ESI highly cited paper) pdf Appendix
Shuming Qiu, Ding Wang*, Guoai Xu, and Saru Kumari. Practical and Provably Secure Three-Factor Authentication Protocol Based on Extended Chaotic-Maps for Mobile Lightweight Devices, IEEE Transactions on Dependable and Secure Computing, 2022, 19(2): 1338-1351 pdf
(100+ Citations, ESI highly cited paper, ESI hotspot paper (top 0.1%))
Ding Wang*, Yunkai Zou, Qiying Dong, Yuanming Song, Xinyi Huang. How to Attack and Generate Honeywords. Proceedings of the 43rd IEEE Symposium on Security and Privacy (IEEE S&P 2022), pp. 966-983. (Full paper, acceptance rate: 147/1012=14.5%) pdf
Chunfu Jia, Shaoqiang Wu, Ding Wang*. Reliable Password Hardening Service with Opt-Out. 41st International Symposium on Reliable Distributed Systems (SRDS 2022), pp.1-15. (Full paper, acceptance rate: 24/105=22.8%) pdf
Jingwei Jiang, Ding Wang*, Guoyin Zhang, Zhiyuan Chen. Quantum-Resistant Password-Based Threshold Single-Sign-On Authentication with Updatable Server Private Key. Proc. of the 27th European Symposium on Research in Computer Security (ESORICS 2022), LNCS 13555, pp. 295–316. Full version available at https://eprint.iacr.org/2022/989.pdf (Full paper, acceptance rate: 104/562=18.5%)
Xiaojie Guo, Ye Han, Zheli Liu, Ding Wang, Yan Jia, Jin Li. Birds of a Feather Flock Together: How Set Bias Helps to Deanonymize You via Revealed Intersection Sizes. Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022), pp.1487-1504. (Full paper, acceptance rate: 17.2%=256/1492) pdf
Ding Wang, Xiaofeng Chen, Jianfeng Ma*. Interpretation of MIT MIT Technology Review 10 Breakthrough Technologies in 2022: The End of Passwords. Bulletin of National Natural Science Foundation of China (中国科学基金), 2022, 36(3): 432-433,445 pdf
(Invited paper. It is concluded that passwords will not be replanced in the foreseeable future as alternative schemes have inherent weaknesses.)
Chenyu Wang, Ding Wang*, Guoai Xu, Debiao He. Efficient Privacy-Preserving User Authentication Scheme with Forward Secrecy for Industry 4.0. SCIENCE CHINA: Information Sciences, 2022, 65(1), 112301:1-17. pdf
(ESI highly cited paper)
Zengpeng Li, Ding Wang*. Achieving One-Round Password-based Authenticated Key Exchange over Lattices. IEEE Transactions on Services Computing (TSC), 2022, 15(1):308-321 pdf
(ESI highly cited paper)
Yanrong Lu, Ding Wang*, Mohammad S. Obaidat, Pandi Vijayakumar. Edge-assisted Intelligent Device Authentication in Cyber-Physical Systems. IEEE Internet of Things Journal, 2022, Doi: 10.1109/JIOT.2022.3151828 pdf
Yuxuan Wu, Ding Wang*, Yunkai Zou and Ziyi Huang. Improving Deep Learning Based Password Guessing Models Using Pre-processing. Proc. of the 24th International Conference on Information and Communications Security (ICICS 2022), LNCS 13407, pp. 163–183. (The first author is a third-year undergraduate; Full paper, acceptance rate: 34/164=20.7%) pdf
Qiying Dong, Ding Wang*, Yaosheng Shen, and Chunfu Jia. PII-PSM: A New Targeted Password Strength Meter Using Personally Identifiable Information. Proceedings of the 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022), pp. 1-18. pdf
Shaoqiang Wu, Chunfu Jia, Ding Wang. UP-MLE: Efficient and Practical Updatable Block-Level Message-Locked Encryption Scheme Based on Update Properties. Proc. of the 37th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2022), IFIP AICT 648, pp. 251–269. (Full paper, acceptance rate: 30/127=23.6%) pdf
Yin Anqi, Wang Ding*, Guo Yuanbo, Chen Lin, Tang Di. Provably Secure Quantum Resistance Efficient Password-Authenticated Key Exchange Protocol. Chinese Journal of Computers (计算机学报), 2022, 45(11): 2321-2336 (In Chinese) pdf
Jingwei Jiang, Ding Wang*, Zhang Guoyin, Chen Zhiyuan. Private key management scheme for mobile edge computing. Chinese Journal of Computers (计算机学报 ), 2022, 45(6): 1348-1372 (In Chinese). pdf
Qiying Dong, Chunfu Jia*, Fei Duan, Ding Wang*. RLS-PSM: A Robust and Accurate Password Strength Meter Based on Reuse, Leet and Separation. IEEE Transactions on Information Forensics & Security, 2021, 16(12): 4988-5002 pdf
Zengpeng Li, Chunguang Ma, Ding Wang*. Leakage Resilient Leveled FHE on Multiple Bit Message. IEEE Transactions on Big Data (IEEE TBD), 2021, 7(5): 845-858 pdf
Meijia Xu, Ding Wang*, Qingxuan Wang, Qiaowen Jia. Understanding security failures of anonymous authentication schemes for cloud environments. Journal of Systems Architecture, 118 (2021), 102206: 1-10. pdf
Qin Qiu, Ding Wang*, Xuetao Du, Shengquan Yu, Shenglan Liu, Bei Zhao. Security Standards and Measures for Massive IoT in the 5G Era. Mobile Networks and Applications, 2021, https://doi.org/10.1007/s11036-021-01841-2 pdf
Ding Wang, Shuhong Hong, Qingxuan Wang*. Revisiting a Multifactor Authentication Scheme in Industrial IoT. Security and Communication Networks, Volume 2021, Article ID 9995832, 7 pages, Doi: 10.1155/2021/9995832 pdf
Shuming Qiu, Ding Wang*. Revisiting three anonymous two-factor authentication schemes for roaming service in global mobility networks. Journal of Surveillance, Security and Safety, 2021(2), 6682: 1-17. pdf
Wang Feifei, Wang Ding*. Fog computing-based three-party authentication and key agreement protocol for smart healthcare. Journal of Software (软件学报), Doi: https://doi.org /10.13328/j.cnki.jos.006514 (In Chinese) pdf
Ding Wang*, Yunkai Zou, Yi Tao, Bin Wang. Password Guessing Based on Recursive Neural Networks and Generative Adversarial Networks. Chinese Journal of Computers (计算机学报 ), 2021, 44(8): 2519-2534. pdf
Zengpeng Li, Ding Wang*. Achieving Password-Hashing Scheme over Lattices. SCIENCE CHINA: Information Sciences (中国科学:信息科学), 2021, 51(8): 1375–1390. (in Chinese) pdf
Debiao He, Yudi Zhang, Ding Wang, Raymond Kim-Kwang Choo. Secure and Efficient Two-Party Signing Protocol for the Identity-Based Signature Scheme in the IEEE P1363 Standard for Public Key Cryptography. IEEE Transactions on Dependable and Secure Computing, 2020, 17(5):1124-1132 pdf
Ding Wang, Ping Wang, Chengyu Wang. Efficient Multi-Factor User Authentication Protocol with Forward Secrecy for Real-Time Data Access in WSNs. ACM Transactions on Cyber-Physical Systems, 2020, 4(3):1-26 pdf
Ding Wang, Xizhe Zhang, Zijian Zhang, Ping Wang. Understanding Security Failures of Multi-Factor Authentication Schemes for Multi-Server Environments. Computers & Security, 2020, 88 (2020): 1-13. pdf
Chenyu Wang, Ding Wang*, Feifei Wang, Guoai Xu. Multi-factor user authentication scheme for multi-gateway wireless sensor networks, Chinese Journal of Computers (计算机学报), 2020 43(4): 683-700. (in Chinese) pdf
Zengpeng Li, Chunguang Ma, Ding Wang*. Achieving Multi-Hop PRE via Branching Program. IEEE Transactions on Cloud Computing (IEEE TCC), 2020, 8(1): 44-58 pdf
Qi Feng, Debiao He, Zhe Liu, Ding Wang, Raymond K.K. Choo. Multi-Party Signing Protocol for the Identity-Based Signature Scheme in IEEE P1363 Standard. IET Information Security, 2020, Doi: 10.1049/iet-ifs.2019.0559 pdf
Yudi Zhang, Debiao He, Xinyi Huang, Ding Wang, Kim-Kwang Raymond Choo, Jing Wang. White-Box Implementation of the Identity-Based Signature Scheme in the IEEE P1363 Standard for Public Key Cryptography. IEICE Transactions on Information and Systems, Vol.E103-D, No.2, pp.188-195 pdf
Ding Wang, Ping Wang, Debiao He, Yuan Tian. Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users. Proceedings of the 28th USENIX Security Symposium (USENIX Security 2019), pp.1537-1554. (Full paper, acceptance rate: 112/719=15.6%) pdf
(Arouse heated discussion, and covered by media IEEE Spectrum, MIT Tech Review 中文)
Ding Wang. Data-driven Targeted Online Password Guessing. Development Report on Frontiers of Science and Technology: China Cyberspace Security. Book chapter, edited by Hai Jin, Peng Xu and Deqing Zou. China Industry and Information Technology Publishing Press, 2019, pp.64-68. (in Chinese) pdf
Ping Wang, Bin Li, Hongjin Shi, Yaosheng Shen, and Ding Wang*. Revisiting Anonymous Two-Factor Authentication Schemes for IoT-Enabled Devices in Cloud Computing Environments. Security and Communication Networks, 2019, Article ID 2516963:1-13 pdf
Wenting Li, Ding Wang, Ping Wang. Research on insider attacks against multi-factor authentication schemes for wireless sensor networks . Chinese Journal of Software (软件学报), 2019, 29(7): 1937-1952. (in Chinese) pdf
Xin Chen, Xinyi Huang, Yi Mu, Ding Wang. A Typo-tolerant Password Authentication Scheme with Targeted Error Correction, Proceedings of the 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (IEEE TrustCom 2019), pp. 1-8. pdf
Chenyu Wang, Ding Wang, Weihao Wang, Guoai Xu and Jing Sun. Cloud-Aided Privacy Preserving User Authentication and Key Agreement Protocol for Internet of Things. Proceedings of 5th International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec 2019), pp.1-15. To appear. (Full paper, acceptance rate: 22/70=31.4%) pdf
Ding Wang, Ping Wang. Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound. IEEE Trans. on Dependable and Secure Computing, 2018, 15(4): 708-722. pdf
(400+ Citations, ESI highly cited paper, ESI hotspot paper (top 0.1%), our proposed metric has been rigorously evaluated, recommended & widely employed )
Ding Wang, Haibo Cheng, Debiao He, Ping Wang. On the Challenges in Designing Identity-based Privacy-Preserving Authentication Schemes for Mobile Devices. IEEE Systems Journal, 2018, 12(1): 916-925 pdf (ESI highly cited paper, ESI hotspot paper (top 0.1%))
Ding Wang, Haibo Cheng, Ping Wang, Jeff Yan, Xinyi Huang. A Security Analysis of Honeywords. Proc. of the 25th Network and Distributed System Security Symposium (NDSS 2018), pp.1-16. Github slides pdf
Ding Wang, Wenting Li, Ping Wang. Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks. IEEE Transactions on Industrial Informatics, 2018, 14(9): 4081-4092 pdf
(100+ Citations, ESI highly cited paper)
Ding Wang, Wenting Li, Ping Wang. Crytanalysis of three anonymous authentication schemes for multi-server environment . Chinese Journal of Software (软件学报), 2018, 29(7):1937-1952. (in Chinese) pdf
Ding Wang, Jian Shen, Joseph K. Liu, and Kim-Kwang Raymond Choo. Rethinking Authentication on Smart Mobile Devices. Wireless Communications and Mobile Computing, 2018, Doi: 10.1155/2018/7079037 pdf
Ding Wang, Shujun Li, and Qi Jiang. User Authentication in the IoE Era: Attacks, Challenges, Evaluation, and New Designs. Security and Communication Networks, 2018, Doi: 10.1155/2018/6150491 pdf
Zengpeng Li, Ding Wang*. Two-Round PAKE Protocol over Lattices without NIZK. 14th International Conference on Information Security and Cryptology (Inscrypt 2018), LNCS 11449, pp.138-159. pdf (Best Paper Award, 1/93)
Yudi Zhang, Debiao He, Sherali Zeadally, Ding Wang, Kim Kwang Raymond Choo. Efficient and Provably Secure Distributed Signing Protocol for Mobile Devices in Wireless Networks. IEEE Internet of Things Journal, 2018, 5(6): 5271-5280. pdf
Ping Wang, Zijian Zhang, Ding Wang*. Revisiting Anonymous Two-Factor Authentication Schemes for Multi-Server Environment. Proc. of the 20th International Conference on Information and Communications Security (ICICS 2018) , LNCS 11149, pp. 805–816. Lille, France, October 29-31, 2018. pdf
Yaosheng Shen, Ding Wang, and Ping Wang. Revisiting Anonymous Two-Factor Authentication Schemes for Cloud Computing. Proceedings of the 4th International Conference on Cloud Computing and Security (ICCCS 2018), LNCS 11064, pp. 134–146. pdf
Ding Wang. Research on Key Issues in Password Security (口令安全关键问题研究), PhD Dissertation, Peking University, 2017.06. pdf
(Doctoral Dissertation Award by Peking University, China Computer Federation, ACM SIGSAC China, ACM China.)
Ding Wang, Qianchen Gu, Xinyi Huang, Ping Wang. Understanding Human-Chosen PINs: Characteristics, Distribution and Security. Proc. of the 12th ACM ASIA Conference on Computer and Communication Security (ACM ASIACCS 2017), pp. 372-385. April 2-6 2017, Abu Dhabi, UAE. (full paper, acceptance rate 67/359=18.6%) slides pdf
Ding Wang, Haibo Cheng, Ping Wang, Xinyi Huang, Gaopeng Jian. Zipf’s Law in Passwords. IEEE Transactions on Information Forensics and Security (IEEE TIFS), 2017, 12(11): 2776-2791. codes pdf
(300+ Citations, ESI Highly Cited Paper; Our models have been adopted into over 120 studies worldwide such as GenoGuard (IEEE S&P'15) by EPFL researchers, Password economics (IEEE S&P'18) by Purdue researchers, and Distributed guessing (IEEE TIFS'19) by MIT researchers. Supplemental data [simplified version in .pdf, full version in .xls])
Zengpeng Li, Chunguang Ma, Ding Wang. Towards Multi-Hop Homomorphic Identity-Based Proxy Re-Encryption via Branching Program. IEEE ACCESS, 2017, Doi: 10.1109/ACCESS.2017.2740720 pdf
Chenyu Wang, Ding Wang*, Guaoi Xu, Yanhui Guo. A lightweight password-based authentication protocol using smart card. International Journal of Communication Systems (Wiley IJCS), 2017, 30(16), 1-11. pdf
Zengpeng Li, Chunguang Ma, Ding Wang, Minghao Zhao, Qian Zhao, Lu Zhou. Toward Proxy Re-encryption From Learning with Errors in the Exponent. Proc. of the 16th IEEE International Conference On Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2017) pp. 683-690.
Gang Du, Chunguang Ma, Zengpeng Li, Ding Wang. Towards Fully Homomorphic Encryption From Gentry-Peikert-Vaikuntanathan Scheme. Proc. of the 3rd International Conference on Cloud Computing and Security (ICCCS 2017), LNCS 10603, Springer, pp. 256-267.
Ding Wang, Zijian Zhang, Ping Wang, Jeff Yan, Xinyi Huang. Targeted Online Password Guessing: An Underestimated Threat. Proc. the 23nd ACM Conference on Computer and Communications Security (ACM CCS 2016), pp. 1242–1254. Oct 24, 2016 - Oct 28, 2016, Vienna, Austria. (Full paper, acceptance rate: 137/831=16.4%) slides pdf
(300+ citations; Part of US NIST SP800-63-3 standard has been revised on Sep., 2016 according to our results. Covered by 200+ medias like Dailmail, Forbes, Naked security, Science Daily, CACM, Microsoft, theSun, Alphr, SCMagazine)
Ding Wang, Ping Wang. On the Implications of Zipf's Law in Passwords. Proc. of the 21th European Symposium on Research in Computer Security (ESORICS 2016), LNCS 9878, pp. 111-131. (full paper, acceptance rate 60/285=21.0%) pdf
(Selected as course material in CS-59000-PWD of Purdue University and "Frontiers of info sec" of Peking University, Fall 2016) slides
Ding Wang, Debiao He, Haibo Cheng, Ping Wang. fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars. Proc. of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE/IFIP DSN 2016), pp.595-606. June 28-July 01, France. (Full paper, acceptance rate: 53/259=20.4%) Github slides pdf
(At ACM CCS'18, Golla and Durmuth showed that our fuzzyPSM performs the best among 45 password strength meters (81 variants), against both online guessing and offline guessing)
Ding Wang, Qianchen Gu, Haibo Cheng, Ping Wang. The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes. Proc. of the 11th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2016), pp. 475-486. (full paper, acceptance rate 73/350=20.8%) slides pdf
Ping Wang, Ding Wang*, Xinyi Huang. Advances in Password Security (invited paper). Journal of Computer Research and Development, 2016, 53(10): 2173-2188. pdf (see a short video by the Science China Press)
Debiao He, Ding Wang, Qi Xie, Kefei Chen. Anonymous Handover Authentication Protocol for Mobile Wireless Networks with Conditional Privacy Preservation. Science China: Information Sciences, Springer-Verlag, 2016, Doi: 10.1007/s11432-016-0161-2 pdf
Zengpeng Li, Chunguang Ma, Ding Wang. Toward single-server private information retrieval protocol via LWE. Elsevier Journal of Information Security and Applications (JISA), 2016, Doi: 10.1016/j.jisa.2016.11.003
Ding Wang, Ping Wang. The Emperor's New Password Creation Policies: An Evaluation of Leading Web Services and the Effect of Role in Resisting Against Online Guessing. Proc. of the 20th European Symposium on Research in Computer Security (ESORICS 2015), LNCS 9237, Springer, pp. 457-477. (full paper, acceptance rate 59/298=19.8%) pdf
Ding Wang, Haibo Cheng, Ping Wang. Understanding Passwords of Chinese Users: A Survey and Empirical Analysis. 2015, Draft, http://bit.ly/2maZLCd (Top-10000 most popular Chinese passwords; Appendix)
[User survey: http://www.sojump.com/jq/6443561.aspx (Chinese); http://www.sojump.com/jq/7005139.aspx (English version)]
Ding Wang, Debiao He, Ping Wang, Chao-Hsien Chu. Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment. IEEE Trans. on Dependable and Secure Computing, 2015, 12(4): 228-442. pdf (300+ citations, the 2nd most cited article since 2014 of IEEE TDSC, ESI highly cited paper, ESI hotspot paper (top 0.1%); A number of following works write that this paper makes a "crucial observation", an "interesting observation", an "important observation", and "a big breakthough")
Ding Wang, Nan Wang, Ping Wang, Sihan Qing. Preserving Privacy for Free: Efficient and Provably Secure Two-Factor Authentication Scheme with User Anonymity. Elsevier Information Sciences, 2015, volume 321, pp. 162-178. pdf
(100+ Citations, ESI highly cited paper)
Debiao He, Ding Wang*. Robust biometric-based authentication scheme multi-server environment. IEEE systems Journal, 2015, 9(3): 816-823. (The most cited article since 2013 of IEEE Syst.J.; 400+ Citations, ESI highly cited paper, ESI hotspot paper (top 0.1%)) pdf
Ding Wang, Ping Wang. On the Usability of Two-Factor Authentication. Proc. of 10th International Conference on Security and Privacy in Communication Networks (SecureComm 2014), pp. 141-150. Sep. 24-26, 2014, Beijing. pdf
Ding Wang, Ping Wang. On the Anonymity of Two-Factor Authentication Schemes for Wireless Sensor Networks: Attacks, Principle and Solutions. Elsevier Computer Networks, 2014(73): 41–57. pdf
(180+ Citations; This work investigates the inherent cryptographic complexity of designing a two-factor authentication scheme with user anonymity, and formally proves an impossibility result. A number of following works write that our result is "somewhat surprising" and "an important finding"; Also honored to appear in the Elsevier 2017 list of "Article Selection Celebrating Computer Science Research in China";)
Ding Wang, Ping Wang. Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Elsevier Ad Hoc Networks, 2014 (20): 1-15. pdf
(Among the list of "most cited articles published since 2012" of this journal; 90+ Citations; ESI highly cited paper)
Ding Wang, Ping Wang, Jing Liu. Improved Privacy-Preserving Authentication Scheme for Roaming Service in Mobile Networks. Proc. of 15th IEEE Wireless Communications and Networking Conference (WCNC 2014), pp. 3178-3183. April 06-09, 2014, Istanbul, Turkey. pdf
Chunguang Ma, Ding Wang*, Sen-Dong Zhao. Security flaws in two improved remote user authentication schemes using smart cards. Int. Journal of Communication Systems, 2014, 27(10): 2215-2227. pdf
(100+ Citations, ESI highly cited paper (top 1%), three general protocol design principles are suggested.)
Ding Wang, Ping Wang. Offline Dictionary Attack on Password Authentication Schemes using Smart Cards. Proc. 16th International Conference on Information Security (ISC 2013), November 13-15, Dallas, Texas, USA, Springer, LNCS 7807, pp. 221-237. (full paper, acceptance rate: 16/70=22.8%) pdf
Before 2013. The following are published when pursuing my Master degree, and give rise to the "excellent master thesis award" of our University.
Ding Wang. Research on Password-based Remote User Authentication Schemes Using Smart-cards. Master thesis, Harbin Engineering University, Mar. 2013. pdf
(Outstanding master thesis award of Harbin Engineering University, and the only recipient of the School of CS)
Ding Wang, Chunguang Ma. Cryptanalysis of a Remote User Authentication Scheme for Mobile Client-Server Environment With Provable Security based on ECC. Elsevier Information Fusion, 2013, 41(4): 498-503. pdf
Debiao He, Ding Wang, Shuhua Wu. Cryptanalysis and Improvement of a password-based remote user authentication scheme without smart cards. Information Technology and Control, 2013, 42(4): 170-177. pdf
Ding Wang, Chunguang Ma, Qiming Zhang, Sendong Zhao. Secure Password-based Remote User Authentication Scheme against Smart Cards Security Breach. Journal of Networks, 2013, 8(1): 148-155. pdf
Ding Wang, Chunguang Ma. Cryptanalysis and security enhancement of a remote user authentication scheme. Elsevier Journal of China Universities of Posts and Telecommunications, 2012, 19(5): 104-114, Doi: 10.1016/S1005-8885(11)60307-5 pdf
Ding Wang, Chunguang Ma, Sendong Zhao, Changli Zhou. Breaking a Robust Remote User Authentication Scheme using Smart Cards. Proc. of the 9th IFIP International Conference on Network and Parallel Computing (IFIP NPC 2012), Gwangju, Korea, Sep 6-8, LNCS 7351, pp. 110-118. Berlin: Springer-Verlag, 2012. (acceptance rate: 38/136=27.9%) pdf
Sendong Zhao, Ding Wang, Sicheng Zhao, Wu Yang, Chunguang Ma. Cookie-Proxy: A Solution to Prevent SSLStrip Attack. The 14th International Conference on Information and Communications Security (ICICS 2012), Hongkong, China, LNCS, vol. 7618, pp. 365-372. Berlin: Springer-Verlag, 2012. (acceptance rate: 49/101, Short Paper) pdf
Ding Wang, Chunguang Ma, Deli Gu, Zhenshan Cui. Cryptanalysis of Two Dynamic ID-based Remote User Authentication Schemes for Multi-Server Architecture. Proc. of the 6th International Conference on Network and System Security (NSS 2012), Wuyishan, China, Nov 21-23, Lecture Notes in Computer Science, Vol. 7645, pp. 462-475. Berlin: Springer-Verlag, 2012. (acceptance rate: 39/173=22.5%, full paper) pdf
Chunguang Ma, Ding Wang, Ping Zhao, Yu-Heng Wang. A new dynamic ID-based remote user authentication scheme with forward secrecy. Proc. of the 14th Asia-Pacific Web Conference (APWeb Workshops 2012), Kunming, China, April 11-13, Lecture Notes in Computer Science, vol. 7234, pp. 199-211. Springer, 2012. (acceptance rate: 28/68, full paper) pdf
Ding Wang, Ying Mei, Chunguang Ma, Zhenshan Cui. Comments on an Advanced Dynamic ID-based Authentication Scheme for Cloud Computing. Proc. International Comference on Web Information Systems and Mining (WISM 2012), Chengdu, China, Oct 26-28, 2012, LNCS, vol. 7529, pp. 246-253. (acceptance rate: 87/418=20.8%, full paper) pdf
Ding Wang, Chunguang Ma, Lan Shi, Yu-Heng Wang. On the Security of an Improved Password Authentication Scheme Based on ECC. Proc. of the Third International Conference Information Computing and Applications (ICICA 2012), Chengde, China, LNCS 7473, pp. 181-188. (Acceptance rate: 100/1089=9.18%, full paper) pdf
Chunguang Ma, Ding Wang, Qi-ming Zhang. Cryptanalysis and Improvement of Sood et al.'s Dynamic ID-based Authentication Scheme. Proc. of the 8th International Conference on Distributed Computing andInternet Technology (ICDCIT 2012), Bhubaneswar, India, February 2-4, 2012, LNCS, vol. 7154, pp. 141-152. (full paper, acceptance rate: 17/89=19.1%) pdf
Ding Wang, Chunguang Ma, Peng Wu. Secure password-based remote user authentication scheme with non-tamper resistant smart cards. Proc. of the 26th Annual IFIP Conference on Data and Applications Security and Privacy (IFIP DBSec 2012), Paris, France, July 13-16, 2012, LNCS, vol. 7371, pp. 114-121. (acceptance rate: 23/49, short paper, full version) pdf
Some publications in Chinese:
Feifei Wang, Ding Wang*. Fog computing-based three-party authentication and key agreement protocol for smart healthcare. Journal of Software, 2023. Doi: https://doi.org /10.13328/j.cnki.jos.006514 (in Chinese) pdf
(王菲菲,汪定*. 基于雾计算的智能医疗三方认证与密钥协商协议.软件学报, 2023, 34(7): 3272-3291)
Ding Wang, Xiaofeng Chen, Jianfeng Ma*. Invited interpretation of MIT Top-10 Technique "The end of passwords". Bulletin of National Natural Science Foundation of China, 2022, 36(3): 432, 433, 445. pdf
(汪定, 陈晓峰, 马建峰*. MIT Technology Review 2022年“全球十大突破性技术”解读—终结口令. 中国科学基金, 2022, 36(3): 432, 433, 445. 本文为受邀撰写.)
Anqi Yin, Ding Wang*, Yuanbo Guo, Lin Chen, Di Tang. Provably Secure Quantum Resistance Efficient Password-Authenticated Key Exchange Protocol. Chinese Journal of Computers (in Chinese), 2022, 45(11): 2321-2336 pdf
(尹安琪, 汪定*, 郭渊博, 陈琳, 唐迪. 可证明安全的抗量子高效口令认证密钥交换协议. 计算机学报, 2022, 45(11): 2321-2336.)
Jingwei Jiang, Ding Wang*, Guoyin Zhang, Zhiyuan Chen. Private key management scheme for mobile edge computing. Chinese Journal of Computers (in Chinese), 2022, 45(6): 1348-1372. pdf
(蒋京玮, 汪定*, 张国印, 陈志远. 面向移动边缘计算的密钥管理协议. 计算机学报, 2022, 45(6): 1348-1372.)
程庆丰, 汪定*, 张卫明. 初等数论数学及其在密码学中应用探讨. 计算机教育, 2022, 第3期, pp. 54-57. pdf
Zengpeng Li, Ding Wang*. Achieving Password-Hashing Scheme over Lattices. SCIENCE CHINA: Information Sciences 2021, Doi: https://doi.org/10.1360/SSI-2020-0177 (in Chinese) pdf
(李增鹏, 汪定*. 基于格的口令散列方案. 中国科学:信息科学, 2021, 51(8): 1375-1390.)
Ding Wang*, Yunkai Zou, Yi Tao, Bin Wang. Password Guessing Based on Recursive Neural Networks and Generative Adversarial Networks. Chinese Journal of Computers, 2021, 44(8): 2519-2534. pdf
(汪定, 邹云开, 陶义, 王彬. 基于循环神经网络和对抗生成式网络的口令猜测模型模型, 计算机学报, 2021, 44(8): 2519-2534.)
Chenyu Wang, Ding Wang*, Feifei Wang, Guoai Xu. Multi-factor user authentication scheme for multi-gateway wireless sensor networks, Chinese Journal of Computers, 2020 43(4): 683-700. (in Chinese) pdf
(王晨宇, 汪定*, 王菲菲, 徐国爱. 面向多网关的无线传感器网络多因素身份认证协议, 计算机学报, 2020 43(4): 683-700.)
李文婷, 汪定, 王平. 无线传感器网络环境下多因素身份认证协议的内部人员攻击研究. 软件学报, 2019, 30(8): 2375-2391. pdf
Ding Wang. Data-driven Targeted Online Password Guessing. Development Report on Frontiers of Science and Technology: China Cyberspace Security. Book chapter, edited by Hai Jin, Peng Xu and Deqing Zou. China Industry and Information Technology Publishing Press, 2019, pp. 64-68. (in Chinese) pdf
(汪定. 数据驱动的定向在线口令猜测研究. 中国网络空间安全前言科技发展报告, 金海, 徐鹏, 邹德清主编. 中国工信出版社, 2019, pp. 64-68.)
Ding Wang, Wenting Li, Ping Wang. Cryptanalysis of three anonymous authentication schemes for multi-server environment. Chinese Journal of Software, 2018, 29(7): 1937-1952 (Tier-1 Chinese Journal) pdf
(汪定, 李文婷, 王平. 对三个多服务器环境下匿名认证协议的分析. 软件学报, 2018, 29(7): 1937-1952. (入选“中国精品科技期刊顶尖学术论文”, CCF A类中文期刊, EI))
王平, 汪定*, 黄欣沂. 口令安全研究进展. 计算机研究与发展, 2016, 53(10): 2173-2188. (CCF A类中文期刊, EI) pdf
汪定, 王平, 雷鸣. 基于RSA的网关口令认证协议的分析与改进. 电子学报, 2015 43(1): 176-184. (CCF A类中文期刊, EI, 被中国密码学会通讯报道) pdf
汪定, 王平*, 李增鹏, 马春光. 可证明安全的基于RSA的远程用户口令认证协议. 系统工程理论与实践, 2015, 35(1): 191-204. (国家一级学报,EI) pdf
薛峰, 汪定*, 曹品军, 李勇. 对两个传感器环境下远程用户口令认证协议的安全性分析. 计算机应用, 2015, 35(12): 3424-3428+3436.
汪定, 马春光, 翁臣, 贾春福. 一种适于受限资源环境的远程用户认证方案的分析与改进. 电子与信息学报, 2012, 34(10): 2520-2526 (国家一级学报, EI收录) pdf
汪定, 薛峰, 王立萍, 马春光. 改进的具有PFS特性的口令认证密钥协商方案. 山东大学学报 (理学版), 47(9): 19-25. (中文核心) pdf
汪定, 马春光, 张启明. 一种强口令认证协议的攻击与改进. 计算机科学, 2012, 39(6): 72-76 (中文核心). pdf
汪定, 马春光, 翁臣, 贾春福. 强健安全网络中间人攻击研究. 计算机应用, 2012, 32(1): 42-44, 65 (中文核心). pdf
薛峰, 汪定*, 王立萍, 马春光. 对两个基于智能卡的远程用户口令认证协议的安全性分析. 计算机应用, 2012, 32(7): 221-224.
薛峰, 汪定*, 王立萍. 一种基于公钥认证可恢复的半脆弱水印算法. 计算机安全, 2011, 4(1): 25-28.
马春光, 汪定*, 张启明. 广域涉密信息系统域间授权研究. 保密科学技术, 2011, 3(11): 50-52.
Yanzhao Tian, Lixiang Li, Haipeng Peng, Ding Wang, Yixian Yang. Honeywords generation mechanism based on zero-divisor graph sequences, IEEE transactions on Services Computing (TSC), 2023, Doi: 10.1109/TSC.2023.3329013 pdf
Ding Wang*, Xuan Shan, Qiying Dong, Yaosheng Shen, Chunfu Jia. No Single Silver Bullet: Measuring the Accuracy of Password Strength Meters. Proc. of 32nd USENIX Security Symposium (USENIX Security 2023). pp. 1-28. pdf
Ding Wang*, Yunkai Zou, Yuan-An Xiao, Siqi Ma, Xiaofeng Chen. Pass2Edit: A Multi-Step Generative Model for Guessing Edited Passwords. Proc. of 32nd USENIX Security Symposium (USENIX Security 2023). pp. 1-21. pdf
(Covered by the Wall Street Journal )
Ding Wang*, Yunkai Zou, Zijian Zhang, Kedong Xiu. Password Guessing Using Random Forest. Proc. of 32nd USENIX Security Symposium (USENIX Security 2023). pp. 1-23. pdf
Zhenduo Hou, Ding Wang*. New Observations on Zipf’s Law in Passwords, IEEE Transactions on Information Forensics and Security (TIFS), 2023, 18: 517-532. pdf
Chenyu Wang, Ding Wang*, Yihe Duan, Xiaofeng Tao. Secure and Lightweight User Authentication Scheme for Cloud-Assisted Internet of Things, IEEE Transactions on Information Forensics and Security (TIFS), 2023, Doi: 10.1109/TIFS.2023.3272772 pdf
Qingxuan Wang, Ding Wang*. Understanding Failures in Security Proofs of Multi-factor Authentication for Mobile Devices, IEEE Transactions on Information Forensics and Security (TIFS), 2023, 18: 597-612. pdf
Qingxuan Wang, Ding Wang*, Chi Cheng, Debiao He. Quantum2FA: Efficient Quantum-Resistant Two-Factor Authentication Scheme for Mobile Devices, IEEE Transactions on Dependable and Secure Computing (TDSC), 2023, 20(1): 193-208 pdf
Zengpeng Li, Ding Wang*, and Eduardo Morais. Quantum-Safe Round-Optimal Password Authentication for Mobile Devices. IEEE Trans. on Dependable and Secure Computing, 2022, 19(3): 1885-1899 pdf
Chenyu Wang, Ding Wang*, Yi Tu, Guoai Xu, Huaxiong Wang. Understanding Node Capture Attacks in User Authentication Schemes for Wireless Sensor Networks, IEEE Transactions on Dependable and Secure Computing, 2022, 19(1): 507-523 (ESI highly cited paper) pdf Appendix
Shuming Qiu, Ding Wang*, Guoai Xu, and Saru Kumari. Practical and Provably Secure Three-Factor Authentication Protocol Based on Extended Chaotic-Maps for Mobile Lightweight Devices, IEEE Transactions on Dependable and Secure Computing, 2022, 19(2): 1338-1351 pdf
(100+ Citations, ESI highly cited paper, ESI hotspot paper (top 0.1%))
Ding Wang*, Yunkai Zou, Qiying Dong, Yuanming Song, Xinyi Huang. How to Attack and Generate Honeywords. Proceedings of the 43rd IEEE Symposium on Security and Privacy (IEEE S&P 2022), pp. 966-983. (Full paper, acceptance rate: 147/1012=14.5%) pdf
Chunfu Jia, Shaoqiang Wu, Ding Wang*. Reliable Password Hardening Service with Opt-Out. 41st International Symposium on Reliable Distributed Systems (SRDS 2022), pp.1-15. (Full paper, acceptance rate: 24/105=22.8%) pdf
Jingwei Jiang, Ding Wang*, Guoyin Zhang, Zhiyuan Chen. Quantum-Resistant Password-Based Threshold Single-Sign-On Authentication with Updatable Server Private Key. Proc. of the 27th European Symposium on Research in Computer Security (ESORICS 2022), LNCS 13555, pp. 295–316. Full version available at https://eprint.iacr.org/2022/989.pdf (Full paper, acceptance rate: 104/562=18.5%)
Xiaojie Guo, Ye Han, Zheli Liu, Ding Wang, Yan Jia, Jin Li. Birds of a Feather Flock Together: How Set Bias Helps to Deanonymize You via Revealed Intersection Sizes. Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022), pp.1487-1504. (Full paper, acceptance rate: 17.2%=256/1492) pdf
Ding Wang, Xiaofeng Chen, Jianfeng Ma*. Interpretation of MIT MIT Technology Review 10 Breakthrough Technologies in 2022: The End of Passwords. Bulletin of National Natural Science Foundation of China (中国科学基金), 2022, 36(3): 432-433,445 pdf
(Invited paper. It is concluded that passwords will not be replanced in the foreseeable future as alternative schemes have inherent weaknesses.)
Chenyu Wang, Ding Wang*, Guoai Xu, Debiao He. Efficient Privacy-Preserving User Authentication Scheme with Forward Secrecy for Industry 4.0. SCIENCE CHINA: Information Sciences, 2022, 65(1), 112301:1-17. pdf
(ESI highly cited paper)
Zengpeng Li, Ding Wang*. Achieving One-Round Password-based Authenticated Key Exchange over Lattices. IEEE Transactions on Services Computing (TSC), 2022, 15(1):308-321 pdf
(ESI highly cited paper)
Yanrong Lu, Ding Wang*, Mohammad S. Obaidat, Pandi Vijayakumar. Edge-assisted Intelligent Device Authentication in Cyber-Physical Systems. IEEE Internet of Things Journal, 2022, Doi: 10.1109/JIOT.2022.3151828 pdf
Yuxuan Wu, Ding Wang*, Yunkai Zou and Ziyi Huang. Improving Deep Learning Based Password Guessing Models Using Pre-processing. Proc. of the 24th International Conference on Information and Communications Security (ICICS 2022), LNCS 13407, pp. 163–183. (The first author is a third-year undergraduate; Full paper, acceptance rate: 34/164=20.7%) pdf
Qiying Dong, Ding Wang*, Yaosheng Shen, and Chunfu Jia. PII-PSM: A New Targeted Password Strength Meter Using Personally Identifiable Information. Proceedings of the 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022), pp. 1-18. pdf
Shaoqiang Wu, Chunfu Jia, Ding Wang. UP-MLE: Efficient and Practical Updatable Block-Level Message-Locked Encryption Scheme Based on Update Properties. Proc. of the 37th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2022), IFIP AICT 648, pp. 251–269. (Full paper, acceptance rate: 30/127=23.6%) pdf
Yin Anqi, Wang Ding*, Guo Yuanbo, Chen Lin, Tang Di. Provably Secure Quantum Resistance Efficient Password-Authenticated Key Exchange Protocol. Chinese Journal of Computers (计算机学报), 2022, 45(11): 2321-2336 (In Chinese) pdf
Jingwei Jiang, Ding Wang*, Zhang Guoyin, Chen Zhiyuan. Private key management scheme for mobile edge computing. Chinese Journal of Computers (计算机学报 ), 2022, 45(6): 1348-1372 (In Chinese). pdf
Qiying Dong, Chunfu Jia*, Fei Duan, Ding Wang*. RLS-PSM: A Robust and Accurate Password Strength Meter Based on Reuse, Leet and Separation. IEEE Transactions on Information Forensics & Security, 2021, 16(12): 4988-5002 pdf
Zengpeng Li, Chunguang Ma, Ding Wang*. Leakage Resilient Leveled FHE on Multiple Bit Message. IEEE Transactions on Big Data (IEEE TBD), 2021, 7(5): 845-858 pdf
Meijia Xu, Ding Wang*, Qingxuan Wang, Qiaowen Jia. Understanding security failures of anonymous authentication schemes for cloud environments. Journal of Systems Architecture, 118 (2021), 102206: 1-10. pdf
Qin Qiu, Ding Wang*, Xuetao Du, Shengquan Yu, Shenglan Liu, Bei Zhao. Security Standards and Measures for Massive IoT in the 5G Era. Mobile Networks and Applications, 2021, https://doi.org/10.1007/s11036-021-01841-2 pdf
Ding Wang, Shuhong Hong, Qingxuan Wang*. Revisiting a Multifactor Authentication Scheme in Industrial IoT. Security and Communication Networks, Volume 2021, Article ID 9995832, 7 pages, Doi: 10.1155/2021/9995832 pdf
Shuming Qiu, Ding Wang*. Revisiting three anonymous two-factor authentication schemes for roaming service in global mobility networks. Journal of Surveillance, Security and Safety, 2021(2), 6682: 1-17. pdf
Wang Feifei, Wang Ding*. Fog computing-based three-party authentication and key agreement protocol for smart healthcare. Journal of Software (软件学报), Doi: https://doi.org /10.13328/j.cnki.jos.006514 (In Chinese) pdf
Ding Wang*, Yunkai Zou, Yi Tao, Bin Wang. Password Guessing Based on Recursive Neural Networks and Generative Adversarial Networks. Chinese Journal of Computers (计算机学报 ), 2021, 44(8): 2519-2534. pdf
Zengpeng Li, Ding Wang*. Achieving Password-Hashing Scheme over Lattices. SCIENCE CHINA: Information Sciences (中国科学:信息科学), 2021, 51(8): 1375–1390. (in Chinese) pdf
Debiao He, Yudi Zhang, Ding Wang, Raymond Kim-Kwang Choo. Secure and Efficient Two-Party Signing Protocol for the Identity-Based Signature Scheme in the IEEE P1363 Standard for Public Key Cryptography. IEEE Transactions on Dependable and Secure Computing, 2020, 17(5):1124-1132 pdf
Ding Wang, Ping Wang, Chengyu Wang. Efficient Multi-Factor User Authentication Protocol with Forward Secrecy for Real-Time Data Access in WSNs. ACM Transactions on Cyber-Physical Systems, 2020, 4(3):1-26 pdf
Ding Wang, Xizhe Zhang, Zijian Zhang, Ping Wang. Understanding Security Failures of Multi-Factor Authentication Schemes for Multi-Server Environments. Computers & Security, 2020, 88 (2020): 1-13. pdf
Chenyu Wang, Ding Wang*, Feifei Wang, Guoai Xu. Multi-factor user authentication scheme for multi-gateway wireless sensor networks, Chinese Journal of Computers (计算机学报), 2020 43(4): 683-700. (in Chinese) pdf
Zengpeng Li, Chunguang Ma, Ding Wang*. Achieving Multi-Hop PRE via Branching Program. IEEE Transactions on Cloud Computing (IEEE TCC), 2020, 8(1): 44-58 pdf
Qi Feng, Debiao He, Zhe Liu, Ding Wang, Raymond K.K. Choo. Multi-Party Signing Protocol for the Identity-Based Signature Scheme in IEEE P1363 Standard. IET Information Security, 2020, Doi: 10.1049/iet-ifs.2019.0559 pdf
Yudi Zhang, Debiao He, Xinyi Huang, Ding Wang, Kim-Kwang Raymond Choo, Jing Wang. White-Box Implementation of the Identity-Based Signature Scheme in the IEEE P1363 Standard for Public Key Cryptography. IEICE Transactions on Information and Systems, Vol.E103-D, No.2, pp.188-195 pdf
Ding Wang, Ping Wang, Debiao He, Yuan Tian. Birthday, Name and Bifacial-security: Understanding Passwords of Chinese Web Users. Proceedings of the 28th USENIX Security Symposium (USENIX Security 2019), pp.1537-1554. (Full paper, acceptance rate: 112/719=15.6%) pdf
(Arouse heated discussion, and covered by media IEEE Spectrum, MIT Tech Review 中文)
Ding Wang. Data-driven Targeted Online Password Guessing. Development Report on Frontiers of Science and Technology: China Cyberspace Security. Book chapter, edited by Hai Jin, Peng Xu and Deqing Zou. China Industry and Information Technology Publishing Press, 2019, pp.64-68. (in Chinese) pdf
Ping Wang, Bin Li, Hongjin Shi, Yaosheng Shen, and Ding Wang*. Revisiting Anonymous Two-Factor Authentication Schemes for IoT-Enabled Devices in Cloud Computing Environments. Security and Communication Networks, 2019, Article ID 2516963:1-13 pdf
Wenting Li, Ding Wang, Ping Wang. Research on insider attacks against multi-factor authentication schemes for wireless sensor networks . Chinese Journal of Software (软件学报), 2019, 29(7): 1937-1952. (in Chinese) pdf
Xin Chen, Xinyi Huang, Yi Mu, Ding Wang. A Typo-tolerant Password Authentication Scheme with Targeted Error Correction, Proceedings of the 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (IEEE TrustCom 2019), pp. 1-8. pdf
Chenyu Wang, Ding Wang, Weihao Wang, Guoai Xu and Jing Sun. Cloud-Aided Privacy Preserving User Authentication and Key Agreement Protocol for Internet of Things. Proceedings of 5th International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec 2019), pp.1-15. To appear. (Full paper, acceptance rate: 22/70=31.4%) pdf
Ding Wang, Ping Wang. Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound. IEEE Trans. on Dependable and Secure Computing, 2018, 15(4): 708-722. pdf
(400+ Citations, ESI highly cited paper, ESI hotspot paper (top 0.1%), our proposed metric has been rigorously evaluated, recommended & widely employed )
Ding Wang, Haibo Cheng, Debiao He, Ping Wang. On the Challenges in Designing Identity-based Privacy-Preserving Authentication Schemes for Mobile Devices. IEEE Systems Journal, 2018, 12(1): 916-925 pdf (ESI highly cited paper, ESI hotspot paper (top 0.1%))
Ding Wang, Haibo Cheng, Ping Wang, Jeff Yan, Xinyi Huang. A Security Analysis of Honeywords. Proc. of the 25th Network and Distributed System Security Symposium (NDSS 2018), pp.1-16. Github slides pdf
Ding Wang, Wenting Li, Ping Wang. Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks. IEEE Transactions on Industrial Informatics, 2018, 14(9): 4081-4092 pdf
(100+ Citations, ESI highly cited paper)
Ding Wang, Wenting Li, Ping Wang. Crytanalysis of three anonymous authentication schemes for multi-server environment . Chinese Journal of Software (软件学报), 2018, 29(7):1937-1952. (in Chinese) pdf
Ding Wang, Jian Shen, Joseph K. Liu, and Kim-Kwang Raymond Choo. Rethinking Authentication on Smart Mobile Devices. Wireless Communications and Mobile Computing, 2018, Doi: 10.1155/2018/7079037 pdf
Ding Wang, Shujun Li, and Qi Jiang. User Authentication in the IoE Era: Attacks, Challenges, Evaluation, and New Designs. Security and Communication Networks, 2018, Doi: 10.1155/2018/6150491 pdf
Zengpeng Li, Ding Wang*. Two-Round PAKE Protocol over Lattices without NIZK. 14th International Conference on Information Security and Cryptology (Inscrypt 2018), LNCS 11449, pp.138-159. pdf (Best Paper Award, 1/93)
Yudi Zhang, Debiao He, Sherali Zeadally, Ding Wang, Kim Kwang Raymond Choo. Efficient and Provably Secure Distributed Signing Protocol for Mobile Devices in Wireless Networks. IEEE Internet of Things Journal, 2018, 5(6): 5271-5280. pdf
Ping Wang, Zijian Zhang, Ding Wang*. Revisiting Anonymous Two-Factor Authentication Schemes for Multi-Server Environment. Proc. of the 20th International Conference on Information and Communications Security (ICICS 2018) , LNCS 11149, pp. 805–816. Lille, France, October 29-31, 2018. pdf
Yaosheng Shen, Ding Wang, and Ping Wang. Revisiting Anonymous Two-Factor Authentication Schemes for Cloud Computing. Proceedings of the 4th International Conference on Cloud Computing and Security (ICCCS 2018), LNCS 11064, pp. 134–146. pdf
Ding Wang. Research on Key Issues in Password Security (口令安全关键问题研究), PhD Dissertation, Peking University, 2017.06. pdf
(Doctoral Dissertation Award by Peking University, China Computer Federation, ACM SIGSAC China, ACM China.)
Ding Wang, Qianchen Gu, Xinyi Huang, Ping Wang. Understanding Human-Chosen PINs: Characteristics, Distribution and Security. Proc. of the 12th ACM ASIA Conference on Computer and Communication Security (ACM ASIACCS 2017), pp. 372-385. April 2-6 2017, Abu Dhabi, UAE. (full paper, acceptance rate 67/359=18.6%) slides pdf
Ding Wang, Haibo Cheng, Ping Wang, Xinyi Huang, Gaopeng Jian. Zipf’s Law in Passwords. IEEE Transactions on Information Forensics and Security (IEEE TIFS), 2017, 12(11): 2776-2791. codes pdf
(300+ Citations, ESI Highly Cited Paper; Our models have been adopted into over 120 studies worldwide such as GenoGuard (IEEE S&P'15) by EPFL researchers, Password economics (IEEE S&P'18) by Purdue researchers, and Distributed guessing (IEEE TIFS'19) by MIT researchers. Supplemental data [simplified version in .pdf, full version in .xls])
Zengpeng Li, Chunguang Ma, Ding Wang. Towards Multi-Hop Homomorphic Identity-Based Proxy Re-Encryption via Branching Program. IEEE ACCESS, 2017, Doi: 10.1109/ACCESS.2017.2740720 pdf
Chenyu Wang, Ding Wang*, Guaoi Xu, Yanhui Guo. A lightweight password-based authentication protocol using smart card. International Journal of Communication Systems (Wiley IJCS), 2017, 30(16), 1-11. pdf
Zengpeng Li, Chunguang Ma, Ding Wang, Minghao Zhao, Qian Zhao, Lu Zhou. Toward Proxy Re-encryption From Learning with Errors in the Exponent. Proc. of the 16th IEEE International Conference On Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2017) pp. 683-690.
Gang Du, Chunguang Ma, Zengpeng Li, Ding Wang. Towards Fully Homomorphic Encryption From Gentry-Peikert-Vaikuntanathan Scheme. Proc. of the 3rd International Conference on Cloud Computing and Security (ICCCS 2017), LNCS 10603, Springer, pp. 256-267.
Ding Wang, Zijian Zhang, Ping Wang, Jeff Yan, Xinyi Huang. Targeted Online Password Guessing: An Underestimated Threat. Proc. the 23nd ACM Conference on Computer and Communications Security (ACM CCS 2016), pp. 1242–1254. Oct 24, 2016 - Oct 28, 2016, Vienna, Austria. (Full paper, acceptance rate: 137/831=16.4%) slides pdf
(300+ citations; Part of US NIST SP800-63-3 standard has been revised on Sep., 2016 according to our results. Covered by 200+ medias like Dailmail, Forbes, Naked security, Science Daily, CACM, Microsoft, theSun, Alphr, SCMagazine)
Ding Wang, Ping Wang. On the Implications of Zipf's Law in Passwords. Proc. of the 21th European Symposium on Research in Computer Security (ESORICS 2016), LNCS 9878, pp. 111-131. (full paper, acceptance rate 60/285=21.0%) pdf
(Selected as course material in CS-59000-PWD of Purdue University and "Frontiers of info sec" of Peking University, Fall 2016) slides
Ding Wang, Debiao He, Haibo Cheng, Ping Wang. fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars. Proc. of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (IEEE/IFIP DSN 2016), pp.595-606. June 28-July 01, France. (Full paper, acceptance rate: 53/259=20.4%) Github slides pdf
(At ACM CCS'18, Golla and Durmuth showed that our fuzzyPSM performs the best among 45 password strength meters (81 variants), against both online guessing and offline guessing)
Ding Wang, Qianchen Gu, Haibo Cheng, Ping Wang. The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes. Proc. of the 11th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2016), pp. 475-486. (full paper, acceptance rate 73/350=20.8%) slides pdf
Ping Wang, Ding Wang*, Xinyi Huang. Advances in Password Security (invited paper). Journal of Computer Research and Development, 2016, 53(10): 2173-2188. pdf (see a short video by the Science China Press)
Debiao He, Ding Wang, Qi Xie, Kefei Chen. Anonymous Handover Authentication Protocol for Mobile Wireless Networks with Conditional Privacy Preservation. Science China: Information Sciences, Springer-Verlag, 2016, Doi: 10.1007/s11432-016-0161-2 pdf
Zengpeng Li, Chunguang Ma, Ding Wang. Toward single-server private information retrieval protocol via LWE. Elsevier Journal of Information Security and Applications (JISA), 2016, Doi: 10.1016/j.jisa.2016.11.003
Ding Wang, Ping Wang. The Emperor's New Password Creation Policies: An Evaluation of Leading Web Services and the Effect of Role in Resisting Against Online Guessing. Proc. of the 20th European Symposium on Research in Computer Security (ESORICS 2015), LNCS 9237, Springer, pp. 457-477. (full paper, acceptance rate 59/298=19.8%) pdf
Ding Wang, Haibo Cheng, Ping Wang. Understanding Passwords of Chinese Users: A Survey and Empirical Analysis. 2015, Draft, http://bit.ly/2maZLCd (Top-10000 most popular Chinese passwords; Appendix)
[User survey: http://www.sojump.com/jq/6443561.aspx (Chinese); http://www.sojump.com/jq/7005139.aspx (English version)]
Ding Wang, Debiao He, Ping Wang, Chao-Hsien Chu. Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment. IEEE Trans. on Dependable and Secure Computing, 2015, 12(4): 228-442. pdf (300+ citations, the 2nd most cited article since 2014 of IEEE TDSC, ESI highly cited paper, ESI hotspot paper (top 0.1%); A number of following works write that this paper makes a "crucial observation", an "interesting observation", an "important observation", and "a big breakthough")
Ding Wang, Nan Wang, Ping Wang, Sihan Qing. Preserving Privacy for Free: Efficient and Provably Secure Two-Factor Authentication Scheme with User Anonymity. Elsevier Information Sciences, 2015, volume 321, pp. 162-178. pdf
(100+ Citations, ESI highly cited paper)
Debiao He, Ding Wang*. Robust biometric-based authentication scheme multi-server environment. IEEE systems Journal, 2015, 9(3): 816-823. (The most cited article since 2013 of IEEE Syst.J.; 400+ Citations, ESI highly cited paper, ESI hotspot paper (top 0.1%)) pdf
Ding Wang, Ping Wang. On the Usability of Two-Factor Authentication. Proc. of 10th International Conference on Security and Privacy in Communication Networks (SecureComm 2014), pp. 141-150. Sep. 24-26, 2014, Beijing. pdf
Ding Wang, Ping Wang. On the Anonymity of Two-Factor Authentication Schemes for Wireless Sensor Networks: Attacks, Principle and Solutions. Elsevier Computer Networks, 2014(73): 41–57. pdf
(180+ Citations; This work investigates the inherent cryptographic complexity of designing a two-factor authentication scheme with user anonymity, and formally proves an impossibility result. A number of following works write that our result is "somewhat surprising" and "an important finding"; Also honored to appear in the Elsevier 2017 list of "Article Selection Celebrating Computer Science Research in China";)
Ding Wang, Ping Wang. Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Elsevier Ad Hoc Networks, 2014 (20): 1-15. pdf
(Among the list of "most cited articles published since 2012" of this journal; 90+ Citations; ESI highly cited paper)
Ding Wang, Ping Wang, Jing Liu. Improved Privacy-Preserving Authentication Scheme for Roaming Service in Mobile Networks. Proc. of 15th IEEE Wireless Communications and Networking Conference (WCNC 2014), pp. 3178-3183. April 06-09, 2014, Istanbul, Turkey. pdf
Chunguang Ma, Ding Wang*, Sen-Dong Zhao. Security flaws in two improved remote user authentication schemes using smart cards. Int. Journal of Communication Systems, 2014, 27(10): 2215-2227. pdf
(100+ Citations, ESI highly cited paper (top 1%), three general protocol design principles are suggested.)
Ding Wang, Ping Wang. Offline Dictionary Attack on Password Authentication Schemes using Smart Cards. Proc. 16th International Conference on Information Security (ISC 2013), November 13-15, Dallas, Texas, USA, Springer, LNCS 7807, pp. 221-237. (full paper, acceptance rate: 16/70=22.8%) pdf
Before 2013. The following are published when pursuing my Master degree, and give rise to the "excellent master thesis award" of our University.
Ding Wang. Research on Password-based Remote User Authentication Schemes Using Smart-cards. Master thesis, Harbin Engineering University, Mar. 2013. pdf
(Outstanding master thesis award of Harbin Engineering University, and the only recipient of the School of CS)
Ding Wang, Chunguang Ma. Cryptanalysis of a Remote User Authentication Scheme for Mobile Client-Server Environment With Provable Security based on ECC. Elsevier Information Fusion, 2013, 41(4): 498-503. pdf
Debiao He, Ding Wang, Shuhua Wu. Cryptanalysis and Improvement of a password-based remote user authentication scheme without smart cards. Information Technology and Control, 2013, 42(4): 170-177. pdf
Ding Wang, Chunguang Ma, Qiming Zhang, Sendong Zhao. Secure Password-based Remote User Authentication Scheme against Smart Cards Security Breach. Journal of Networks, 2013, 8(1): 148-155. pdf
Ding Wang, Chunguang Ma. Cryptanalysis and security enhancement of a remote user authentication scheme. Elsevier Journal of China Universities of Posts and Telecommunications, 2012, 19(5): 104-114, Doi: 10.1016/S1005-8885(11)60307-5 pdf
Ding Wang, Chunguang Ma, Sendong Zhao, Changli Zhou. Breaking a Robust Remote User Authentication Scheme using Smart Cards. Proc. of the 9th IFIP International Conference on Network and Parallel Computing (IFIP NPC 2012), Gwangju, Korea, Sep 6-8, LNCS 7351, pp. 110-118. Berlin: Springer-Verlag, 2012. (acceptance rate: 38/136=27.9%) pdf
Sendong Zhao, Ding Wang, Sicheng Zhao, Wu Yang, Chunguang Ma. Cookie-Proxy: A Solution to Prevent SSLStrip Attack. The 14th International Conference on Information and Communications Security (ICICS 2012), Hongkong, China, LNCS, vol. 7618, pp. 365-372. Berlin: Springer-Verlag, 2012. (acceptance rate: 49/101, Short Paper) pdf
Ding Wang, Chunguang Ma, Deli Gu, Zhenshan Cui. Cryptanalysis of Two Dynamic ID-based Remote User Authentication Schemes for Multi-Server Architecture. Proc. of the 6th International Conference on Network and System Security (NSS 2012), Wuyishan, China, Nov 21-23, Lecture Notes in Computer Science, Vol. 7645, pp. 462-475. Berlin: Springer-Verlag, 2012. (acceptance rate: 39/173=22.5%, full paper) pdf
Chunguang Ma, Ding Wang, Ping Zhao, Yu-Heng Wang. A new dynamic ID-based remote user authentication scheme with forward secrecy. Proc. of the 14th Asia-Pacific Web Conference (APWeb Workshops 2012), Kunming, China, April 11-13, Lecture Notes in Computer Science, vol. 7234, pp. 199-211. Springer, 2012. (acceptance rate: 28/68, full paper) pdf
Ding Wang, Ying Mei, Chunguang Ma, Zhenshan Cui. Comments on an Advanced Dynamic ID-based Authentication Scheme for Cloud Computing. Proc. International Comference on Web Information Systems and Mining (WISM 2012), Chengdu, China, Oct 26-28, 2012, LNCS, vol. 7529, pp. 246-253. (acceptance rate: 87/418=20.8%, full paper) pdf
Ding Wang, Chunguang Ma, Lan Shi, Yu-Heng Wang. On the Security of an Improved Password Authentication Scheme Based on ECC. Proc. of the Third International Conference Information Computing and Applications (ICICA 2012), Chengde, China, LNCS 7473, pp. 181-188. (Acceptance rate: 100/1089=9.18%, full paper) pdf
Chunguang Ma, Ding Wang, Qi-ming Zhang. Cryptanalysis and Improvement of Sood et al.'s Dynamic ID-based Authentication Scheme. Proc. of the 8th International Conference on Distributed Computing andInternet Technology (ICDCIT 2012), Bhubaneswar, India, February 2-4, 2012, LNCS, vol. 7154, pp. 141-152. (full paper, acceptance rate: 17/89=19.1%) pdf
Ding Wang, Chunguang Ma, Peng Wu. Secure password-based remote user authentication scheme with non-tamper resistant smart cards. Proc. of the 26th Annual IFIP Conference on Data and Applications Security and Privacy (IFIP DBSec 2012), Paris, France, July 13-16, 2012, LNCS, vol. 7371, pp. 114-121. (acceptance rate: 23/49, short paper, full version) pdf
Some publications in Chinese:
Feifei Wang, Ding Wang*. Fog computing-based three-party authentication and key agreement protocol for smart healthcare. Journal of Software, 2023. Doi: https://doi.org /10.13328/j.cnki.jos.006514 (in Chinese) pdf
(王菲菲,汪定*. 基于雾计算的智能医疗三方认证与密钥协商协议.软件学报, 2023, 34(7): 3272-3291)
Ding Wang, Xiaofeng Chen, Jianfeng Ma*. Invited interpretation of MIT Top-10 Technique "The end of passwords". Bulletin of National Natural Science Foundation of China, 2022, 36(3): 432, 433, 445. pdf
(汪定, 陈晓峰, 马建峰*. MIT Technology Review 2022年“全球十大突破性技术”解读—终结口令. 中国科学基金, 2022, 36(3): 432, 433, 445. 本文为受邀撰写.)
Anqi Yin, Ding Wang*, Yuanbo Guo, Lin Chen, Di Tang. Provably Secure Quantum Resistance Efficient Password-Authenticated Key Exchange Protocol. Chinese Journal of Computers (in Chinese), 2022, 45(11): 2321-2336 pdf
(尹安琪, 汪定*, 郭渊博, 陈琳, 唐迪. 可证明安全的抗量子高效口令认证密钥交换协议. 计算机学报, 2022, 45(11): 2321-2336.)
Jingwei Jiang, Ding Wang*, Guoyin Zhang, Zhiyuan Chen. Private key management scheme for mobile edge computing. Chinese Journal of Computers (in Chinese), 2022, 45(6): 1348-1372. pdf
(蒋京玮, 汪定*, 张国印, 陈志远. 面向移动边缘计算的密钥管理协议. 计算机学报, 2022, 45(6): 1348-1372.)
程庆丰, 汪定*, 张卫明. 初等数论数学及其在密码学中应用探讨. 计算机教育, 2022, 第3期, pp. 54-57. pdf
Zengpeng Li, Ding Wang*. Achieving Password-Hashing Scheme over Lattices. SCIENCE CHINA: Information Sciences 2021, Doi: https://doi.org/10.1360/SSI-2020-0177 (in Chinese) pdf
(李增鹏, 汪定*. 基于格的口令散列方案. 中国科学:信息科学, 2021, 51(8): 1375-1390.)
Ding Wang*, Yunkai Zou, Yi Tao, Bin Wang. Password Guessing Based on Recursive Neural Networks and Generative Adversarial Networks. Chinese Journal of Computers, 2021, 44(8): 2519-2534. pdf
(汪定, 邹云开, 陶义, 王彬. 基于循环神经网络和对抗生成式网络的口令猜测模型模型, 计算机学报, 2021, 44(8): 2519-2534.)
Chenyu Wang, Ding Wang*, Feifei Wang, Guoai Xu. Multi-factor user authentication scheme for multi-gateway wireless sensor networks, Chinese Journal of Computers, 2020 43(4): 683-700. (in Chinese) pdf
(王晨宇, 汪定*, 王菲菲, 徐国爱. 面向多网关的无线传感器网络多因素身份认证协议, 计算机学报, 2020 43(4): 683-700.)
李文婷, 汪定, 王平. 无线传感器网络环境下多因素身份认证协议的内部人员攻击研究. 软件学报, 2019, 30(8): 2375-2391. pdf
Ding Wang. Data-driven Targeted Online Password Guessing. Development Report on Frontiers of Science and Technology: China Cyberspace Security. Book chapter, edited by Hai Jin, Peng Xu and Deqing Zou. China Industry and Information Technology Publishing Press, 2019, pp. 64-68. (in Chinese) pdf
(汪定. 数据驱动的定向在线口令猜测研究. 中国网络空间安全前言科技发展报告, 金海, 徐鹏, 邹德清主编. 中国工信出版社, 2019, pp. 64-68.)
Ding Wang, Wenting Li, Ping Wang. Cryptanalysis of three anonymous authentication schemes for multi-server environment. Chinese Journal of Software, 2018, 29(7): 1937-1952 (Tier-1 Chinese Journal) pdf
(汪定, 李文婷, 王平. 对三个多服务器环境下匿名认证协议的分析. 软件学报, 2018, 29(7): 1937-1952. (入选“中国精品科技期刊顶尖学术论文”, CCF A类中文期刊, EI))
王平, 汪定*, 黄欣沂. 口令安全研究进展. 计算机研究与发展, 2016, 53(10): 2173-2188. (CCF A类中文期刊, EI) pdf
汪定, 王平, 雷鸣. 基于RSA的网关口令认证协议的分析与改进. 电子学报, 2015 43(1): 176-184. (CCF A类中文期刊, EI, 被中国密码学会通讯报道) pdf
汪定, 王平*, 李增鹏, 马春光. 可证明安全的基于RSA的远程用户口令认证协议. 系统工程理论与实践, 2015, 35(1): 191-204. (国家一级学报,EI) pdf
薛峰, 汪定*, 曹品军, 李勇. 对两个传感器环境下远程用户口令认证协议的安全性分析. 计算机应用, 2015, 35(12): 3424-3428+3436.
汪定, 马春光, 翁臣, 贾春福. 一种适于受限资源环境的远程用户认证方案的分析与改进. 电子与信息学报, 2012, 34(10): 2520-2526 (国家一级学报, EI收录) pdf
汪定, 薛峰, 王立萍, 马春光. 改进的具有PFS特性的口令认证密钥协商方案. 山东大学学报 (理学版), 47(9): 19-25. (中文核心) pdf
汪定, 马春光, 张启明. 一种强口令认证协议的攻击与改进. 计算机科学, 2012, 39(6): 72-76 (中文核心). pdf
汪定, 马春光, 翁臣, 贾春福. 强健安全网络中间人攻击研究. 计算机应用, 2012, 32(1): 42-44, 65 (中文核心). pdf
薛峰, 汪定*, 王立萍, 马春光. 对两个基于智能卡的远程用户口令认证协议的安全性分析. 计算机应用, 2012, 32(7): 221-224.
薛峰, 汪定*, 王立萍. 一种基于公钥认证可恢复的半脆弱水印算法. 计算机安全, 2011, 4(1): 25-28.
马春光, 汪定*, 张启明. 广域涉密信息系统域间授权研究. 保密科学技术, 2011, 3(11): 50-52.
