Mohammad Mannan

Postdoctoral Fellow at University of Toronto

As of July 2009, I am an ISSNet postdoctoral fellow in the Edward S. Rogers Department of Electrical and Computer Engineering at the University of Toronto. My advisor is Prof. David Lie. I have completed my Ph.D. from Carleton University in April 2009 under the supervision of Prof. Paul Van Oorschot. See below for my thesis and related publications. My email is: mmannan (at) gmail.com

Research Interests

Authentication and passwords, malicious software, software security, identity fraud, phishing, online banking and PIN security, privacy, usability, and Instant Messaging (IM) and social networking security.

Publications

Ph.D. Thesis

• Authentication and Securing Personal Information in an Untrusted Internet. M. Mannan. Carleton University, April 2009.

Authentication and Passwords

• Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers (Draft version: October 6, 2008). M. Mannan, P.C. van Oorschot. Journal of Computer Security (accepted with minor revisions, Jan. 18, 2010). Extends the FC'07 paper (see below).
• Digital Objects as Passwords. (Version: July 14, 2008, © USENIX). Slides (pdf). Prototype download. M. Mannan, P.C. van Oorschot. USENIX Hot Topics in Security 2008 (HotSec'08), San Jose, California, USA, July 29, 2008. Tech Report (Version: June 3, 2008).
  • Selected press
• Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. (Post-proceedings version: March 30, 2007, © IFCA). Slides (pdf). AVISPA test code. M. Mannan, P.C. van Oorschot. Financial Cryptography and Data Security 2007 (FC'07), Lowlands, Scarborough, Trinidad and Tobago, Feb.12-15 2007. Tech Report (Extended version: March 30, 2007).

Data Breaches

• Localization of Credential Information to Address Increasingly Inevitable Data Breaches. (Version Nov. 1, 2008, © ACM ). Slides (pdf). M. Mannan, P.C. van Oorschot. New Security Paradigms Workshop 2008 (NSPW'08), Lake Tahoe, California, USA, Sept. 22-25, 2008. Tech Report (Version: July 18, 2008).

Content Sharing

• Privacy-Enhanced Sharing of Personal Content on the Web. (Version: Feb. 24, 2008 © IW3C2). Slides (pdf). M. Mannan, P.C. van Oorschot. World Wide Web conference (WWW2008), Apr. 21-25, 2008, Beijing, China.

Online Banking/PIN Security

• Reducing Threats from Flawed Security APIs: The Banking PIN Case. (Authors' copy, version: March 31, 2009, © Elsevier). M. Mannan, P.C. van Oorschot. Elsevier Computers & Security, volume 28, issue 6, Sept. 2009. Extends the FC'08 short paper (see below).
• Weighing Down ``The Unbearable Lightness of PIN Cracking.'' (Short paper, post-proceedings version: March 10, 2008, © IFCA). M. Mannan, P.C. van Oorschot. Financial Cryptography and Data Security 2008 (FC'08), Jan. 28-31, 2008, Cozumel, Mexico.
  • Tech Report (Extended version: April 29, 2008)
  • Presentation slides (pdf) from Analysis of Security API workshop (ASA-2, co-located with CSF 2008)
• Security and Usability: The Gap in Real-World Online Banking. (Post-proceedings version: October 19, 2007). Slides (pdf). M. Mannan, P.C. van Oorschot. New Security Paradigms Workshop 2007 (NSPW'07), New Hampshire, USA, Sept.18-21 2007.
  • Selected press

Instant Messaging Security

• A Protocol for Secure Public Instant Messaging. (Version: March 30, 2006, © IFCA). Slides (pdf). AVISPA test code. M. Mannan, P.C. van Oorschot. Financial Cryptography and Data Security 2006 (FC'06), Feb.27-Mar.2 2006, Anguilla, British West Indies. Proceedings: Springer LNCS 4107. The extended version of this paper is available as a Tech Report.
• On Instant Messaging Worms, Analysis and Countermeasures. Slides (pdf). M. Mannan, P.C. van Oorschot. Third Workshop on Rapid Malcode (WORM 2005), Fairfax, VA, USA, November 11, 2005. © Copyright 2005 by ACM, Inc.
• Secure Public Instant Messaging: A Survey. M. Mannan, P.C. van Oorschot. Second Annual Conference on Privacy, Security and Trust (PST), Fredericton, NB, pp 69-77, October 13-15, 2004. Slides (ppt).
• Secure Public Instant Messaging. M. Mannan, Master's thesis, Carleton University, August 2005.

Huffman Coding

Undergrad work at Bangladesh University of Engineering and Technology (BUET)

• Block Huffman Coding, M. Mannan, M. Kaykobad. International Journal of Computers and Mathematics with Applications, vol 46, issue 10-11, pp 1581-1587, November - December 2003.
• A Storage Efficient Header for Huffman Coding, M. Mannan, R. Chowdhury, M. Kaykobad. International Conference on Computer and Information Technology (ICCIT 2001), pp 57-59, 2001.
• On Optimal Huffman Compression, M. Mannan, M. Kaykobad. International Conference on Computer and Information Technology (ICCIT 2001), pp. 60-61, 2001.