Portrait of Cormac Herley

Cormac Herley

Principal Researcher

Press & more

Passwords

  • J. Bonneau, C. Herley, P.C. van Oorschot and F. Stajano, “Passwords and the Evolution of Imperfect Authentication”, Commun. ACM, July 2015
  • D. Florencio, C. Herley and P.C. van Oorschot, “An Administrator’s Guide to Internet Password Research”, Proc. Usenix LISA, 2014
  • D. Florencio, C. Herley and P.C. van Oorschot, “Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts”, Proc. Usenix Security, 2014
  • S. Komanduri, R. Shay, L. Cranor, C. Herley and S. Schechter, “Telepathwords: preventing weak passwords by reading users’ minds”, Proc. Usenix Security 2014
  • S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov and C. Herley, “Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection” Proc. CHI 2013
  • J. Bonneau, C. Herley, P.C. van Oorschot and F. Stajano, “The quest to replace passwords: A framework for comparative evaluation of web authentication schemes“, IEEE Symp. Security & Privacy 2012
  • C. Herley and P.C. van Oorschot, “A Research Agenda Acknowledging the Persistence of Passwords,”IEEE Security and Privacy magazine, Jan. 2012
  • S. Schechter, C. Herley and M. Mitzenmacher, “Popularity is Everything: a new approach to protecting passwords from statistical-guessing attacks,” Proc. HotSEC 2010
  • D. Florencio and C. Herley, “Where Do Security Policies Come From?”, SOUPS 2010 [Best paper award at SOUPS]
  • C. Herley, P.C. van Oorschot and A.S. Patrick, “Passwords: If We’re So Smart Why Are We Still Using Them?” Financial Crypto 2009
  • D. Florencio and C. Herley, “A Large Scale Study of Web Password Habits,” WWW 2007, Banff
  • D. Florencio, C. Herley and B. Coskun,“Do Strong Web Passwords Accomplish Anything?,” Usenix HotSEC ’07, Boston

Economics of cybercrime

  • M. Javed, C. Herley, M. Peinado, V. Paxson, Measurement and Analysis of Traffic Exchange Services, Proc. Internet Measurement Conf, 2015
  • D. Florencio, C. Herley and A. Shostack, “FUD: a plea for intolerance,” Comm. ACM June 2014
  • C. Herley, “Security, Cyber-crime and Scale,” Comm. ACM Sept. 2014
  • C. Herley, “Small World: Collisions among attackers in a finite population”, WEIS 2013
  • C. Herley, “When does Targeting Make Sense for an Attacker?” IEEE Security & Privacy magazine, March 2013
  • C. Herley, “Why do Nigerian Scammers say they are from Nigeria?”, Proc. WEIS 2012
  • D. Florencio and C. Herley, “Is Everything We Know About Password Stealing Wrong?” IEEE Security and Privacy magazine, Dec 2012
  • D. Florencio and C. Herley, “Where Do All the Attacks Go?” WEIS 2011
  • D. Florencio and C. Herley, “Sex, Lies and Cyber-crime Surveys,” WEIS 2011
  • D. Florencio and C. Herley, Phishing and Money Mules, Proc WIFS, 2010
  • C. Herley, “The Plight of the Targeted Attacker in a World of Scale,” WEIS 2010
  • C. Herley and D. Florencio, “Economics and the Underground Economy,” Black Hat 2009
  • C. Herley and D. Florencio, “Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy,” WEIS 2009, London
  • C. Herley and D. Florencio, “A Profitless Endeavor: Phishing as a Tragedy of the Commons,” NSPW 2008, Lake Tahoe, CA

Safety and security

  • G. Wang, J. Stokes, C. Herley and D. Felstead, “Detecting Landing Pages in Malware Distribution Networks: A Comparisoon of Rule and Cklassifier-based Methods,” IEEE DSN 2013
  • Z. Mao, D. Florencio and C. Herley, “Painless Migration to Two-factor Authentication,” Proc. WIFS 2011
  • D. Florencio and C. Herley, “One-time Password Access to Any Server Without Changing the Server,”ISC 2008, Taipei
  • B. Coskun and C. Herley, “Can Something-You-Know be Saved?” ISC 2008, Taipei
  • C. Herley and D. Florencio, “Protecting Financial Institutions from Brute-Force Attacks,” SEC 2008, Milan
  • D. Florencio and C. Herley, “Evaluating Password Re-Use for Phishing Prevention,” APWG eCrime ’07 Pittsburgh
  • D. Florencio and C. Herley,“KLASSP: Entering Passwords on a Spyware Infected Machine Using a Shared-Secret Proxy,” Proc. ACSAC 2006
  • D. Florencio and C. Herley, “Password Rescue: A New Approach to Phishing Prevention,” Usenix HotSEC ’06, Vancouver
  • C. Herley and D. Florencio, “How to Login from an Internet Cafe Without Worrying about Keyloggers,” Symp. On Usable Privacy and Security ‘06 [poster] [Note: please don’t rely on this. It was a cute idea in 2006, but offers very little protection in 2010]
  • D. Florencio and C. Herley,“Analysis and Improvement of Anti-Phishing Schemes,” Proc SEC 2006
  • D. Florencio and C. Herley,“Stopping a Phishing Attack, Even when the Victims Ignore Warnings,”MSR-TR-2005-142

P2P and networking

Multimedia

  • C. Herley, “ARGOS: Automatically extracting Repeating Objects from multimedia Streams”, IEEE Trans, Multimedia, Feb. 2006
  • R. Ragno, C. J. C. Burges and C. Herley, “Inferring Similarity Between Music Objects with Application to Playlist Generation,” Proc. ACM Workshop Multimedia Information Retrieval, 2005
  • C. Herley, “Accurate Repeat Finding and Object Skipping Using Fingerprints,” Proc. ACM Multimedia 2005
  • C. Herley,”Why Watermarking is Nonsense”, Signal Processing Magazine, Sept. 2002

Image processing

  • C. Herley, “Occlusion Removal with Minimum Number of Images,” Proc ICIP 2005
  • C. Herley, “Efficient Inscribing of Noisy Rectangular Objects in Scanned Images,” Proc. ICIP 2004
  • C. Herley, P. Vora and S. Yang, “Detection and Deterrence of Counterfeiting of Valuable Documents,”Proc. ICIP 2004
  • C. Herley, “Extracting Repeats from Media Streams”, ICASSP 2004, Montreal
  • C. Herley, “Recursive Method to Detect and Segment Multiple Rectangular Objects in Scanned Images”, MSR TR
  • C. Herley, “Recursive Method to Extract Rectangular Objects from Scans”, Proc ICIP 2003
  • C. Herley, “Document Capture Using a Digital Camera”, Proc. Int Conf. Image Proc., Thessaloniki, Greece, Oct 2001
  • C. Herley, “Protecting Images Online: a Security Mechanism that does not involve Watermarking,”Proc. Int. Conf. Image Proc., Vancouver, BC, Sept. 2000