University of Newcastle, Computing Science

Lab of Security Engineering (LSE)

We develop and study computer and Internet security techniques, primarily focusing on the following areas:

Usable security: making computer security not just secure, but also practically usable.
Systems security
Novel data structure and algorithm: in particular those that are relevant to computer security problems.

Recognition

Finalist, the Times Higher Education award for the Outstanding Engineering Research Team of the Year, 2009.
Runner-up of the Evening Chronicle's Young Achiever Award (Technology Achievement) 2009 for PhD student Ahmad El Ahmad.

Faculty

Dr Jeff Yan, principal investigator

PhD Students

Suliman Alsuhibany
Ahmad El Ahmad
Paul Dunphy
Su-Yang Yu
Nur Haryani Zakaria

Research projects

CAPTCHAs
Graphical passwords (Background Draw a Secret is one of our many ongoing projects in this area)
Design and analysis of usable security mechanisms
Spam detection
Phishing defense
Online game security
etc

Selected publications

J. Yan, A. Blackwell, R. Anderson and A. Grant. The memorability and security of passwords -- some empirical results. University of Cambridge, Computer Laboratory Technical Report No. 500, 2000. Journal version appears in IEEE Security & Privacy, Vol. 2 No. 5, 2004. Reprinted with extensions in the O'Reilly book "Security and Usability" in 2005.
J. Yan, S. Early and R. Anderson. The XenoService - A Distributed Defeat for Distributed Denial of Service. In Proceedings of the 3rd Information Survivability Workshop (ISW 2000), Boston, USA, October 2000. Also available from CERT.
J. Yan and Y. Wu. An Attack on A Traitor Tracing Scheme. University of Cambridge, Computer Laboratory Technical Report No. 518, 2001. Also appears as Cryptology ePrint Archive Report 2001/067.
J. Yan. Security Design in Online Games. In Proc. of the 19th Annual Computer Security Applications Conference (ACSAC'03), IEEE Computer Society, Las Vegas, U.S.A., December, 2003.
J. Yan and Brian Randell. A Systematic Classification of Cheating in Online Games. 4th Workshop on Network & System Support for Games (NetGames'05), IBM TJ Watson Research Center, New York, U.S.A., Oct 10-11, 2005. ACM Press.
J Yan and PL Cho. Enhancing collaborative spam detection with Bloom filters, ACSAC'06.
P Dunphy and J Yan. Do background images improve "draw a secret" graphical passwords? 14th ACM conference on Computer and Communications Security (CCS), Alexandria, Virginia, USA, Oct 2007.
J Yan and Ahmad El Ahmad. Breaking Visual CAPTCHAs with Naive Pattern Recognition Algorithms , ACSAC'07.
J Yan and Ahmad El Ahmad. "A Low-cost Attack on a Microsoft CAPTCHA", Techincal Report, School of Computing Science, Newcastle University, 2008. A peer-reviewed version appears at ACM CCS'08 and shows that our attack is of generic value (applicable to Microsoft, Google and Yahoo CAPTCHAs).
CAPTCHA security: a case study (with A El Ahmad), IEEE Security & Privacy, vol. 7, no. 4, July/Aug. 2009. pp. 22-28. (cover feature article)
J Yan and Su-Yang Yu. "Streamlining Attacks on CAPTCHAs with a Computer Game". Proc. of the Twenty-first International Joint Conference on Artificial Intelligence (IJCAI-09), Pasadena, California, USA, July 11-17, 2009. pp. 2095-2100.
J Yan. "Collusion Detection in Online Bridge". AAAI-10.
"Attacks and Design of Image Recognition CAPTCHAs" (with Bin Zhu et al), CCS'10.

Acknowledgements

Our research has been supported in part by Microsoft Research, the Royal Academy of Engineering and the EU funded Network of Excellence ReSIST project.

Contact

Jeff Yan
School of Computing Science
University of Newcastle
Newcastle upon Tyne, NE1 7RU
United Kingdom

Email:  Jeff.Yan at ncl.ac.uk 

Phone:  +44 191 222 8010
Fax:    +44 191 222 8232