Towards an effective recognition graphical password mechanism based on cultural familiarity

Text-based passwords for authentication are exposed to the dictionary attack as users tend to create weak passwords for easy memorability. When dealing with user’s authentication, pictures are more likely to be simply remembered in comparison with words. Hence, this study aimed to determine the types of pictures in accordance to users’ cultural background. It also investigated the relationship between the choices of password and the cultural familiarity along with the effect of Graphical Password (GP) on security and usability. A list of guidelines was proposed for the recognition of graphical passwords. This is believed to increase the security as well as usability. A total of 40 students were recruited to build a GP database. Further, an evaluation was conducted to investigate users’ familiarity and recognition of the GP from the database using 30 other respondents. The results showed that the 30 participants positively responded to the familiar pictures in accordance to their cultures. The result of successful login rate was 79.51% which indicates that cultural-based GP has increased the respondents’ familiarity by promoting their memorability. Further, the respondents who chose familiar GP had higher guessing attack rate than the unfamiliar GP. Finally, a total of 8 guidelines were established based on the aspects that correspond to the users’ preferences for choosing and processing GP. These guidelines can be used by graphical password system designers to develop effective GP system

Using Technology to Eliminate Traffic Congestion

Traffic congestion is a pervasive worldwide problem. We explain how to harness existing technologies together with new methods in time-and-location markets to eradicate traffic congestion along with its attendant social harms. Our market design for road use builds on congestion pricing and models of efficient pricing in the electricity sector. The market maximizes the value of a transport network through efficient scheduling, routing, and pricing of road use. Privacy and equity concerns are addressed. Transparent price information provides essential information for efficient long-term investment in transport

Analysing the Security of Google's implementation of OpenID Connect

Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems

Upending Stock Market Structure Using Secure Multi-Party Computation

The stock markets have two primary functions, that of providing liquidity and price discovery. While the market micro-structure was mostly ignored or assumed to function ideally for the purpose of asset pricing, M. O\u27Hara (Journal of Finance, 2003) has established that both liquidity and price discovery affect asset pricing, and in particular asset returns. While the cost of liquidity provision is borne by investors, and is clearly detrimental to asset returns, periodic price discovery has both positive and negative consequences for asset pricing. In this work we propose using cryptography, and in particular multi-party secure computation, to setup a novel stock market structure that, to a large extent, removes the negative consequences of liquidity costs and periodic price discovery. Interestingly, the proposed market structure takes us back to the early days of stock markets, i.e. periodic call markets, but with the not so ``trusted\u27\u27 auctioneer replaced by secure distributed computing where no individual party (or small coalition) gets to know the order book

Improved Stock Market Structure Using Cryptography

The stock markets have two primary functions, that of providing liquidity and price discovery. While the market micro-structure was mostly ignored or assumed to function ideally for the purpose of asset pricing, O\u27Hara (Journal of Finance, 2003) has established that both liquidity and price discovery affect asset pricing, and in particular asset returns. Easley and O\u27Hara (Journal of Finance 2004) have demonstrated that informed investors\u27 private information is not reflected efficiently in price discovery. We argue that the periodic price discovery has both positive and negative consequences for asset returns. In particular, the inefficient reflection of investors\u27 information during price discovery incentivizes them to conduct research. However, this requires that the auctioneer be ideal or fully trusted. In this work we propose using cryptography, and in particular multi-party secure computation, to setup a novel stock market structure that, to a large extent, removes the negative consequences of liquidity costs and periodic price discovery, as well as incentivizes investors to conduct research. Interestingly, the proposed market structure takes us back to the early days of stock markets, i.e. periodic call markets, but with the not so ``trusted\u27\u27 auctioneer replaced by a decentralized set of parties where no individual party (or small coalition) gets to know the order book

HIDE & SEEK: Privacy-Preserving Rebalancing on Payment Channel Networks

Payment channels effectively move the transaction load off-chain thereby successfully addressing the inherent scalability problem most cryptocurrencies face. A major drawback of payment channels is the need to ``top up\u27\u27 funds on-chain when a channel is depleted. Rebalancing was proposed to alleviate this issue, where parties with depleting channels move their funds along a cycle to replenish their channels off-chain. Protocols for rebalancing so far either introduce local solutions or compromise privacy. In this work, we present an opt-in rebalancing protocol that is both private and globally optimal, meaning our protocol maximizes the total amount of rebalanced funds. We study rebalancing from the framework of linear programming. To obtain full privacy guarantees, we leverage multi-party computation in solving the linear program, which is executed by selected participants to maintain efficiency. Finally, we efficiently decompose the rebalancing solution into incentive-compatible cycles which conserve user balances when executed atomically

New approach to privacy-preserving clinical decision support systems for HIV treatment

Background: HIV treatment prescription is a complex process. Clinical decision support systems (CDSS) are a category of health information technologies that can assist clinicians to choose optimal treatments based on clinical trials and expert knowledge. The usability of some CDSSs for HIV treatment would be significantly improved by using the knowledge obtained by treating other patients. This knowledge, however, is mainly contained in patient records, whose usage is restricted due to privacy and confidentiality constraints. Methods: A treatment effectiveness measure, containing valuable information for HIV treatment prescription, was defined and a method to extract this measure from patient records was developed. This method uses an advanced cryptographic technology, known as secure Multiparty Computation (henceforth referred to as MPC), to preserve the privacy of the patient records and the confidentiality of the clinicians’ decisions. Findings: Our solution enables to compute an effectiveness measure of an HIV treatment, the average time-to-treatment-failure, while preserving privacy. Experimental results show that our solution, although at proof-of-concept stage, has good efficiency and provides a result to a query within 24 min for a dataset of realistic size. Interpretation: This paper presents a novel and efficient approach HIV clinical decision support systems, that harnesses the potential and insights acquired from treatment data, while preserving the privacy of patient records and the confidentiality of clinician decisions

New approach to privacy-preserving clinical decision support systems for HIV treatment

Background HIV treatment prescription is a complex process. Clinical decision support systems (CDSS) are a category of health information technologies that can assist clinicians to choose optimal treatments based on clinical trials and expert knowledge. The usability of some CDSSs for HIV treatment would be significantly improved by using the knowledge obtained by treating other patients. This knowledge, however, is mainly contained in patient records, whose usage is restricted due to privacy and confidentiality constraints. Methods A treatment effectiveness measure, containing valuable information for HIV treatment prescription, was defined and a method to extract this measure from patient records was developed. This method uses an advanced cryptographic technology, known as secure Multiparty Computation (henceforth referred to as MPC), to preserve the privacy of the patient records and the confidentiality of the clinicians' decisions. Findings Our solution enables to compute an effectiveness measure of an HIV treatment, the average time-to-treatment-failure, while preserving privacy. Experimental results show that our solution, although at proof-of-concept stage, has good efficiency and provides a result to a query within 24 min for a dataset of realistic size. Interpretation This paper presents a novel and efficient approach HIV clinical decision support systems, that harnesses the potential and insights acquired from treatment data, while preserving the privacy of patient records and the confidentiality of clinician decisions.Number theory, Algebra and Geometr