Towards an effective recognition graphical password mechanism based on cultural familiarity

Text-based passwords for authentication are exposed to the dictionary attack as users tend to create weak passwords for easy memorability. When dealing with user’s authentication, pictures are more likely to be simply remembered in comparison with words. Hence, this study aimed to determine the types of pictures in accordance to users’ cultural background. It also investigated the relationship between the choices of password and the cultural familiarity along with the effect of Graphical Password (GP) on security and usability. A list of guidelines was proposed for the recognition of graphical passwords. This is believed to increase the security as well as usability. A total of 40 students were recruited to build a GP database. Further, an evaluation was conducted to investigate users’ familiarity and recognition of the GP from the database using 30 other respondents. The results showed that the 30 participants positively responded to the familiar pictures in accordance to their cultures. The result of successful login rate was 79.51% which indicates that cultural-based GP has increased the respondents’ familiarity by promoting their memorability. Further, the respondents who chose familiar GP had higher guessing attack rate than the unfamiliar GP. Finally, a total of 8 guidelines were established based on the aspects that correspond to the users’ preferences for choosing and processing GP. These guidelines can be used by graphical password system designers to develop effective GP system

Algorithms design for improving homecare using Electrocardiogram (ECG) signals and Internet of Things (IoT)

Due to the fast growing of population, a lot of hospitals get crowded from the huge amount of patients visits. Moreover, during COVID-19 a lot of patients prefer staying at home to minimize the spread of the virus. The need for providing care to patients at home is essential. Internet of Things (IoT) is widely known and used by different fields. IoT based homecare will help in reducing the burden upon hospitals. IoT with homecare bring up several benefits such as minimizing human exertions, economical savings and improved efficiency and effectiveness. One of the important requirement on homecare system is the accuracy because those systems are dealing with human health which is sensitive and need high amount of accuracy. Moreover, those systems deal with huge amount of data due to the continues sensing that need to be processed well to provide fast response regarding the diagnosis with minimum cost requirements. Heart is one of the most important organ in the human body that requires high level of caring. Monitoring heart status can diagnose disease from the early stage and find the best medication plan by health experts. Continues monitoring and diagnosis of heart could exhaust caregivers efforts. Having an IoT heart monitoring model at home is the solution to this problem. Electrocardiogram (ECG) signals are used to track heart condition using waves and peaks. Accurate and efficient IoT ECG monitoring at home can detect heart diseases and save human lives. As a consequence, an IoT ECG homecare monitoring model is designed in this thesis for detecting Cardiac Arrhythmia and diagnosing heart diseases. Two databases of ECG signals are used; one online which is old and limited, and another huge, unique and special from real patients in hospital. The raw ECG signal for each patient is passed through the implemented Low Pass filter and Savitzky Golay filter signal processing techniques to remove the noise and any external interference. The clear signal in this model is passed through feature extraction stage to extract number of features based on some metrics and medical information along with feature extraction algorithm to find peaks and waves. Those features are saved in the local database to apply classification on them. For the diagnosis purpose a classification stage is made using three classification ways; threshold values, machine learning and deep learning to increase the accuracy. Threshold values classification technique worked based on medical values and boarder lines. In case any feature goes above or beyond these ranges, a warning message appeared with expected heart disease. The second type of classification is by using machine learning to minimize the human efforts. A Support Vector Machine (SVM) algorithm is proposed by running the algorithm on the features extracted from both databases. The classification accuracy for online and hospital databases was 91.67% and 94% respectively. Due to the non-linearity of the decision boundary, a third way of classification using deep learning is presented. A full Multilayer Perceptron (MLP) Neural Network is implemented to improve the accuracy and reduce the errors. The number of errors reduced to 0.019 and 0.006 using online and hospital databases. While using hospital database which is huge, there is a need for a technique to reduce the amount of data. Furthermore, a novel adaptive amplitude threshold compression algorithm is proposed. This algorithm is able to make diagnosis of heart disease from the reduced size using compressed ECG signals with high level of accuracy and low cost. The extracted features from compressed and original are similar with only slight differences of 1%, 2% and 3% with no effects on machine learning and deep learning classification accuracy without the need for any reconstructions. The throughput is improved by 43% with reduced storage space of 57% when using data compression. Moreover, to achieve fast response, the amount of data should be reduced further to provide fast data transmission. A compressive sensing based cardiac homecare system is presented. It gives the channel between sender and receiver the ability to carry small amount of data. Experiment results reveal that the proposed models are more accurate in the classification of Cardiac Arrhythmia and in the diagnosis of heart diseases. The proposed models ensure fast diagnosis and minimum cost requirements. Based on the experiments on classification accuracy, number of errors and false alarms, the dictionary of the compressive sensing selected to be 900. As a result, this thesis provided three different scenarios that achieved IoT homecare Cardiac monitoring to assist in further research for designing homecare Cardiac monitoring systems. The experiment results reveal that those scenarios produced better results with high level of accuracy in addition to minimizing data and cost requirements

Algebraic Attacks on Human Identification Protocols

Human identification protocols are challenge-response protocols that rely on human computational ability to reply to random challenges from the server based on a public function of a shared secret and the challenge to authenticate the human user. One security criterion for a human identification protocol is the number of challenge-response pairs the adversary needs to observe before it can deduce the secret. In order to increase this number, protocol designers have tried to construct protocols that cannot be represented as a system of linear equations or congruences. In this paper, we take a closer look at different ways from algebra, lattices and coding theory to obtain the secret from a system of linear congruences. We then show two examples of human identification protocols from literature that can be transformed into a system of linear congruences. The resulting attack limits the number of authentication sessions these protocols can be used before secret renewal. Prior to this work, these protocols had no known upper bound on the number of allowable sessions per secret

Strategies to Reduce Small Business Data Security Breaches

Organizations affected by data security breaches may experience reputational damage and remediation costs. Understanding the data security strategies needed to protect small businesses is vital to safeguard company data and protect consumers’ personal information. Grounded in systems theory, the purpose of this qualitative multiple case study was to explore the strategies small business owners use to reduce data security breaches. The participants were 4 small business owners located in the southern region of the United States: 2 franchise small business owners and 2 nonfranchise small business owners. Data were collected from semistructured interviews and organizational documents. Yin’s 5-step data analysis was used to analyze the data. Two themes emerged: information assurance and third-party dependencies. A key recommendation includes small business owners implementing a contingency plan to manage a data security breach. The implications of positive social change include the potential for small business owners to develop data security strategies to protect their organizations from experiencing a data breach. Protection from data breaches can, in turn, rebuild trust with small business owners and increase spending, increasing the local community’s tax base that may be used to improve social services in the local community

GRAPHICAL ONE-TIME PASSWORD AUTHENTICATION

Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords appears difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. One-Time Passwords (OTPs) aim to overcome such problems; however, most implemented OTP techniques require special hardware, which not only adds costs, but also raises issues regarding availability. This type of authentication mechanism is mostly adopted by online banking systems to secure their clients’ accounts. However, carrying around authentication tokens was found to be an inconvenient experience for many customers. Not only the inconvenience, but if the token was unavailable, for any reason, this would prevent customers from accessing their accounts securely. In contrast, there is the potential to use graphical passwords as an alternative authentication mechanism designed to aid memorability and ease of use. The idea of this research is to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. A new multi-level user-authentication solution known as: Graphical One-Time Password (GOTPass) was proposed and empirically evaluated in terms of usability and security aspects. The usability experiment was conducted during three separate sessions, which took place over five weeks, to assess the efficiency, effectiveness, memorability and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Eighty-one participants carried out a total of 1,302 login attempts with a 93% success rate and an average login time of 24.5 seconds. With regard to the security evaluation, the research simulated three common types of graphical password attacks (guessing, intersection, and shoulder-surfing). The participants’ task was to act as attackers to try to break into the system. The GOTPass scheme showed a high resistance capability against the attacks, as only 3.3% of the 690 total attempts succeeded in compromising the system.King Abdulaziz City for Science and Technolog

Analysis of a two-factor graphical password scheme

Graphical passwords are a promising research branch, but implementation of many proposed schemes often requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, such as old-fashioned ATM terminals. Furthermore, most of the time, such schemes lack a careful security analysis. In this paper, we analyze the security and usability for an authentication mechanism that can be instantiated as a graphical password scheme. We model the information an adversary might extract by analyzing the transcripts of authentication sessions as a boolean formula. Our experiments show that the time needed by a passive adversary to extract the user secret in the last presented protocol grows exponentially in the system parameter, giving evidence of the security of the proposed scheme