Evaluation methodologies for security testing biometric systems beyond technological evaluation

The main objective of this PhD Thesis is the specification of formal evaluation methodologies for testing the security level achieved by biometric systems when these are working under specific contour conditions. This analysis is conducted through the calculation of the basic technical biometric system performance and its possible variations. To that end, the next two relevant contributions have been developed. The first contribution is the definition of two independent biometric performance evaluation methodologies for analysing and quantifying the influence of environmental conditions and human factors respectively. From the very beginning it has been claimed and demonstrated that these two contour conditions are the most significant parameters that may affect negatively the biometric performance. Nevertheless, in spite of ISO/IEC 19795 standard [ISO'06b], which addresses biometric performance testing and reporting, being published in 2006, no evaluation methodology for assessing such adverse effects has been implemented yet. Therefore, this dissertation proposes both methodologies which have been defined in accordance to the following requirements: - should be general and modality independent for covering the analysis of all kind of biometric systems; - should conform to the principles and requirements already defined in ISO/IEC 19795 multipart standard; and - should provide requirements and procedures to accurately define the evaluation conditions to be tested, conduct reproducible test methods and obtain objective and intercomparable results. The second relevant contribution is the development of detailed guidelines for addressing how to conduct biometric performance evaluations in compliance with Common Criteria [CC]. Common Criteria is currently the only international recognised evaluation framework with which developers have to analyse and demonstrate the level of security achieved by their products. However, the applicability of this methodology to biometrics needs the specification of supplementary guidelines. As a consequence, this dissertation proposes such guidelines which have been specified according to the following requirements: - should be independent of any biometric modality; - should be based on previous works published in this topic BTSE [BTSE'01], BEM [BEM'02] and the ISO/IEC 19792 international standard which addresses security evaluation of biometric system; - should conform to the last version of both Common Criteria and the ISO/IEC 19795 multipart standards; and - should cover those kinds of biometric performance evaluations that can be repeatable, i.e. technology and scenario evaluations as well as the Common Criteria evaluation activities involved in the execution of such test procedures. As for the evaluation of the security of biometric systems there is the need of determine their performance, and as such performance also depends on contour conditions, both evaluation methodologies (i.e. environmental and human factors) and Common Criteria guidelines, are merged in order to provide improved evaluation methodology for the security of biometric systems. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------El objetivo principal de esta Tesis Doctoral es la especificación de metodologías de evaluación formales para analizar el nivel de seguridad alcanzado por los sistemas biométricos cuando estos se encuentran trabajando bajo condiciones de contorno específicas. Este análisis se realiza a través del cálculo del rendimiento técnico básico del sistema biométrico y sus posibles variaciones. A tal efecto, se han elaborado las siguientes contribuciones. En primer lugar, se han especificado dos metodologías de evaluación de rendimiento biométrico de manera independiente para analizar y cuantificar la influencia de las condiciones ambientales y los factores humanos, respectivamente. Desde los primeros estudios sobre rendimiento biométrico, se ha afirmado y demostrado que éstos son los parámetros más significativos que pueden afectar negativamente al rendimiento biométrico. No obstante, a pesar de que la norma ISO/IEC 19795 que regula la evaluación y documentación del rendimiento de los sistemas biométricos fue publicada en 2006, ninguna metodología que evalúe dichos efectos adversos ha sido implementada hasta el momento. Por lo tanto la presente Tesis Doctoral propone ambas metodologías, las cuáles han sido definidas conforme a las siguientes condiciones: - son de carácter general e independientes de cualquier modalidad biométrica para cubrir el análisis de todo tipo de sistemas biométricos, - cumplen con los principios y requisitos previamente definidos en la norma internacional ISO/IEC 19795 [ISO'06b], y - proporcionan requisitos y procedimientos detallados para: definir las condiciones de los ensayos, efectuar métodos de ensayo reproducibles y obtener resultados objetivos e intercomparables. En segundo lugar, se han desarrollado directrices específicas que abordan la forma de realizar evaluaciones de rendimiento biométrico conforme a "Common Criteria for IT security evaluation" (conocido habitualmente como "Common Criteria" [CC]). Common Criteria es actualmente el único marco de evaluación internacionalmente reconocido del que disponen los desarrolladores de sistemas biométricos para analizar y demostrar el nivel de seguridad que alcanzan sus productos. Sin embargo, la aplicación de esta metodología a la tecnología biométrica requiere la especificación de pautas complementarias. Por consiguiente, esta Tesis Doctoral propone tales pautas o directrices, las cuáles se han especificado de acuerdo con los siguientes requisitos: - son independientes de cualquier modalidad biométrica, - se basan en los trabajos previos que ya han sido publicados en esta área tales como BTSE [BTSE'01], BEM [BEM'02] y el estándar internacional ISO/IEC 19792 [ISO'09a] que regula la evaluación de seguridad de los sistemas biométricos, - son conformes a las últimas versiones tanto de Common Criteria como de la norma internacional ISO/IEC 19795, y - cubren tanto el tipo de evaluaciones de rendimiento biométrico que pueden ser repetibles, es decir las evaluaciones tecnológicas y de escenario, como las actividades de evaluación establecidas por la norma Common Criteria que conllevan la realización de dichos procedimientos de test. Debido a que es necesario determinar el rendimiento de los sistemas biométricos para evaluar su seguridad, y ya que dicho rendimiento depende de distintas condiciones de contorno, las dos metodologías de evaluación previamente definidas (condiciones ambientales y factores humanos) se han unido con las directrices de Common Criteria, para así conseguir una mejora sustancial en la metodología de evaluación de la seguridad de los sistemas biométricos

On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks

Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been suggested as a potential countermeasure. In this study, we empirically evaluate the suitability of ambient sensors as a proximity detection mechanism for smartphone-based transactions under EMV constraints. We underpin our study using sensing data collected from 17 sensors from an emulated relay attack test-bed to assess whether they can thwart such attacks effectively. Each sensor, where feasible, was used to record 350-400 legitimate and relay (illegitimate) contactless transactions at two different physical locations. Our analysis provides an empirical foundation upon which to determine the efficacy of ambient sensing for providing a strong anti-relay mechanism in security-sensitive applications. We demonstrate that no single, evaluated mobile ambient sensor is suitable for such critical applications under realistic deployment constraints

Reducing academic procrastination: Designing an artifact to aid students

Masteroppgave i medie- og interaksjonsdesignMIX350MASV-MI

Avaliação de um sistema com base em corpus para a pesquisa, ensino e prática da tradução sob as perspectivas da ergonomia e usabilidade

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro de Comunicação e Expressão, Programa de Pós-Graduação em Estudos de Tradução, Florianópolis, 2016.Este trabalho tem por objetivo principal avaliar um sistema de tradução com base em corpus, denominado COPA-TRAD, sob a perspectiva do usuário (pesquisador, tradutor, estudante ? da área de tradução), considerando características de usabilidade e ergonomia cognitiva. A intenção é compreender como se dá a interação dos usuários com o software investigado, visto o crescimento em nível de complexidade e diversidade das tecnologias de tradução com base em corpus, e a pouca atenção empregada às recomendações da área de interação humano-computador (IHC). A pesquisa foi dividida em etapas distintas: primeiramente as conversas informais com os participantes da pesquisa, e seguidas pela aplicação de um questionário de usabilidade. Ademais, foram conduzidas a avaliação heurística; a inspeção ergonômica por meio de listas de verificação; e, por último, a avaliação comparativa entre sistemas. A partir da análise dos resultados, constatou-se que apesar da preocupação com a experiência do usuário, o sistema investigado apresentou alguns problemas relacionados à usabilidade, sendo que não fez uso de métodos de usabilidade e ergonomia conhecidos, seja durante o desenvolvimento ou após a conclusão do software. Por fim, o estudo apontou direções em que um sistema de análise de corpus possa ser adaptado às necessidades do usuário, e ainda identificou alguns dos itens que requerem melhorias. Acredita-se que a contribuição metodológica venha a fomentar um melhor desenvolvimento de sistemas e/ou ferramentas para pesquisa, ensino e prática de tradução, assim como promover mais discussões sobre o tema.Abstract : This study evaluates a corpus-based translation system, called COPA-TRAD, from the user's perspective (Translation Studies researcher, translator or student), addressing usability and cognitive ergonomics characteristics. We expect to get a better understanding of the interaction between the user and the analyzed software, due to the growing complexity and diversity of corpus-based translation technologies that do not take into consideration human-computer interaction (HCI) recommendations yet. The proposed study is composed of distinct stages: first, informal conversations with the participants, second, administration of a usability questionnaire to all parties, third, a heuristic evaluation; ergonomics checklist inspection; and, finally, a comparative analysis. Data analysis has shown that despite the explicit concern on user experience, the analyzed system presented some issues related to usability, and had not made use of known ergonomics and usability methods, either during development or after software delivery. Lastly, the study points out directions on which a corpus analysis system can be adapted to user needs, and indicates some features that require improvement. We believe that the methodological contribution will foster a better development of systems and tools for research, teaching, and practice of translation, as well as, promote further discussion on the topic

The rockerverse : packages and applications for containerisation with R

The Rocker Project provides widely used Docker images for R across different application scenarios. This article surveys downstream projects that build upon the Rocker Project images and presents the current state of R packages for managing Docker images and controlling containers. These use cases cover diverse topics such as package development, reproducible research, collaborative work, cloud-based data processing, and production deployment of services. The variety of applications demonstrates the power of the Rocker Project specifically and containerisation in general. Across the diverse ways to use containers, we identified common themes: reproducible environments, scalability and efficiency, and portability across clouds. We conclude that the current growth and diversification of use cases is likely to continue its positive impact, but see the need for consolidating the Rockerverse ecosystem of packages, developing common practices for applications, and exploring alternative containerisation software

Handling of Past and Future with Phenesthe+

Writing temporal logic formulae for properties that combine instantaneous events with overlapping temporal phenomena of some duration is difficult in classical temporal logics. To address this issue, in previous work we introduced a new temporal logic with intuitive temporal modalities specifically tailored for the representation of both instantaneous and durative phenomena. We also provided an implementation of a complex event processing system, Phenesthe, based on this logic, that has been applied and tested on a real maritime surveillance scenario. In this work, we extend our temporal logic with two extra modalities to increase its expressive power for handling future formulae. We compare the expressive power of different fragments of our logic with Linear Temporal Logic and dyadic first-order logic. Furthermore, we define correctness criteria for stream processors that use our language. Last but not least, we evaluate empirically the performance of Phenesthe+, our extended implementation, and show that the increased expressive power does not affect efficiency significantly

Travelling an unfamiliar road: Implications for the entry of design practitioners into healthcare

This thesis reflects on the User Experience design practice employed for the HealthMap project to create online interactive self-management plans for people with HIV. It traces the development of collaborative design understanding within the multidisciplinary team and identifies key elements in the development of a healthcare IT design practice that lay the foundation for an emerging Community of Practice for Healthcare Experience Designers