1,605 research outputs found
Frictionless Authentication Systems: Emerging Trends, Research Challenges and Opportunities
Authentication and authorization are critical security layers to protect a
wide range of online systems, services and content. However, the increased
prevalence of wearable and mobile devices, the expectations of a frictionless
experience and the diverse user environments will challenge the way users are
authenticated. Consumers demand secure and privacy-aware access from any
device, whenever and wherever they are, without any obstacles. This paper
reviews emerging trends and challenges with frictionless authentication systems
and identifies opportunities for further research related to the enrollment of
users, the usability of authentication schemes, as well as security and privacy
trade-offs of mobile and wearable continuous authentication systems.Comment: published at the 11th International Conference on Emerging Security
Information, Systems and Technologies (SECURWARE 2017
Quality assessment technique for ubiquitous software and middleware
The new paradigm of computing or information systems is ubiquitous computing systems. The technology-oriented issues of ubiquitous computing systems have made researchers pay much attention to the feasibility study of the technologies rather than building quality assurance indices or guidelines. In this context, measuring quality is the key to developing high-quality ubiquitous computing products. For this reason, various quality models have been defined, adopted and enhanced over the years, for example, the need for one recognised standard quality model (ISO/IEC 9126) is the result of a consensus for a software quality model on three levels: characteristics, sub-characteristics, and metrics. However, it is very much unlikely that this scheme will be directly applicable to ubiquitous computing environments which are considerably different to conventional software, trailing a big concern which is being given to reformulate existing methods, and especially to elaborate new assessment techniques for ubiquitous computing environments. This paper selects appropriate quality characteristics for the ubiquitous computing environment, which can be used as the quality target for both ubiquitous computing product evaluation processes ad development processes. Further, each of the quality characteristics has been expanded with evaluation questions and metrics, in some cases with measures. In addition, this quality model has been applied to the industrial setting of the ubiquitous computing environment. These have revealed that while the approach was sound, there are some parts to be more developed in the future
EyeSpot: leveraging gaze to protect private text content on mobile devices from shoulder surfing
As mobile devices allow access to an increasing amount of private data, using them in public can potentially leak sensitive information through shoulder surfing. This includes personal private data (e.g., in chat conversations) and business-related content (e.g., in emails). Leaking the former might infringe on users’ privacy, while leaking the latter is considered a breach of the EU’s General Data Protection Regulation as of May 2018. This creates a need for systems that protect sensitive data in public. We introduce EyeSpot, a technique that displays content through a spot that follows the user’s gaze while hiding the rest of the screen from an observer’s view through overlaid masks. We explore different configurations for EyeSpot in a user study in terms of users’ reading speed, text comprehension, and perceived workload. While our system is a proof of concept, we identify crystallized masks as a promising design candidate for further evaluation with regard to the security of the system in a shoulder surfing scenario
A Regulatory Model for Context-Aware Abstract Framework
Proceedings of: 23rd International Conference on Industrial Engineering and
Other Applications of Applied Intelligent Systems, IEA/AIE 2010, Cordoba,
Spain, June 1-4, 2010.This paper presents a general framework to define a context aware application and analyzes social guarantees to be considered to develop this kind of applications following legal assumptions as privacy, human rights, etc. We
present a review of legal issues in biometric user identification where several
legal aspects have been developed in European Union regulation and a general
framework to define context aware applications. As main result, paper presents
a legal framework to be taken into account in any context-based application to
ensure a harmonious and coherent system for the protection of fundamental
rights.This work was supported in part by Projects CICYT TIN2008-06742-C02-02/TSI, CICYT
TEC2008-06732-C02-02/TEC, CAM CONTEXTS (S2009/TIC-1485) and DPS2008-07029-
C02-02.Publicad
Challenges of Multi-Factor Authentication for Securing Advanced IoT (A-IoT) Applications
The unprecedented proliferation of smart devices together with novel
communication, computing, and control technologies have paved the way for the
Advanced Internet of Things~(A-IoT). This development involves new categories
of capable devices, such as high-end wearables, smart vehicles, and consumer
drones aiming to enable efficient and collaborative utilization within the
Smart City paradigm. While massive deployments of these objects may enrich
people's lives, unauthorized access to the said equipment is potentially
dangerous. Hence, highly-secure human authentication mechanisms have to be
designed. At the same time, human beings desire comfortable interaction with
their owned devices on a daily basis, thus demanding the authentication
procedures to be seamless and user-friendly, mindful of the contemporary urban
dynamics. In response to these unique challenges, this work advocates for the
adoption of multi-factor authentication for A-IoT, such that multiple
heterogeneous methods - both well-established and emerging - are combined
intelligently to grant or deny access reliably. We thus discuss the pros and
cons of various solutions as well as introduce tools to combine the
authentication factors, with an emphasis on challenging Smart City
environments. We finally outline the open questions to shape future research
efforts in this emerging field.Comment: 7 pages, 4 figures, 2 tables. The work has been accepted for
publication in IEEE Network, 2019. Copyright may be transferred without
notice, after which this version may no longer be accessibl
Unique Identity Project in India: A Divine Dream or a Miscalculated Heroism?
The Unique Identity Project in India is a flagship project as being highlighted by the Government of India and is being portrayed as a panacea for all ills that exist in the country. Although time can only tell about the efficiency and efficacy of the project, but the very launch of this exercise has made it the largest biometric based identity disbursing e-government project in the globe. This paper, tries to put the current UID project of India into a perspective to evaluate the set of issues and concerns, as pointed by various stakeholders and try to understand the degree of criticality of those arguments. In this light, the areas of concerns around the UID project in India are also being pointed out. Given the largest IT project in nay government globally, the topic is of immense significance besides being timely and the discussion can provide impetus to a series of research activities in the areas of public policy, Information Systems planning and execution as well as appreciating the risks that get associated with such large initiatives.
- …