Guessing human-chosen secrets

Authenticating humans to computers remains a notable weak point in computer security despite decades of effort. Although the security research community has explored dozens of proposals for replacing or strengthening passwords, they appear likely to remain entrenched as the standard mechanism of human-computer authentication on the Internet for years to come. Even in the optimistic scenario of eliminating passwords from most of today's authentication protocols using trusted hardware devices or trusted servers to perform federated authentication, passwords will persist as a means of "last-mile" authentication between humans and these trusted single sign-on deputies. This dissertation studies the difficulty of guessing human-chosen secrets, introducing a sound mathematical framework modeling human choice as a skewed probability distribution. We introduce a new metric, alpha-guesswork, which can accurately models the resistance of a distribution against all possible guessing attacks. We also study the statistical challenges of estimating this metric using empirical data sets which can be modeled as a large random sample from the underlying probability distribution. This framework is then used to evaluate several representative data sets from the most important categories of human-chosen secrets to provide reliable estimates of security against guessing attacks. This includes collecting the largest-ever corpus of user-chosen passwords, with nearly 70 million, the largest list of human names ever assembled for research, the largest data sets of real answers to personal knowledge questions and the first data published about human choice of banking PINs. This data provides reliable numbers for designing security systems and highlights universal limitations of human-chosen secrets

A Mixed Methods Multiple Case Study of Implementation as Usual in Children\u27s Social Service Organizations

Increasing the adoption and sustainment of evidence-based treatments (EBTs) in children\u27s mental health and social service systems will require the development of evidence-based implementation strategies. In order to ensure that these strategies are feasible, acceptable, sustainable, and scalable, efforts to identify and develop implementation strategies will need to be grounded by a thorough understanding of real world service systems as well as organizational stakeholders\u27 preferences for particular strategies. In other words, there is a need for a better understanding of usual care settings, and in particular, what constitutes implementation as usual. This study employed a mixed methods, multiple-case study of six organizations that provide social and mental health services to children and youth in a Midwestern city to describe the state of implementation as usual in children\u27s social services, evaluate the extent to which implementation as usual reflects emerging best practices specified in the implementation literature, and inform the future development of implementation strategies that will be practical and effective. The specific aims of this study were: (1) to identify and characterize the implementation strategies used; (2) to explore how organizational leaders make decisions about which treatments and programs to implement and how to implement them; (3) to assess stakeholders\u27 (organizational leaders and clinicians) perceptions of the effectiveness, comparative effectiveness, feasibility, and appropriateness of implementation strategies; and (4) to examine the relationship between organizational social context (culture and climate) and implementation strategy selection, implementation decision making, and perceptions of implementation strategies. These aims were accomplished through semi-structured interviews, focus groups, document review, an online survey of stakeholders\u27 perceptions of implementation strategies, and a standardized measure of organizational social context. Organizations considered a range of factors when making treatment and implementation decisions. While some considered empirical evidence to make decisions about which treatments to implement, they rarely considered empirical evidence when considering how to implement interventions. Across organizations, provider-focused strategies (e.g., training, supervision) were dominant; however, many of these strategies were not offered at the frequency and intensity that is generally required to implement EBTs effectively. Multiple areas of implementation were not well addressed, including process, client, organizational, financial, and policy levels. Several problematic trends related to strategy use were identified, such as the inconsistent provision of training and supervision, monitoring fidelity in ways not thought to be helpful, and failing to measure or appropriately utilize clinical outcome data. Stakeholders generally perceived active implementation strategies to be more effective than passive strategies, and did not respond well to strategies that were punitive in nature. Findings demonstrate how organizational social context can impact implementation processes and stakeholders\u27 perceptions of the effectiveness of implementation strategies. Important implications for practice, policy and research were derived

Efficient Passive Clustering and Gateways selection MANETs

Passive clustering does not employ control packets to collect topological information in ad hoc networks. In our proposal, we avoid making frequent changes in cluster architecture due to repeated election and re-election of cluster heads and gateways. Our primary objective has been to make Passive Clustering more practical by employing optimal number of gateways and reduce the number of rebroadcast packets

Front-Line Physicians' Satisfaction with Information Systems in Hospitals

Day-to-day operations management in hospital units is difficult due to continuously varying situations, several actors involved and a vast number of information systems in use. The aim of this study was to describe front-line physicians' satisfaction with existing information systems needed to support the day-to-day operations management in hospitals. A cross-sectional survey was used and data chosen with stratified random sampling were collected in nine hospitals. Data were analyzed with descriptive and inferential statistical methods. The response rate was 65 % (n = 111). The physicians reported that information systems support their decision making to some extent, but they do not improve access to information nor are they tailored for physicians. The respondents also reported that they need to use several information systems to support decision making and that they would prefer one information system to access important information. Improved information access would better support physicians' decision making and has the potential to improve the quality of decisions and speed up the decision making process.Peer reviewe

Planting the Seeds for High-Quality Program Evaluation in Public Health

Evaluation and evidence-informed decision making are central to public health practice. In recent decades, the professional discipline of evaluation has experienced tremendous growth that can be leveraged for use in public health. To meet the growing need20211052