Authentication under Constraints

Authentication has become a critical step to gain access to services such as on-line banking, e-commerce, transport systems and cars (contact-less keys). In several cases, however, the authentication process has to be performed under challenging conditions. This thesis is essentially a compendium of five papers which are the result of a two-year study on authentication in constrained settings. The two major constraints considered in this work are: (1) the noise and (2) the computational power. For what concerns authentication under noisy conditions, Paper A and Paper B ad- dress the case in which the noise is in the authentication credentials. More precisely, the aforementioned papers present attacks against biometric authentication systems, that exploit the inherent variant nature of biometric traits to gain information that should not be leaked by the system. Paper C and Paper D study proximity- based authentication, i.e., distance-bounding protocols. In this case, both of the constraints are present: the possible presence of noise in the channel (which affects communication and thus the authentication process), as well as resource constraints on the computational power and the storage space of the authenticating party (called the prover, e.g., an RFID tag). Finally, Paper E investigates how to achieve reliable verification of the authenticity of a digital signature, when the verifying party has limited computational power, and thus offloads part of the computations to an untrusted server. Throughout the presented research work, a special emphasis is given to privacy concerns risen by the constrained conditions

Challenges of Multi-Factor Authentication for Securing Advanced IoT (A-IoT) Applications

The unprecedented proliferation of smart devices together with novel communication, computing, and control technologies have paved the way for the Advanced Internet of Things~(A-IoT). This development involves new categories of capable devices, such as high-end wearables, smart vehicles, and consumer drones aiming to enable efficient and collaborative utilization within the Smart City paradigm. While massive deployments of these objects may enrich people's lives, unauthorized access to the said equipment is potentially dangerous. Hence, highly-secure human authentication mechanisms have to be designed. At the same time, human beings desire comfortable interaction with their owned devices on a daily basis, thus demanding the authentication procedures to be seamless and user-friendly, mindful of the contemporary urban dynamics. In response to these unique challenges, this work advocates for the adoption of multi-factor authentication for A-IoT, such that multiple heterogeneous methods - both well-established and emerging - are combined intelligently to grant or deny access reliably. We thus discuss the pros and cons of various solutions as well as introduce tools to combine the authentication factors, with an emphasis on challenging Smart City environments. We finally outline the open questions to shape future research efforts in this emerging field.Comment: 7 pages, 4 figures, 2 tables. The work has been accepted for publication in IEEE Network, 2019. Copyright may be transferred without notice, after which this version may no longer be accessibl

Understanding the Experience-Centeredness of Privacy and Security Technologies

The joint study of computer security, privacy and human-computer interaction (HCI) over the last two decades has shaped a research agenda focused upon usable privacy & security. However, in HCI research more generally there has long been an awareness of the need to understand and design for user experience, in recognition of the complex and multi-faceted role that technology now plays in our lives. In this paper we add to the growing discussion by introducing the notion of experience-centered privacy and security. We argue that in order to engage users of technology around issues related to experiences of privacy and security, research methods are required that may be outside of the normal repertoire of methods that we typically call upon. We describe three projects that developed non-typical research methods to reveal experiential insights into user interactions with privacy and security-related technologies. We conclude by proposing a research agenda that begins to illustrate how the discourse and methods of experience-centered design might serve to provide valuable alternative perspectives on new and enduring user-facing privacy and security problems

Pay or delay: the role of technology when managing a low income

This paper reports on a qualitative study of 38 low-income individuals living in the North East of England. The participants' experiences of money, banking and the role digital technology plays in their financial practices were identified through semi-structured interviews in people's homes and group workshops. A grounded theory analysis of these data characterises how technology both helped and hindered participants to keep close control of their finances. These findings suggest design opportunities for future digital banking technologies that extend the already sophisticated practices of individuals managing a low income, focusing on: delaying, prioritising, planning, watching, and hiding monetary transactions

Trust and Trustworthiness

In this chapter, we discuss when, how, and why trust and trustworthiness arise to support cooperation within and across organizations. To do so, we first define trust and trustworthiness, discuss how they can be quantified, and determine key components of trusting and trustworthy behavior. In addition, we identify building blocks of trust and trustworthiness and offer tangible insights about how to establish trusting and cooperative business/interorganizational relationships, based on both academic research and case studies from across industries

A Survey on Consensus Mechanisms and Mining Strategy Management in Blockchain Networks

© 2013 IEEE. The past decade has witnessed the rapid evolution in blockchain technologies, which has attracted tremendous interests from both the research communities and industries. The blockchain network was originated from the Internet financial sector as a decentralized, immutable ledger system for transactional data ordering. Nowadays, it is envisioned as a powerful backbone/framework for decentralized data processing and data-driven self-organization in flat, open-access networks. In particular, the plausible characteristics of decentralization, immutability, and self-organization are primarily owing to the unique decentralized consensus mechanisms introduced by blockchain networks. This survey is motivated by the lack of a comprehensive literature review on the development of decentralized consensus mechanisms in blockchain networks. In this paper, we provide a systematic vision of the organization of blockchain networks. By emphasizing the unique characteristics of decentralized consensus in blockchain networks, our in-depth review of the state-of-the-art consensus protocols is focused on both the perspective of distributed consensus system design and the perspective of incentive mechanism design. From a game-theoretic point of view, we also provide a thorough review of the strategy adopted for self-organization by the individual nodes in the blockchain backbone networks. Consequently, we provide a comprehensive survey of the emerging applications of blockchain networks in a broad area of telecommunication. We highlight our special interest in how the consensus mechanisms impact these applications. Finally, we discuss several open issues in the protocol design for blockchain consensus and the related potential research directions