2,696 research outputs found
Authentication under Constraints
Authentication has become a critical step to gain access to services such as on-line banking, e-commerce, transport systems and cars (contact-less keys). In several cases, however, the authentication process has to be performed under challenging conditions. This thesis is essentially a compendium of five papers which are the result of a two-year study on authentication in constrained settings. The two major constraints considered in this work are: (1) the noise and (2) the computational power. For what concerns authentication under noisy conditions, Paper A and Paper B ad- dress the case in which the noise is in the authentication credentials. More precisely, the aforementioned papers present attacks against biometric authentication systems, that exploit the inherent variant nature of biometric traits to gain information that should not be leaked by the system. Paper C and Paper D study proximity- based authentication, i.e., distance-bounding protocols. In this case, both of the constraints are present: the possible presence of noise in the channel (which affects communication and thus the authentication process), as well as resource constraints on the computational power and the storage space of the authenticating party (called the prover, e.g., an RFID tag). Finally, Paper E investigates how to achieve reliable verification of the authenticity of a digital signature, when the verifying party has limited computational power, and thus offloads part of the computations to an untrusted server. Throughout the presented research work, a special emphasis is given to privacy concerns risen by the constrained conditions
Challenges of Multi-Factor Authentication for Securing Advanced IoT (A-IoT) Applications
The unprecedented proliferation of smart devices together with novel
communication, computing, and control technologies have paved the way for the
Advanced Internet of Things~(A-IoT). This development involves new categories
of capable devices, such as high-end wearables, smart vehicles, and consumer
drones aiming to enable efficient and collaborative utilization within the
Smart City paradigm. While massive deployments of these objects may enrich
people's lives, unauthorized access to the said equipment is potentially
dangerous. Hence, highly-secure human authentication mechanisms have to be
designed. At the same time, human beings desire comfortable interaction with
their owned devices on a daily basis, thus demanding the authentication
procedures to be seamless and user-friendly, mindful of the contemporary urban
dynamics. In response to these unique challenges, this work advocates for the
adoption of multi-factor authentication for A-IoT, such that multiple
heterogeneous methods - both well-established and emerging - are combined
intelligently to grant or deny access reliably. We thus discuss the pros and
cons of various solutions as well as introduce tools to combine the
authentication factors, with an emphasis on challenging Smart City
environments. We finally outline the open questions to shape future research
efforts in this emerging field.Comment: 7 pages, 4 figures, 2 tables. The work has been accepted for
publication in IEEE Network, 2019. Copyright may be transferred without
notice, after which this version may no longer be accessibl
Understanding the Experience-Centeredness of Privacy and Security Technologies
The joint study of computer security, privacy and human-computer interaction (HCI) over the last two decades has shaped a research agenda focused upon usable privacy & security. However, in HCI research more generally there has long been an awareness of the need to understand and design for user experience, in recognition of the complex and multi-faceted role that technology now plays in our lives. In this paper we add to the growing discussion by introducing the notion of experience-centered privacy and security. We argue that in order to engage users of technology around issues related to experiences of privacy and security, research methods are required that may be outside of the normal repertoire of methods that we typically call upon. We describe three projects that developed non-typical research methods to reveal experiential insights into user interactions with privacy and security-related technologies. We conclude by proposing a research agenda that begins to illustrate how the discourse and methods of experience-centered design might serve to provide valuable alternative perspectives on new and enduring user-facing privacy and security problems
Pay or delay: the role of technology when managing a low income
This paper reports on a qualitative study of 38 low-income individuals living in the North East of England. The participants' experiences of money, banking and the role digital technology plays in their financial practices were identified through semi-structured interviews in people's homes and group workshops. A grounded theory analysis of these data characterises how technology both helped and hindered participants to keep close control of their finances. These findings suggest design opportunities for future digital banking technologies that extend the already sophisticated practices of individuals managing a low income, focusing on: delaying, prioritising, planning, watching, and hiding monetary transactions
Trust and Trustworthiness
In this chapter, we discuss when, how, and why trust and trustworthiness arise to support cooperation within and across organizations. To do so, we first define trust and trustworthiness, discuss how they can be quantified, and determine key components of trusting and trustworthy behavior. In addition, we identify building blocks of trust and trustworthiness and offer tangible insights about how to establish trusting and cooperative business/interorganizational relationships, based on both academic research and case studies from across industries
A Survey on Consensus Mechanisms and Mining Strategy Management in Blockchain Networks
© 2013 IEEE. The past decade has witnessed the rapid evolution in blockchain technologies, which has attracted tremendous interests from both the research communities and industries. The blockchain network was originated from the Internet financial sector as a decentralized, immutable ledger system for transactional data ordering. Nowadays, it is envisioned as a powerful backbone/framework for decentralized data processing and data-driven self-organization in flat, open-access networks. In particular, the plausible characteristics of decentralization, immutability, and self-organization are primarily owing to the unique decentralized consensus mechanisms introduced by blockchain networks. This survey is motivated by the lack of a comprehensive literature review on the development of decentralized consensus mechanisms in blockchain networks. In this paper, we provide a systematic vision of the organization of blockchain networks. By emphasizing the unique characteristics of decentralized consensus in blockchain networks, our in-depth review of the state-of-the-art consensus protocols is focused on both the perspective of distributed consensus system design and the perspective of incentive mechanism design. From a game-theoretic point of view, we also provide a thorough review of the strategy adopted for self-organization by the individual nodes in the blockchain backbone networks. Consequently, we provide a comprehensive survey of the emerging applications of blockchain networks in a broad area of telecommunication. We highlight our special interest in how the consensus mechanisms impact these applications. Finally, we discuss several open issues in the protocol design for blockchain consensus and the related potential research directions
- …