Selected Computing Research Papers Volume 7 June 2018

Contents Critical Evaluation of Arabic Sentimental Analysis and Their Accuracy on Microblogs (Maha Al-Sakran) Evaluating Current Research on Psychometric Factors Affecting Teachers in ICT Integration (Daniel Otieno Aoko) A Critical Analysis of Current Measures for Preventing Use of Fraudulent Resources in Cloud Computing (Grant Bulman) An Analytical Assessment of Modern Human Robot Interaction Systems (Dominic Button) Critical Evaluation of Current Power Management Methods Used in Mobile Devices (One Lekula) A Critical Evaluation of Current Face Recognition Systems Research Aimed at Improving Accuracy for Class Attendance (Gladys B. Mogotsi) Usability of E-commerce Website Based on Perceived Homepage Visual Aesthetics (Mercy Ochiel) An Overview Investigation of Reducing the Impact of DDOS Attacks on Cloud Computing within Organisations (Jabed Rahman) Critical Analysis of Online Verification Techniques in Internet Banking Transactions (Fredrick Tshane

Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels

We show that subtle acoustic noises emanating from within computer screens can be used to detect the content displayed on the screens. This sound can be picked up by ordinary microphones built into webcams or screens, and is inadvertently transmitted to other parties, e.g., during a videoconference call or archived recordings. It can also be recorded by a smartphone or "smart speaker" placed on a desk next to the screen, or from as far as 10 meters away using a parabolic microphone. Empirically demonstrating various attack scenarios, we show how this channel can be used for real-time detection of on-screen text, or users' input into on-screen virtual keyboards. We also demonstrate how an attacker can analyze the audio received during video call (e.g., on Google Hangout) to infer whether the other side is browsing the web in lieu of watching the video call, and which web site is displayed on their screen

Assessing and Improving the Usability of the Medical Data Models Portal

Case report forms (CRF) specify data definitions and encodings for data to be collected in clinical trials. To enable exchange of data definitions and in this way to avoid creation of variants of CRF for similar study designs, the Medical Data Model portal (MDM) has been developed since 2011. This work aims at studying the usability of the MDM portal. We identify issues that hamper its adoption by researchers in order to derive measurements for improving it. We selected relevant tools (e.g. Nibbler, Hotjar, SUPR-Q) for usability testing and generated a structured test protocol. More specifically, the portal was assessed by means of a static analysis, user analysis (n=10), a usability test (n=10) and statistical evaluations. Regarding accessibility and technology, the static code analysis resulted in high scores. Presentation of information and functions as well as interaction with the portal still has to be improved: The results show that only limited functions of the webpage are used regularly and some user navigation errors occur due to the portal's design. In total, six major problems were identified which will be addressed in future. A continuous evaluation using the same structured test protocol allows to continuously measure the website quality, to compare it after changes have been implemented and in this way, to realise a continuous improvement. The effort for a repeated evaluation of the same evaluation with 10 persons is estimated with 10 hours

Evaluating usability of e-commerce sites by tracking eye movements

The majority of existing e-commerce design guidelines has been derived by conducting heuristic evaluations, without reporting the involvement of the users themselves. This research provides clarification on a number of existing web design guidelines for e-commerce sites based on empirical studies with users. Four studies were conducted and each study focused on a specific set of design guidelines as found in the literature. A combined qualitative and quantitative approach has been used, including a state-of-the-art technique, eye tracking. The eye movement data were complemented by user-profile data elicited through background questionnaires and user-perception data as captured through semi-structured interviews. The first study investigated users’ initial impressions of homepages of e-commerce sites. The second study examined users’ adaptability to persistent or varied placement of design elements. The third and fourth studies explored the effect of the presentation format of e-commerce web pages: the first in terms of the proportion of images, and the second in terms of how key icons related to an e-commerce transaction were presented. On the whole, the results of the studies corroborated existing design guidelines, but they also identified potential refinements. The thesis contributes both methodologically and empirically to Human-Computer Interaction. The combined methodological approach enables insight into the user experience that spans behavioural aspects such as visual search behaviour and visual search performance data, and subjective aspects such as user expectations and preferences. The empirical outcomes amplify the design guidelines from a user’s perspective

Understanding building and urban environment interactions: An integrated framework for building occupancy modelling

Improving building energy efficiency requires accurate modelling and a comprehensive understanding of how occupants use building space. This thesis focuses on modelling building occupancy to enhance the predictive accuracy of occupancy patterns and gain a better understanding of the causal reasons for occupancy behaviour. A conceptual framework is proposed to relax the restriction of isolated building analysis, which accounts for interactions between buildings, its occupants, and other urban systems, such as the effects of transport incidents on occupancy and circulation in buildings. This thesis also presents a counterpart mapping of the framework that elaborates the links between modelling of transport and building systems. To operationalise the proposed framework, a novel modelling approach which has not been used in the current context, called the hazard-based model, is applied to model occupancy from a single building up to a district area. The proposed framework is further adapted to integrate more readily with transport models, to ensure that arrivals and departures to and from the building are consistent with the situation of the surrounding transport systems. The proposed framework and occupancy models are calibrated and validated using Wi-Fi data and other variables, such as transport and weather parameters, harvested from the South Kensington campus of Imperial College London. In addition to calibrating the occupancy model, integrating a travel simulator produces synthetic arrivals into or around the campus, which are further distributed over campus buildings via an adapted technique and feed the occupancy simulations. The model estimation results reveal the causal reasons for or exogenous effects on individual occupancy states. The validation results confirm the ability of the proposed models to predict building occupancy accurately both on average and day by day across the future dataset. Finally, evaluating occupancy simulations for various hypothetical scenarios provides valuable suggestions for efficient building design and facility operation.Open Acces

Dynamic Template Adjustment in Continuous Keystroke Dynamics

Dynamika úhozů kláves je jednou z behaviorálních biometrických charakteristik, kterou je možné použít pro průběžnou autentizaci uživatelů. Vzhledem k tomu, že styl psaní na klávesnici se v čase mění, je potřeba rovněž upravovat biometrickou šablonu. Tímto problémem se dosud, alespoň pokud je autorovi známo, žádná studie nezabývala. Tato diplomová práce se pokouší tuto mezeru zaplnit. S pomocí dat o časování úhozů od 22 dobrovolníků bylo otestováno několik technik klasifikace, zda je možné je upravit na online klasifikátory, zdokonalující se bez učitele. Výrazné zlepšení v rozpoznání útočníka bylo zaznamenáno u jednotřídového statistického klasifikátoru založeného na normované Euklidovské vzdálenosti, v průměru o 23,7 % proti původní verzi bez adaptace, zlepšení však bylo pozorováno u všech testovacích sad. Změna míry rozpoznání správného uživatele se oproti tomu různila, avšak stále zůstávala na přijatelných hodnotách.Keystroke dynamics is one of behavioural biometric characteristics which can be employed for continuous user authentication. As typing style on a keyboard changes in time, the template adapting is necessary. No study covered this topic yet, as far as the author knows. This master thesis tries to fill this gap. Several classification techniques were exercised with help of keystroke data from 22 volunteers in order to test if they can be improved to unsupervised online classifiers. A significant improvement in impostor recognition was noted at one-class statistical classifier based on normed Euclidean distance. The impostor could make 23.7 % actions less than in offline version on average but the improvement was obseved with all test sets. In contrary, the genuine user recognition varied from user to user but it still kept at acceptable values.

Information Leakage Attacks and Countermeasures

The scientific community has been consistently working on the pervasive problem of information leakage, uncovering numerous attack vectors, and proposing various countermeasures. Despite these efforts, leakage incidents remain prevalent, as the complexity of systems and protocols increases, and sophisticated modeling methods become more accessible to adversaries. This work studies how information leakages manifest in and impact interconnected systems and their users. We first focus on online communications and investigate leakages in the Transport Layer Security protocol (TLS). Using modern machine learning models, we show that an eavesdropping adversary can efficiently exploit meta-information (e.g., packet size) not protected by the TLS’ encryption to launch fingerprinting attacks at an unprecedented scale even under non-optimal conditions. We then turn our attention to ultrasonic communications, and discuss their security shortcomings and how adversaries could exploit them to compromise anonymity network users (even though they aim to offer a greater level of privacy compared to TLS). Following up on these, we delve into physical layer leakages that concern a wide array of (networked) systems such as servers, embedded nodes, Tor relays, and hardware cryptocurrency wallets. We revisit location-based side-channel attacks and develop an exploitation neural network. Our model demonstrates the capabilities of a modern adversary but also presents an inexpensive tool to be used by auditors for detecting such leakages early on during the development cycle. Subsequently, we investigate techniques that further minimize the impact of leakages found in production components. Our proposed system design distributes both the custody of secrets and the cryptographic operation execution across several components, thus making the exploitation of leaks difficult

CHORUS Deliverable 2.1: State of the Art on Multimedia Search Engines

Based on the information provided by European projects and national initiatives related to multimedia search as well as domains experts that participated in the CHORUS Think-thanks and workshops, this document reports on the state of the art related to multimedia content search from, a technical, and socio-economic perspective. The technical perspective includes an up to date view on content based indexing and retrieval technologies, multimedia search in the context of mobile devices and peer-to-peer networks, and an overview of current evaluation and benchmark inititiatives to measure the performance of multimedia search engines. From a socio-economic perspective we inventorize the impact and legal consequences of these technical advances and point out future directions of research

A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial