76 research outputs found
Empirical techniques and algorithms to develop a resilient non-supervised touch-based authentication system
Touch dynamics (or touch based authentication) refers to a behavioral biometric for touchscreen devices wherein a user is authenticated based on his/her executed touch gestures. This work addresses two research topics. We first present a series of empirical techniques to detect habituation in the user’s touch profile, its detrimental effect on authentication accuracy and strategies to overcome these effects. Habituation here refers to changes in the user’s profile and/or noise within it due to the user’s familiarization with the device and software application. With respect to habituation, we show that habituation causes the user’s touch profile to evolve significantly and irrevocably over time even after the user is familiar with the device and software application. This phenomenon considerably degrades classifier accuracy. We demonstrate techniques that lower the error rate to 3.68% and sets the benchmark in this field for a realistic test setup. Finally, we quantify the benefits of vote-based reclassification of predicted class labels and show that this technique is vital for achieving high accuracy in realistic touch-based authentication systems.
In the second half, we implement the first ever non-supervised classification algorithm in
touch based continual authentication. This scheme incorporates clustering into the traditional supervised algorithm. We reduce the mis-classification rate by fusing supervised random forest algorithm and non-supervised clustering (either Bayesian learning or simple rule of combinations). Fusing with Bayesian clustering reduced the mis-classification rate by 50% while fusing with simple rule of combination reduced the mis-classification rate by as much as 59.5% averaged over all the users.Master of ScienceComputer Science & Information SystemsUniversity of Michigan-Flinthttp://deepblue.lib.umich.edu/bitstream/2027.42/134750/1/Palaskar2016.pdfDescription of Palaskar2016.pdf : Main articl
CHORUS Deliverable 2.2: Second report - identification of multi-disciplinary key issues for gap analysis toward EU multimedia search engines roadmap
After addressing the state-of-the-art during the first year of Chorus and establishing the existing landscape in
multimedia search engines, we have identified and analyzed gaps within European research effort during our second year.
In this period we focused on three directions, notably technological issues, user-centred issues and use-cases and socio-
economic and legal aspects. These were assessed by two central studies: firstly, a concerted vision of functional breakdown
of generic multimedia search engine, and secondly, a representative use-cases descriptions with the related discussion on
requirement for technological challenges. Both studies have been carried out in cooperation and consultation with the
community at large through EC concertation meetings (multimedia search engines cluster), several meetings with our
Think-Tank, presentations in international conferences, and surveys addressed to EU projects coordinators as well as
National initiatives coordinators. Based on the obtained feedback we identified two types of gaps, namely core
technological gaps that involve research challenges, and “enablers”, which are not necessarily technical research
challenges, but have impact on innovation progress. New socio-economic trends are presented as well as emerging legal
challenges
On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes
Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications.
A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical.
The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elämme, on muovautunut teknologian kehityksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tämän kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenäisen viestinnän ennennäkemättömässä mittakaavassa. Internet on muovautunut ehkä keskeisimmäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän olemassaoloa.
Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työkalut eivät vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettä, vaan myös vaarantavat kaiken Internet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltaisia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnallisesta näkökulmasta.
Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia ratkaisuja ja avauksia eri näkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistä turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkökulmasta työssä esitetään suunnitteluvuo kryptografisia primitiivejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetuviiille järjestelmille, analysoidaan biometrisiin passeihin, kansainväliseen passijärjestelmään, sekä sähköiseen äänestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa.
Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehitetään menetelmiä parempaan tietoturvaopetukseen kaikilla koulutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen merkitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin
Access Control In and For the Real World
Access control is a core component of any information-security strategy. Researchers have spent tremendous energy over the past forty years defining abstract access-control models and proving various properties about them. However, surprisingly little attention has been paid to how well these models work in real socio-technical systems (i.e., real human organizations). This dissertation describes the results of two qualitative studies (involving 52 participants from four companies, drawn from the financial, software, and healthcare sectors) and observes that the current practice of access control is dysfunctional at best. It diagnoses the broken assumptions that are at the heart of this dysfunction, and offers a new definition of the access-control problem that is grounded in the requirements and limitations of the real world
“Be a Pattern for the World”: The Development of a Dark Patterns Detection Tool to Prevent Online User Loss
Dark Patterns are designed to trick users into sharing more information or spending more money than they had intended to do, by configuring online interactions to confuse or add pressure to the users. They are highly varied in their form, and are therefore difficult to classify and detect. Therefore, this research is designed to develop a framework for the automated detection of potential instances of web-based dark patterns, and from there to develop a software tool that will provide a highly useful defensive tool that helps detect and highlight these patterns
Minding the Gap: Computing Ethics and the Political Economy of Big Tech
In 1988 Michael Mahoney wrote that “[w]hat is truly revolutionary about the computer will become clear only when computing acquires a proper history, one that ties it to other technologies and thus uncovers the precedents that make its innovations significant” (Mahoney, 1988). Today, over thirty years after this quote was written, we are living right in the middle of the information age and computing technology is constantly transforming modern living in revolutionary ways and in such a high degree that is giving rise to many ethical considerations, dilemmas, and social disruption. To explore the myriad of issues associated with the ethical challenges of computers using the lens of political economy it is important to explore the history and development of computer technology
Technical Debt is an Ethical Issue
We introduce the problem of technical debt, with particular focus on critical infrastructure, and put forward our view that this is a digital ethics issue. We propose that the software engineering process must adapt its current notion of technical debt – focusing on technical costs – to include the potential cost to society if the technical debt is not addressed, and the cost of analysing, modelling and understanding this ethical debt. Finally, we provide an overview of the development of educational material – based on a collection of technical debt case studies - in order to teach about technical debt and its ethical implication
Proceedings of the ETHICOMP 2022: Effectiveness of ICT ethics - How do we help solve ethical problems in the field of ICT?
This Ethicomp is again organized in exceptional times. Two previous ones were forced to turn to online conferences because of Covid-pandemic but it was decided that this one would be the physical one or cancelled as the need for real encounters and discussion between people are essential part of doing philosophy. We need possibility to meet people face to face and even part of the presentation were held distance–because of insurmountable problems of arriving by some authors– we manage to have real, physical conference, even the number of participants was smaller than previous conferences.The need of Ethicomp is underlined by the way world nowadays is portrayed for us. The truthfulness and argumentation seem to be replaced by lies, strategic games, hate and disrespect of humanity in personal, societal and even global communication. EThicomp is many times referred as community and therefore it is important that we as community do protect what Ethicomp stands for. We need to seek for goodness and be able to give argumentation what that goodness is. This lead us towards Habermass communicative action and Discourse ethics which encourages open and respectful discourse between people (see eg.Habermass 1984;1987;1996). However, this does not mean that we need to accept everything and everybody. We need to defend truthfulness, equality and demand those from others too. There are situations when some people should be removed from discussions if they neglect the demand for discourse. Because by giving voice for claims that have no respect for argumentation, lacks the respect of human dignity or are not ready for mutual understanding (or at least aiming to see possibility for it) we cannot have meaningful communication. This is visible in communication of all levels today and it should not be accepted, but resisted. It is duty of us all.</p
- …