4,750 research outputs found
Multicriteria optimization to select images as passwords in recognition based graphical authentication systems
Usability and guessability are two conflicting criteria in assessing the
suitability of an image to be used as password in the recognition based graph -ical authentication systems (RGBSs). We present the first work in this area that
uses a new approach, which effectively integrates a series of techniques in order
to rank images taking into account the values obtained for each of the dimen -sions of usability and guessability, from two user studies. Our approach uses
fuzzy numbers to deal with non commensurable criteria and compares two
multicriteria optimization methods namely, TOPSIS and VIKOR. The results
suggest that VIKOR method is the most applicable to make an objective state-ment about which image type is better suited to be used as password. The paper
also discusses some improvements that could be done to improve the ranking
assessment
Utilizing Analytical Hierarchy Process for Pauper House Programme in Malaysia
In Malaysia, the selection and evaluation of candidates for
Pauper House Programme (PHP) are done manually. In
this paper, a technique based on Analytical Hierarchy
Technique (AHP) is designed and developed in order to
make an evaluation and selection of PHP application. The
aim is to ensure the selection process is more precise,
accurate and can avoid any biasness issue. This technique
is studied and designed based on the Pauper assessment
technique from one of district offices in Malaysia. A
hierarchical indexes are designed based on the criteria that
been used in the official form of PHP application. A
number of 23 samples of data which had been endorsed
by Exco of State in Malaysia are used to test this
technique. Furthermore the comparison of those two
methods are given in this paper. All the calculations of
this technique are done in a software namely Expert
Choice version 11.5. By comparing the manual and AHP
shows that there are three (3) samples that are not
qualified. The developed technique also satisfies in term
of ease of accuracy and preciseness but need a further
study due to some limitation as explained in the
recommendation of this paper
StoryDroid: Automated Generation of Storyboard for Android Apps
Mobile apps are now ubiquitous. Before developing a new app, the development
team usually endeavors painstaking efforts to review many existing apps with
similar purposes. The review process is crucial in the sense that it reduces
market risks and provides inspiration for app development. However, manual
exploration of hundreds of existing apps by different roles (e.g., product
manager, UI/UX designer, developer) in a development team can be ineffective.
For example, it is difficult to completely explore all the functionalities of
the app in a short period of time. Inspired by the conception of storyboard in
movie production, we propose a system, StoryDroid, to automatically generate
the storyboard for Android apps, and assist different roles to review apps
efficiently. Specifically, StoryDroid extracts the activity transition graph
and leverages static analysis techniques to render UI pages to visualize the
storyboard with the rendered pages. The mapping relations between UI pages and
the corresponding implementation code (e.g., layout code, activity code, and
method hierarchy) are also provided to users. Our comprehensive experiments
unveil that StoryDroid is effective and indeed useful to assist app
development. The outputs of StoryDroid enable several potential applications,
such as the recommendation of UI design and layout code
A tree grammar-based visual password scheme
A thesis submitted to the Faculty of Science, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Doctor of Philosophy. Johannesburg, August 31, 2015.Visual password schemes can be considered as an alternative to alphanumeric
passwords. Studies have shown that alphanumeric passwords
can, amongst others, be eavesdropped, shoulder surfed, or
guessed, and are susceptible to brute force automated attacks. Visual
password schemes use images, in place of alphanumeric characters,
for authentication. For example, users of visual password schemes either
select images (Cognometric) or points on an image (Locimetric)
or attempt to redraw their password image (Drawmetric), in order
to gain authentication. Visual passwords are limited by the so-called
password space, i.e., by the size of the alphabet from which users can
draw to create a password and by susceptibility to stealing of passimages
by someone looking over your shoulders, referred to as shoulder
surfing in the literature. The use of automatically generated highly
similar abstract images defeats shoulder surfing and means that an almost
unlimited pool of images is available for use in a visual password
scheme, thus also overcoming the issue of limited potential password
space.
This research investigated visual password schemes. In particular,
this study looked at the possibility of using tree picture grammars to
generate abstract graphics for use in a visual password scheme. In this
work, we also took a look at how humans determine similarity of abstract
computer generated images, referred to as perceptual similarity
in the literature. We drew on the psychological idea of similarity and
matched that as closely as possible with a mathematical measure of
image similarity, using Content Based Image Retrieval (CBIR) and
tree edit distance measures. To this end, an online similarity survey
was conducted with respondents ordering answer images in order
of similarity to question images, involving 661 respondents and 50
images. The survey images were also compared with eight, state of
the art, computer based similarity measures to determine how closely
they model perceptual similarity. Since all the images were generated
with tree grammars, the most popular measure of tree similarity, the
tree edit distance, was also used to compare the images. Eight different
types of tree edit distance measures were used in order to cover
the broad range of tree edit distance and tree edit distance approximation
methods. All the computer based similarity methods were
then correlated with the online similarity survey results, to determine
which ones more closely model perceptual similarity. The results were
then analysed in the light of some modern psychological theories of
perceptual similarity.
This work represents a novel approach to the Passfaces type of visual
password schemes using dynamically generated pass-images and their
highly similar distractors, instead of static pictures stored in an online
database. The results of the online survey were then accurately
modelled using the most suitable tree edit distance measure, in order
to automate the determination of similarity of our generated distractor
images. The information gathered from our various experiments
was then used in the design of a prototype visual password scheme.
The generated images were similar, but not identical, in order to defeat
shoulder surfing. This approach overcomes the following problems
with this category of visual password schemes: shoulder surfing,
bias in image selection, selection of easy to guess pictures and infrastructural
limitations like large picture databases, network speed and
database security issues. The resulting prototype developed is highly
secure, resilient to shoulder surfing and easy for humans to use, and
overcomes the aforementioned limitations in this category of visual
password schemes
An n-sided polygonal model to calculate the impact of cyber security events
This paper presents a model to represent graphically the impact of cyber
events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The
approach considers information about all entities composing an information
system (e.g., users, IP addresses, communication protocols, physical and
logical resources, etc.). Every axis is composed of entities that contribute to
the execution of the security event. Each entity has an associated weighting
factor that measures its contribution using a multi-criteria methodology named
CARVER. The graphical representation of cyber events is depicted as straight
lines (one dimension) or polygons (two or more dimensions). Geometrical
operations are used to compute the size (i.e, length, perimeter, surface area)
and thus the impact of each event. As a result, it is possible to identify and
compare the magnitude of cyber events. A case study with multiple security
events is presented as an illustration on how the model is built and computed.Comment: 16 pages, 5 figures, 2 tables, 11th International Conference on Risks
and Security of Internet and Systems, (CRiSIS 2016), Roscoff, France,
September 201
A Survey of Machine Learning Techniques for Behavioral-Based Biometric User Authentication
Authentication is a way to enable an individual to be uniquely identified usually based on passwords and personal identification number (PIN). The main problems of such authentication techniques are the unwillingness of the users to remember long and challenging combinations of numbers, letters, and symbols that can be lost, forged, stolen, or forgotten. In this paper, we investigate the current advances in the use of behavioral-based biometrics for user authentication. The application of behavioral-based biometric authentication basically contains three major modules, namely, data capture, feature extraction, and classifier. This application is focusing on extracting the behavioral features related to the user and using these features for authentication measure. The objective is to determine the classifier techniques that mostly are used for data analysis during authentication process. From the comparison, we anticipate to discover the gap for improving the performance of behavioral-based biometric authentication. Additionally, we highlight the set of classifier techniques that are best performing for behavioral-based biometric authentication
The quest to replace passwords: A framework for comparative evaluation of web authentication schemes
Abstract—We evaluate two decades of proposals to replace text passwords for general-purpose user authentication on the web using a broad set of twenty-five usability, deployability and security benefits that an ideal scheme might provide. The scope of proposals we survey is also extensive, including password management software, federated login protocols, graphical password schemes, cognitive authentication schemes, one-time passwords, hardware tokens, phone-aided schemes and biometrics. Our comprehensive approach leads to key insights about the difficulty of replacing passwords. Not only does no known scheme come close to providing all desired benefits: none even retains the full set of benefits that legacy passwords already provide. In particular, there is a wide range from schemes offering minor security benefits beyond legacy passwords, to those offering significant security benefits in return for being more costly to deploy or more difficult to use. We conclude that many academic proposals have failed to gain traction because researchers rarely consider a sufficiently wide range of real-world constraints. Beyond our analysis of current schemes, our framework provides an evaluation methodology and benchmark for future web authentication proposals. Keywords-authentication; computer security; human computer interaction; security and usability; deployability; economics; software engineering. I
An approach for distributed rostering by means of Web service technologies
La planificaciĂłn automática de turnos de trabajo (rostering de aquĂ en adelante) es un proceso fundamental para la mayorĂa de empresas. Este proceso les permite gestionar sus recursos de forma eficiente. La mayorĂa de soluciones de planificaciĂłn automática trabajan en escenarios centralizados. Este proyecto tiene como meta dar un nuevo enfoque al proceso de planificaciĂłn automática transformando el entorno centralizado en uno distribuido. La tecnologĂa escogida para esta transformaciĂłn son los servicios Web. Los servicios Web se han posicionado como una de las tecnologĂas más importantes y utilizadas, sin embargo la combinaciĂłn de los procesos de planificaciĂłn automática con servicios Web no ha sido investigada y estudiada en profundidad. Este nuevo enfoque pretende crear soluciones más ligeras y flexibles para empresas de forma que no tengan que preocuparse de tediosas instalaciones y configuraciones El enfoque distribuido puede proveer numerosos beneficios a ambas partes; permitirĂa centrar este área tecnolĂłgica en un entorno web 2.0. Las compañĂas de planificaciĂłn automática se actualizarĂan convirtiĂ©ndose en empresas con gran capacidad de interacciĂłn con el resto de elementos de la web 2.0. Al mismo tiempo, la empresa que consume los servicios de rostering no tiene que preocuparse por el mantenimiento y actualizaciones. Los calendarios de turnos de trabajo pueden ser obtenidos en cualquier lugar y en cualquier momento. Esto mejora el valor de la empresa y las relaciones con los empleados. Para el desarrollo del proyecto se han creado diferentes aplicaciones. Estas aplicaciones han sido configuradas de distintas formas para abarcar distintas posibilidades de desarrollo y poder asĂ obtener una visiĂłn más amplia de las capacidades y posibilidades del sistema distribuido. Las configuraciones están centradas en el tipo de servicio Web usado (SOAP, REST) y en la seguridad y sus diferentes posibilidades. El proyecto es una prueba de concepto de como este nuevo enfoque funcionarĂa, resaltando los puntos fuertes y deficiencias de Ă©ste; de la misma manera pretende sentar una base para futuros proyectos en este área. El proyecto ha conseguido cumplir con los objetivos propuestos, mostrando los puntos fuertes y dĂ©biles del enfoque. De forma sorprendente y contraria a las expectativas los problemas aparecen al obtener los datos necesarios de las diferentes empresas para crear el calendario. En principio, se esperaba que el cuello de botella del sistema se encontrase en el proceso de rostering, ya que normalmente es un proceso costoso y pesado. Los resultados del proyecto muestran como el cuello de botella está localizado cuando se intenta obtener la informaciĂłn de empresas externas. Este problema resalta la caracterĂstica principal de este nuevo enfoque: es necesario un sistema personalizado para cada empresa que quiera consumir los servicios de rostering. Esto significa que a pesar de tener un sistema global funcionando con servicios Web, no es válido para todas las empresas que quieran utilizarlo y consecuentemente hay que adaptarlo a cada una de ellas. La colaboraciĂłn entre empresas se vuelve esencial en este nuevo enfoque. Esto complica la idea inicial y cambia los objetivos de las empresas de rostering que necesitan una profunda transformaciĂłn de sus sistemas y su funcionamiento
- …