Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Strategic eye movements are used to support object authentication

Authentication is an important cognitive process used to determine whether one’s initial identification of an object is corroborated by additional sensory information. Although authentication is critical for safe interaction with many objects, including food, websites, and valuable documents, the visual orienting strategies used to garner additional sensory data to support authentication remain poorly understood. When reliable visual cues to counterfeit cannot be anticipated, distributing fixations widely across an object’s surface might be useful. However, strategic fixation of specific object-defining attributes would be more efficient and should lead to better authentication performance. To investigate, we monitored eye movements during a repetitive banknote authentication task involving genuine and counterfeit banknotes. Although fixations were distributed widely across the note prior to authentication decisions, preference for hard-to mimic areas and avoidance of easily mimicked areas was evident. However, there was a strong tendency to initially fixate the banknote’s portrait, and only thereafter did eye movement control appear to be more strategic. Those who directed a greater proportion of fixations at hard-to-mimic areas and resisted more easily mimicked areas performed better on the authenticity task. The tendency to deploy strategic fixation improved with experience, suggesting that authentication benefits from precise visual orienting and refined categorisation criteria

Nudging folks towards stronger password choices:providing certainty is the key

Persuading people to choose strong passwords is challenging. One way to influence password strength, as and when people are making the choice, is to tweak the choice architecture to encourage stronger choice. A variety of choice architecture manipulations i.e. “nudges”, have been trialled by researchers with a view to strengthening the overall password profile. None has made much of a difference so far. Here we report on our design of an influential behavioural intervention tailored to the password choice context: a hybrid nudge that significantly prompted stronger passwords.We carried out three longitudinal studies to analyse the efficacy of a range of “nudges” by manipulating the password choice architecture of an actual university web application. The first and second studies tested the efficacy of several simple visual framing “nudges”. Password strength did not budge. The third study tested expiration dates directly linked to password strength. This manipulation delivered a positive result: significantly longer and stronger passwords. Our main conclusion was that the final successful nudge provided participants with absolute certainty as to the benefit of a stronger password, and that it was this certainty that made the difference

Deployment of Keystroke Analysis on a Smartphone

The current security on mobile devices is often limited to the Personal Identification Number (PIN), a secretknowledge based technique that has historically demonstrated to provide ineffective protection from misuse. Unfortunately, with the increasing capabilities of mobile devices, such as online banking and shopping, the need for more effective protection is imperative. This study proposes the use of two-factor authentication as an enhanced technique for authentication on a Smartphone. Through utilising secret-knowledge and keystroke analysis, it is proposed a stronger more robust mechanism will exist. Whilst keystroke analysis using mobile devices have been proven effective in experimental studies, these studies have only utilised the mobile device for capturing samples rather than the more computationally challenging task of performing the actual authentication. Given the limited processing capabilities of mobile devices, this study focuses upon deploying keystroke analysis to a mobile device utilising numerous pattern classifiers. Given the trade-off with computation versus performance, the results demonstrate that the statistical classifiers are the most effective

The Serums Tool-Chain:Ensuring Security and Privacy of Medical Data in Smart Patient-Centric Healthcare Systems

Digital technology is permeating all aspects of human society and life. This leads to humans becoming highly dependent on digital devices, including upon digital: assistance, intelligence, and decisions. A major concern of this digital dependence is the lack of human oversight or intervention in many of the ways humans use this technology. This dependence and reliance on digital technology raises concerns in how humans trust such systems, and how to ensure digital technology behaves appropriately. This works considers recent developments and projects that combine digital technology and artificial intelligence with human society. The focus is on critical scenarios where failure of digital technology can lead to significant harm or even death. We explore how to build trust for users of digital technology in such scenarios and considering many different challenges for digital technology. The approaches applied and proposed here address user trust along many dimensions and aim to build collaborative and empowering use of digital technologies in critical aspects of human society

Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality

Virtual reality (VR) headsets are enabling a wide range of new opportunities for the user. For example, in the near future users may be able to visit virtual shopping malls and virtually join international conferences. These and many other scenarios pose new questions with regards to privacy and security, in particular authentication of users within the virtual environment. As a first step towards seamless VR authentication, this paper investigates the direct transfer of well-established concepts (PIN, Android unlock patterns) into VR. In a pilot study (N = 5) and a lab study (N = 25), we adapted existing mechanisms and evaluated their usability and security for VR. The results indicate that both PINs and patterns are well suited for authentication in VR. We found that the usability of both methods matched the performance known from the physical world. In addition, the private visual channel makes authentication harder to observe, indicating that authentication in VR using traditional concepts already achieves a good balance in the trade-off between usability and security. The paper contributes to a better understanding of authentication within VR environments, by providing the first investigation of established authentication methods within VR, and presents the base layer for the design of future authentication schemes, which are used in VR environments only

KAPTUR: technical analysis report

Led by the Visual Arts Data Service (VADS) and funded by the JISC Managing Research Data programme (2011-13) KAPTUR will discover, create and pilot a sectoral model of best practice in the management of research data in the visual arts in collaboration with four institutional partners: Glasgow School of Art; Goldsmiths, University of London; University for the Creative Arts; and University of the Arts London. This report is framed around the research question: which technical system is most suitable for managing visual arts research data? The first stage involved a literature review including information gathered through attendance at meetings and events, and Internet research, as well as information on projects from the previous round of JISCMRD funding (2009-11). During February and March 2012, the Technical Manager carried out interviews with the four KAPTUR Project Officers and also met with IT staff at each institution. This led to the creation of a user requirement document (Appendix A), which was then circulated to the project team for additional comments and feedback. The Technical Manager selected 17 systems to compare with the user requirement document (Appendix B). Five of the systems had similar scores so these were short-listed. The Technical Manager created an online form into which the Project Officers entered priority scores for each of the user requirements in order to calculate a more accurate score for each of the five short-listed systems (Appendix C) and this resulted in the choice of EPrints as the software for the KAPTUR project

DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution

Recent research has demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks based on MasterPrints. MasterPrints are real or synthetic fingerprints that can fortuitously match with a large number of fingerprints thereby undermining the security afforded by fingerprint systems. Previous work by Roy et al. generated synthetic MasterPrints at the feature-level. In this work we generate complete image-level MasterPrints known as DeepMasterPrints, whose attack accuracy is found to be much superior than that of previous methods. The proposed method, referred to as Latent Variable Evolution, is based on training a Generative Adversarial Network on a set of real fingerprint images. Stochastic search in the form of the Covariance Matrix Adaptation Evolution Strategy is then used to search for latent input variables to the generator network that can maximize the number of impostor matches as assessed by a fingerprint recognizer. Experiments convey the efficacy of the proposed method in generating DeepMasterPrints. The underlying method is likely to have broad applications in fingerprint security as well as fingerprint synthesis.Comment: 8 pages; added new verification systems and diagrams. Accepted to conference Biometrics: Theory, Applications, and Systems 201