The development of a biometric keystroke authentication framework to enhance system security

Computer systems have proven to be essential to achieving our daily tasks such as managing our banking accounts, managing our health information and managing critical information systems such as drinking water systems or nuclear power plant systems. Such distributed systems are networked and must be protected against cyber threats. This research presents the design and implementation of a stand alone web based biometric keystroke authentication framework that creates a user\u27s keystroke typing profile and use it as a second form of authentication. Several biometric models were then bench marked for their accuracy by computing their EER. By using keystroke biometrics as a second form of authentication the overall system\u27s security is enhanced without the need of extra peripheral devices and without interrupting a user\u27s work-flow

Electronic capture and analysis of fraudulent behavioral patterns : an application to identity fraud

The objective of this research was to find a transparent and secure solution for mitigating identity fraud and to find the critical factors that determine the solution\u27s acceptance. Identity fraud is identified as a key problem with total losses exceeding fifty two billion dollars (Javelin Strategy and Research 2005). A common denominator in most identity-fraud-prone transactions is the use of a keypad; hence this research focuses on keypad data entry and proposes a biometric solution. Three studies develop, evaluate and investigate the feasibility of this solution. The first study was done in three stages. Stage one investigated the technical feasibility of the biometric keypad, stage two evaluated the keypad under different field conditions and stage three investigated acceptable user parameters. A key shortcoming with current authentication methods is the use of external identifiers that are prone to theft, unlike biometric patterns. A biometric keypad that supplements the present external identifiers was proposed, prototyped and evaluated. The results demonstrated that a biometric keypad can be a feasible medium performance solution. Addition of pressure and higher typing speeds were found to enhance discrimination accuracy while typing patterns were found to vary with elapsed time which led to deterioration in accuracy. The second study interviewed executives with experience in the introduction of new technologies with the objective of identifying and ranking critical factors that are important in the adoption of new biometrics. Performance, ease-of-use and trust-privacy issues were the most cited factors. A biometric acceptance model was formulated and five hypotheses were proposed from these interviews and prior research. Executives rated the keypad\u27s ease-of-use high in comparison to other biometric approaches but were concerned about its accuracy. The third study was a user attitude survey whose objective was to validate the formulated biometric acceptance model and acquire data on acceptable usage parameters. The proposed biometric model was validated and the proposed hypotheses were supported. Acceptable error rates and training times indicated that the biometric keypad would be more complex to engineer. The dissertation concludes by summarizing the contributions and limitations of the three studies followed by several suggestions for future research

ERINYES: A CONTINUOUS AUTHENTICATION PROTOCOL

The need for user authentication in the digital domain is paramount as the number of digital interactions that involve sensitive data continues to increase. Advances in the fields of machine learning (ML) and biometric encryption have enabled the development of technologies that can provide fully remote continuous user authentication services. This thesis introduces the Erinyes protocol. The protocol leverages state of the art ML models, biometric encryption of asymmetric cryptographic keys, and a trusted third-party client-server architecture to continuously authenticate users through their behavioral biometrics. The goals in developing the protocol were to identify if biometric encryption using keystroke timing and mouse cursor movement sequences were feasible and to measure the performance of a continuous authentication system that utilizes biometric encryption. Our research found that with a combined keystroke and mouse cursor movement dataset, the biometric encryption system can perform with a 0.93% False Acceptance Rate (FAR), 0.00% False Reject Rate (FRR), and 99.07% accuracy. Using a similar dataset, the overall integrated system averaged 0% FAR, 2% FRR and 98% accuracy across multiple users. These metrics demonstrate that the Erinyes protocol can achieve continuous user authentication with minimal user intrusion.Lieutenant, United States NavyLieutenant, United States NavyApproved for public release. Distribution is unlimited

An Examination of E-Banking Fraud Prevention and Detection in Nigerian Banks

E-banking offers a number of advantages to financial institutions, including convenience in terms of time and money. However, criminal activities in the information age have changed the way banking operations are performed. This has made e-banking an area of interest. The growth of cybercrime – particularly hacking, identity theft, phishing, Trojans, service denial attacks and account takeover– has created several challenges for financial institutions, especially regarding how they protect their assets and prevent their customers from becoming victims of cyber fraud. These criminal activities have remained prevalent due to certain features of cyber, such as the borderless nature of the internet and the continuous growth of the computer networks. Following these identified challenges for financial institutions, this study examines e-banking fraud prevention and detection in the Nigerian banking sector; particularly the current nature, impacts, contributing factors, and prevention and detection mechanisms of e-banking fraud in Nigerian banking institutions. This study adopts mixed research methods with the aid of descriptive and inferential analysis, which comprised exploratory factor analysis (EFA) and confirmatory factor analysis (CFA) for the quantitative data analysis, whilst thematic analysis was used for the qualitative data analysis. The theoretical framework was informed by Routine Activity Theory (RAT) and Fraud Management Lifecycle Theory (FMLT). The findings show that the factors contributing to the increase in e-banking fraud in Nigeria include ineffective banking operations, internal control issues, lack of customer awareness and bank staff training and education, inadequate infrastructure, presence of sophisticated technological tools in the hands of fraudsters, negligence of banks’ customers concerning their e-banking account devices, lack of compliance with the banking rules and regulations, and ineffective legal procedure and law enforcement. In addition, the enforcement of rules and regulations in relation to the prosecution of financial fraudsters has been passive in Nigeria. Moreover, the findings also show that the activities of each stage of fraud management lifecycle theory are interdependent and have a collective and considerable influence on combating e-banking fraud. The results of the findings confirm that routine activity theory is a real-world theoretical framework while applied to e-banking fraud. Also, from the analysis of the findings, this research offers a new model for e-banking fraud prevention and detection within the Nigerian banking sector. This new model confirms that to have perfect prevention and detection of e-banking fraud, there must be a presence of technological mechanisms, fraud monitoring, effective internal controls, customer complaints, whistle-blowing, surveillance mechanisms, staff-customer awareness and education, legal and judicial controls, institutional synergy mechanisms of in the banking systems. Finally, the findings from the analyses of this study have some significant implications; not only for academic researchers or scholars and accounting practitioners, but also for policymakers in the financial institutions and anti-fraud agencies in both the private and public sectors

Information Demand on Scientists\u27 Internet Profiles

Many scientists nowadays choose to create profiles on the Internet and thus present themselves and their work to a worldwide audience. This study examines, how scientists use the existing online profiles when looking for information about their peers. Of particular interest are differences in behavior based on existing interpersonal ties (strong, weak, latent, and absent ties). The study analyzed data from an online survey of 123 European scientists using quantitative association measures and qualitative comparative analysis. The findings show, that the Internet can positively influence the development of social networks within the scientific community. However, the platforms available for presentation online are numerous and the peer audience heterogeneous. While Internet presence can be of advantage for scientists, it should be designed and maintain with deliberation

Detecting Abnormal Behavior in Web Applications

The rapid advance of web technologies has made the Web an essential part of our daily lives. However, network attacks have exploited vulnerabilities of web applications, and caused substantial damages to Internet users. Detecting network attacks is the first and important step in network security. A major branch in this area is anomaly detection. This dissertation concentrates on detecting abnormal behaviors in web applications by employing the following methodology. For a web application, we conduct a set of measurements to reveal the existence of abnormal behaviors in it. We observe the differences between normal and abnormal behaviors. By applying a variety of methods in information extraction, such as heuristics algorithms, machine learning, and information theory, we extract features useful for building a classification system to detect abnormal behaviors.;In particular, we have studied four detection problems in web security. The first is detecting unauthorized hotlinking behavior that plagues hosting servers on the Internet. We analyze a group of common hotlinking attacks and web resources targeted by them. Then we present an anti-hotlinking framework for protecting materials on hosting servers. The second problem is detecting aggressive behavior of automation on Twitter. Our work determines whether a Twitter user is human, bot or cyborg based on the degree of automation. We observe the differences among the three categories in terms of tweeting behavior, tweet content, and account properties. We propose a classification system that uses the combination of features extracted from an unknown user to determine the likelihood of being a human, bot or cyborg. Furthermore, we shift the detection perspective from automation to spam, and introduce the third problem, namely detecting social spam campaigns on Twitter. Evolved from individual spammers, spam campaigns manipulate and coordinate multiple accounts to spread spam on Twitter, and display some collective characteristics. We design an automatic classification system based on machine learning, and apply multiple features to classifying spam campaigns. Complementary to conventional spam detection methods, our work brings efficiency and robustness. Finally, we extend our detection research into the blogosphere to capture blog bots. In this problem, detecting the human presence is an effective defense against the automatic posting ability of blog bots. We introduce behavioral biometrics, mainly mouse and keyboard dynamics, to distinguish between human and bot. By passively monitoring user browsing activities, this detection method does not require any direct user participation, and improves the user experience

Modes of bio-bordering: the hidden (dis)integration of Europe

This open access book explores how biometric data is increasingly flowing across borders in order to limit, control and contain the mobility of selected people, namely criminalized populations. It introduces the concept of bio-bordering, using it to capture reverse patterns of bordering and ordering practices linked to transnational biometric data exchange regimes. The concept is useful to reconstruct how the territorial foundations of national state autonomy are partially reclaimed and, at the same time, partially purposefully suspended. The book focuses on the Prüm system, which facilitates the mandatory exchange of forensic DNA data amongst EU Member States. The Prüm system is an underexplored phenomenon, representing diverse instances of bio-bordering and providing a complex picture of the hidden (dis)integration of Europe. Particular legal, scientific, technical and political dimensions related to the governance and uses of biometric technologies in Germany, the Netherlands, Poland, Portugal and the United Kingdom are specifically explored to demonstrate both similar and distinct patterns.UIDB/00736/202

An Investigation of Factors that Influence Passengers’ Intentions to Use Biometric Technologies at Airports

Biometric technologies use the characteristics and measurements from humans to establish or verify their identity. Within an airport setting, biometric technologies can be used to hasten passenger processes such as airport check-in, baggage drop-off or pick-up, and aircraft boarding, thus enhancing the overall passenger experience. This research investigated the factors that influence passengers’ intentions to choose the use of biometrics over other methods of identification. The current study utilized a quantitative research method via an online survey of 689 persons from Amazon ® Mechanical Turk ® (MTurk) and employed structural equation modeling (SEM) techniques for data analysis. The study utilized the theory of planned behavior (TPB) as the grounded theory, while perceived usefulness and perceived ease of use were included as additional factors that could influence individuals’ intentions to use new technology. The study further assessed the impact of passengers’ privacy concerns on the intentions to use biometrics and investigated how the privacy concerns moderate the influencing factors of passengers’ behavioral intentions. Because of the coronavirus (COVID-19) pandemic that became prevalent at the time of the study, a COVID-19 variable was introduced as a control variable to examine if there were any effects of COVID-19 on passengers\u27 behavioral intentions while controlling for the other variables. Results showed that for the TPB factors, attitudes and subjective norms significantly influenced passengers’ behavioral intentions to use biometrics, while the effect of perceived behavioral control (PBC) on passengers’ intentions was not significant. The additional factors of perceived usefulness and perceived ease of use did not significantly influence passengers’ intentions. In addition, the hypothesized relationships between privacy concerns and four factors, behavioral intentions, attitudes, PBC, and perceived ease of use were supported, while the relationships between privacy concerns and perceived usefulness and between privacy concerns and subjective norms were not supported. The examination of the moderating effects found that privacy concerns moderated the relationships between passengers’ intentions and three factors: attitudes, subjective norms, and perceived usefulness. However, because the interaction plots showed that the moderating effects were weak, the effects were not considered to be of much value and were therefore not added to the final model. Results also showed that the control variable (COVID-19) did not significantly influence passengers’ behavioral intentions and passengers’ privacy concerns while controlling for the other variables. Practically, the study contributed a research model and specified factors that were postulated to influence passengers’ behavioral intentions to use biometrics at airports. Further research would be required to determine additional factors that influence behavioral intentions. Finally, although the moderating effects were not used in the final model, the findings suggest that stakeholders can customize biometric systems and solutions appropriately to cater to passengers’ concerns