Secure Pick Up: Implicit Authentication When You Start Using the Smartphone

We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users' phone pick-up movements, the way they bend their arms when they pick up a smartphone to interact with the device, to authenticate the users. Our SPU outperforms the state-of-the-art implicit authentication mechanisms in three main aspects: 1) SPU automatically learns the user's behavioral pattern without requiring a large amount of training data (especially those of other users) as previous methods did, making it more deployable. Towards this end, we propose a weighted multi-dimensional Dynamic Time Warping (DTW) algorithm to effectively quantify similarities between users' pick-up movements; 2) SPU does not rely on a remote server for providing further computational power, making SPU efficient and usable even without network access; and 3) our system can adaptively update a user's authentication model to accommodate user's behavioral drift over time with negligible overhead. Through extensive experiments on real world datasets, we demonstrate that SPU can achieve authentication accuracy up to 96.3% with a very low latency of 2.4 milliseconds. It reduces the number of times a user has to do explicit authentication by 32.9%, while effectively defending against various attacks.Comment: Published on ACM Symposium on Access Control Models and Technologies (SACMAT) 201

Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

e-Science projects face a difficult challenge in providing access to valuable computational resources, data and software to large communities of distributed users. Oil the one hand, the raison d'etre of the projects is to encourage members of their research communities to use the resources provided. Oil the other hand, the threats to these resources from online attacks require robust and effective Security to mitigate the risks faced. This raises two issues: ensuring that (I) the security mechanisms put in place are usable by the different users of the system, and (2) the security of the overall system satisfies the security needs of all its different stakeholders. A failure to address either of these issues call seriously jeopardise the success of e-Science projects.The aim of this paper is to firstly provide a detailed understanding of how these challenges call present themselves in practice in the development of e-Science applications. Secondly, this paper examines the steps that projects can undertake to ensure that security requirements are correctly identified, and security measures are usable by the intended research community. The research presented in this paper is based Oil four case studies of c-Science projects. Security design traditionally uses expert analysis of risks to the technology and deploys appropriate countermeasures to deal with them. However, these case studies highlight the importance of involving all stakeholders in the process of identifying security needs and designing secure and usable systems.For each case study, transcripts of the security analysis and design sessions were analysed to gain insight into the issues and factors that surround the design of usable security. The analysis concludes with a model explaining the relationships between the most important factors identified. This includes a detailed examination of the roles of responsibility, motivation and communication of stakeholders in the ongoing process of designing usable secure socio-technical systems such as e-Science. (C) 2007 Elsevier Ltd. All rights reserved

Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

We introduce a new model for evaluating privacy that builds on the criteria proposed by the EuroPriSe certification scheme by adding usability criteria. Our model is visually represented through a cube, called Usable Privacy Cube (or UP Cube), where each of its three axes of variability captures, respectively: rights of the data subjects, privacy principles, and usable privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination of only rights and principles, forming the two axes at the basis of our UP Cube. In this way we also want to bring out two perspectives on privacy: that of the data subjects and, respectively, that of the controllers/processors. We define usable privacy criteria based on usability goals that we have extracted from the whole text of the General Data Protection Regulation. The criteria are designed to produce measurements of the level of usability with which the goals are reached. Precisely, we measure effectiveness, efficiency, and satisfaction, considering both the objective and the perceived usability outcomes, producing measures of accuracy and completeness, of resource utilization (e.g., time, effort, financial), and measures resulting from satisfaction scales. In the long run, the UP Cube is meant to be the model behind a new certification methodology capable of evaluating the usability of privacy, to the benefit of common users. For industries, considering also the usability of privacy would allow for greater business differentiation, beyond GDPR compliance.Comment: 41 pages, 2 figures, 1 table, and appendixe

To share or not to share: Publication and quality assurance of research data outputs. A report commissioned by the Research Information Network

A study on current practices with respect to data creation, use, sharing and publication in eight research disciplines (systems biology, genomics, astronomy, chemical crystallography, rural economy and land use, classics, climate science and social and public health science). The study looked at data creation and care, motivations for sharing data, discovery, access and usability of datasets and quality assurance of data in each discipline

Training Future ICT Engineers in the Field of Accessibility and Usability: A Methodological Experience

Nowadays, digital culture affects all levels of society. However, differences exist between individuals, commonly named as the “digital divide,” which impedes the equal access to the benefits of new technologies. The Usability and Accessibility (UA) module is a core, first-semester module during the first year of the Multimedia Engineering degree at the University of Alicante. The UA module’s main objective is to provide students with the necessary concepts and tools to design and develop products with usability and accessibility features, thus achieving end products that are more usable and accessible, regardless of the end users’ status, ability or situation. This paper presents a new learning methodology aimed at making students become everyday users of their own digital products. Daily use of these products improves the UA learning process, since students can appreciate their accessibility and usability in everyday life conditions for a better understanding of how their own design decisions affect potential users. A non-equivalent control group design with pre- and post-test control groups was used to test the research hypothesis. The results of this study showed a significant improvement in their academic performance compared to the control group.This work was supported in part by the I3CE Network Program of research in university teaching at the Institute of Educational Sciences of the University of Alicante (ICE call 2018-19)., Ref. 4331

Security and Online learning: to protect or prohibit

The rapid development of online learning is opening up many new learning opportunities. Yet, with this increased potential come a myriad of risks. Usable security systems are essential as poor usability in security can result in excluding intended users while allowing sensitive data to be released to unacceptable recipients. This chapter presents findings concerned with usability for two security issues: authentication mechanisms and privacy. Usability issues such as memorability, feedback, guidance, context of use and concepts of information ownership are reviewed within various environments. This chapter also reviews the roots of these usability difficulties in the culture clash between the non-user-oriented perspective of security and the information exchange culture of the education domain. Finally an account is provided of how future systems can be developed which maintain security and yet are still usable

Distributed Clustering in Cognitive Radio Ad Hoc Networks Using Soft-Constraint Affinity Propagation

Absence of network infrastructure and heterogeneous spectrum availability in cognitive radio ad hoc networks (CRAHNs) necessitate the self-organization of cognitive radio users (CRs) for efficient spectrum coordination. The cluster-based structure is known to be effective in both guaranteeing system performance and reducing communication overhead in variable network environment. In this paper, we propose a distributed clustering algorithm based on soft-constraint affinity propagation message passing model (DCSCAP). Without dependence on predefined common control channel (CCC), DCSCAP relies on the distributed message passing among CRs through their available channels, making the algorithm applicable for large scale networks. Different from original soft-constraint affinity propagation algorithm, the maximal iterations of message passing is controlled to a relatively small number to accommodate to the dynamic environment of CRAHNs. Based on the accumulated evidence for clustering from the message passing process, clusters are formed with the objective of grouping the CRs with similar spectrum availability into smaller number of clusters while guaranteeing at least one CCC in each cluster. Extensive simulation results demonstrate the preference of DCSCAP compared with existing algorithms in both efficiency and robustness of the clusters