457 research outputs found
On the design of forgiving biometric security systems
This work aims to highlight the fundamental issue surrounding biometric security
systems: it's all very nice until a biometric is forged, but what do we do after that? Granted,
biometric systems are by physical nature supposedly much harder to forge than other factors
of authentication since biometrics on a human body are by right unique to the particular human
person. Yet it is also due to this physical nature that makes it much more catastrophic
when a forgery does occur, because it implies that this uniqueness has been forged as well,
threatening the human individuality; and since crime has by convention relied on identifying
suspects by biometric characteristics, loss of this biometric uniqueness has devastating consequences
on the freedom and basic human rights of the victimized individual. This uniqueness
forgery implication also raises the motivation on the adversary to forge since a successful
forgery leads to much more impersonation situations when biometric systems are used i.e.
physical presence at crime scenes, identi cation and access to security systems and premises,
access to nancial accounts and hence the ability to use the victim's nances. Depending on
the gains, a desperate highly motivated adversary may even resort to directly obtaining the
victim's biometric parts by force e.g. severing the parts from the victim's body; this poses
a risk and threat not just to the individual's uniqueness claim but also to personal safety
and well being. One may then wonder if it is worth putting one's assets, property and safety
into the hands of biometrics based systems when the consequences of biometric forgery far
outweigh the consequences of system compromises when no biometrics are used
On the Design of Forgiving Biometric Security Systems
This work aims to highlight the fundamental issue surrounding biometric security
systems: it's all very nice until a biometric is forged, but what do we do after that? Granted,
biometric systems are by physical nature supposedly much harder to forge than other factors
of authentication since biometrics on a human body are by right unique to the particular human
person. Yet it is also due to this physical nature that makes it much more catastrophic
when a forgery does occur, because it implies that this uniqueness has been forged as well,
threatening the human individuality; and since crime has by convention relied on identifying
suspects by biometric characteristics, loss of this biometric uniqueness has devastating consequences
on the freedom and basic human rights of the victimized individual. This uniqueness
forgery implication also raises the motivation on the adversary to forge since a successful
forgery leads to much more impersonation situations when biometric systems are used i.e.
physical presence at crime scenes, identi cation and access to security systems and premises,
access to nancial accounts and hence the ability to use the victim's nances. Depending on
the gains, a desperate highly motivated adversary may even resort to directly obtaining the
victim's biometric parts by force e.g. severing the parts from the victim's body; this poses
a risk and threat not just to the individual's uniqueness claim but also to personal safety
and well being. One may then wonder if it is worth putting one's assets, property and safety
into the hands of biometrics based systems when the consequences of biometric forgery far
outweigh the consequences of system compromises when no biometrics are used
Usability and Trust in Information Systems
The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness
Assentication: User Deauthentication and Lunchtime Attack Mitigation with Seated Posture Biometric
Biometric techniques are often used as an extra security factor in
authenticating human users. Numerous biometrics have been proposed and
evaluated, each with its own set of benefits and pitfalls. Static biometrics
(such as fingerprints) are geared for discrete operation, to identify users,
which typically involves some user burden. Meanwhile, behavioral biometrics
(such as keystroke dynamics) are well suited for continuous, and sometimes more
unobtrusive, operation. One important application domain for biometrics is
deauthentication, a means of quickly detecting absence of a previously
authenticated user and immediately terminating that user's active secure
sessions. Deauthentication is crucial for mitigating so called Lunchtime
Attacks, whereby an insider adversary takes over (before any inactivity timeout
kicks in) authenticated state of a careless user who walks away from her
computer. Motivated primarily by the need for an unobtrusive and continuous
biometric to support effective deauthentication, we introduce PoPa, a new
hybrid biometric based on a human user's seated posture pattern. PoPa captures
a unique combination of physiological and behavioral traits. We describe a low
cost fully functioning prototype that involves an office chair instrumented
with 16 tiny pressure sensors. We also explore (via user experiments) how PoPa
can be used in a typical workplace to provide continuous authentication (and
deauthentication) of users. We experimentally assess viability of PoPa in terms
of uniqueness by collecting and evaluating posture patterns of a cohort of
users. Results show that PoPa exhibits very low false positive, and even lower
false negative, rates. In particular, users can be identified with, on average,
91.0% accuracy. Finally, we compare pros and cons of PoPa with those of several
prominent biometric based deauthentication techniques
Social and Political Dimensions of Identity
We study the interior regularity of solutions to the Dirichlet problem Lu = g in Omega, u = 0 in R-nOmega, for anisotropic operators of fractional type Lu(x) = integral(+infinity)(0) dp integral(Sn-1) da(w) 2u(x) - u(x + rho w) - u(x - rho w)/rho(1+2s). Here, a is any measure on Sn-1 (a prototype example for L is given by the sum of one-dimensional fractional Laplacians in fixed, given directions). When a is an element of C-infinity(Sn-1) and g is c(infinity)(Omega), solutions are known to be C-infinity inside Omega (but not up to the boundary). However, when a is a general measure, or even when a is L-infinity(s(n-1)), solutions are only known to be C-3s inside Omega. We prove here that, for general measures a, solutions are C1+3s-epsilon inside Omega for all epsilon > 0 whenever Omega is convex. When a is an element of L-infinity(Sn-1), we show that the same holds in all C-1,C-1 domains. In particular, solutions always possess a classical first derivative. The assumptions on the domain are sharp, since if the domain is not convex and the measure a is singular, we construct an explicit counterexample for which u is not C3s+epsilon for any epsilon > 0 - even if g and Omega are C-infinity
Beliefs and attitudes of citizens in Norway towards smart surveillance and privacy
This document presents the Norway results of a qualitative study undertaken as part of the SMART project â âScalable Measures for Automated Recognition Technologiesâ (SMART; G.A. 261727). The analysis and results are based on a set of 3 focus group discussions comprising 22 participants from different age groups, which were held in order to examine the awareness, understanding, beliefs and attitudes of citizens towards smart surveillance and privacy.
The focus group discussions were conducted in line with a discussion guide consisting of different scenarios aimed at stimulating a discussion among participants. While some scenarios dealt with surveillance in everyday contexts, other scenarios were hypothetical in nature and their aim was to elicit the participantsâ feelings, beliefs and attitudes in relation to dataveillance, the massive integration of data from different sources and the âsecurity versus privacyâ trade-off.Scalable Measures for Automated Recognition Technologies (G.A. 267127).
The project was co-financed by the European Union within the Seventh Framework Programme (2007-2013).peer-reviewe
The Future of the Internet III
Presents survey results on technology experts' predictions on the Internet's social, political, and economic impact as of 2020, including its effects on integrity and tolerance, intellectual property law, and the division between personal and work lives
European citizensâ beliefs and attitudes towards smart surveillance and privacy
This document presents the results of a qualitative study undertaken as part of the SMART project - âScalable Measures for Automated Recognition Technologiesâ (SMART; G.A. 261727) - in the following 14 partner countries: Austria, Bulgaria, Czech Republic, France, Germany, Italy, Malta, Norway, Romania, Slovakia, Slovenia, Spain, the Netherlands and the United Kingdom. The analysis and results are based on 42 focus group discussions comprising of 353 participants, which were held in order to examine the beliefs and attitudes of citizens towards smart surveillance and privacy.SMART Scalable Measures for Automated Recognition Technologies (G.A. 267127).
The project was co-financed by the European Union within the Seventh Framework Programme (2007-2013).peer-reviewe
- âŠ