Analytical methodology for ATM control panel design

This thesis presents a methodology for control panel design and layout along with a case study of an automated teller machine (ATM). A predictive model of human endurance and fatigue is developed from anthropometric, biomechanical and kinematics research. The layout problem is formulated to assign controls to locations to minimize the fatigue imposed on an operator performing a known set of tasks. A family of optimal and near-optimal layouts are found using conventional algorithms. The final hardware design refinements are suggested by human factors concerns. Ergonomic guidelines are also proposed for software aspects of the design. The methods and guidelines can provide hardware and software designers with useful insights into some human-machine interface considerations

Designing Usable and Secure Authentication Mechanisms for Public Spaces

Usable and secure authentication is a research field that approaches different challenges related to authentication, including security, from a human-computer interaction perspective. That is, work in this field tries to overcome security, memorability and performance problems that are related to the interaction with an authentication mechanism. More and more services that require authentication, like ticket vending machines or automated teller machines (ATMs), take place in a public setting, in which security threats are more inherent than in other settings. In this work, we approach the problem of usable and secure authentication for public spaces. The key result of the work reported here is a set of well-founded criteria for the systematic evaluation of authentication mechanisms. These criteria are justified by two different types of investigation, which are on the one hand prototypical examples of authentication mechanisms with improved usability and security, and on the other hand empirical studies of security-related behavior in public spaces. So this work can be structured in three steps: Firstly, we present five authentication mechanisms that were designed to overcome the main weaknesses of related work which we identified using a newly created categorization of authentication mechanisms for public spaces. The systems were evaluated in detail and showed encouraging results for future use. This and the negative sides and problems that we encountered with these systems helped us to gain diverse insights on the design and evaluation process of such systems in general. It showed that the development process of authentication mechanisms for public spaces needs to be improved to create better results. Along with this, it provided insights on why related work is difficult to compare to each other. Keeping this in mind, first criteria were identified that can fill these holes and improve design and evaluation of authentication mechanisms, with a focus on the public setting. Furthermore, a series of work was performed to gain insights on factors influencing the quality of authentication mechanisms and to define a catalog of criteria that can be used to support creating such systems. It includes a long-term study of different PIN-entry systems as well as two field studies and field interviews on real world ATM-use. With this, we could refine the previous criteria and define additional criteria, many of them related to human factors. For instance, we showed that social issues, like trust, can highly affect the security of an authentication mechanism. We used these results to define a catalog of seven criteria. Besides their definition, we provide information on how applying them influences the design, implementation and evaluation of a the development process, and more specifically, how adherence improves authentication in general. A comparison of two authentication mechanisms for public spaces shows that a system that fulfills the criteria outperforms a system with less compliance. We could also show that compliance not only improves the authentication mechanisms themselves, it also allows for detailed comparisons between different systems

GMPLS Label Space Minimization through Hypergraph Layouts

International audienceAll-Optical Label Switching (AOLS) is a new technology that performs packet forwarding without any optical-electrical-optical conversions. In this paper, we study the problem of routing a set of requests in AOLS networks using GMPLS technology, with the aim of minimizing the number of labels required to ensure the forwarding. We first formalize the problem by associating to each routing strategy a logical hypergraph, called a hypergraph layout, whose hyperarcs are dipaths of the physical graph, called tunnels in GMPLS terminology. We define a cost function for the hypergraph layout, depending on its total length plus its total hop count. Minimizing the cost of the design of an AOLS network can then be expressed as finding a minimum cost hypergraph layout. We prove hardness results for the problem, namely for general directed networks we prove that it is NP-hard to find a C log n-approximation, where C is a positive constant and n is the number of nodes of the network. For symmetric directed networks, we prove that the problem is APX-hard. These hardness results hold even if the traffic instance is a partial broadcast. On the other hand, we provide approximation algorithms, in particular an O(log n)-approximation for symmetric directed networks. Finally, we focus on the case where the physical network is a directed path, providing a polynomial-time dynamic programming algorithm for a fixed number k of sources running in O(n^{k+2}) time

Enterprise Network Design and Simulation - Cisco Virtual Lab

Tématem této diplomové práce (dále jen DP) je návrh rozsáhlých podnikových sítí podle doporučení stanovených společností Cisco. Dále je realizována simulace navržené topologie prostřednictvím programů s otevřeným zdrojovým kódem a dohled nad sítí prostřednictvím programu Nagios. Úvodní část obsahuje stručné seznámení se základním rozdělením sítě do jednotlivých funkčních bloků. Druhá část se zabývá popisem jednotlivých funkčních bloků a jejich rolí v rámci celé síťové topologie. Bloky jsou dále rozděleny na jednotlivá zařízení a jsou popsány služby, které tato zařízení musí poskytovat. Třetí část DP se snaží zmapovat základní požadavky na služby, které jsou kladeny na dnešní síťové infrastruktury. Hlavní důraz je kladen na dostupnost všech nabízených služeb sítě. Jsou vyjmenovány jednotlivé protokoly druhé až třetí vrstvy OSI modelu, které zabezpečují stálou dostupnost sítě v případě selhání aktivních prvků. Čtvrtá část DP se věnuje popisu návrhu síťové topologie WAN. Pátá část obsahuje popis bezpečnostních rizik, která ohrožují dostupnost sítě, tak i popis útoků, které mají za cíl krádež identity uživatele. V šesté části DP jsou popsány programové nástroje pro zprávu sítí (Nagios, Cisco Security Device Manager) a programy, které simulují Cisco přepínače, směrovače (Dynamips & Dynagen, GNS3) a Cisco PIX firewall (PEMU). Sedmá kapitola se zabývá konkrétním návrhem rozsáhlé sítě s použitím principů, které byly zmíněny v předcházejících kapitolách. Navržená infrastruktura je dále realizována pomocí simulačních programů a tato virtuální síť dovoluje demonstrovat nastavení a chování všech popsaných protokolů a zařízení. V závěrečném shrnutí je nejdůležitější poznatek, že návrh a konfigurace rozsáhlé sítě a její realizace ve virtuálním prostředí je funkční a použitelná pro pokusné účely i pro studijní účely.This Master's Thesis (further only MT) deals with subject of enterprise network design according to recommendations of Cisco company. As part of the thesis is developed simulation of enterprise network, according to created concept. The virtual lab is realized by open-source programs and monitored by Nagios software. The first part contains brief introduction to network designs and description of hierarchical network design. The second part describes building blocks of the network design and their role in hierarchical network. Each block is further divided into specific network devices and then there are described services that have to be provided by them. The third part of MT deals with basic service demands which are expected from today’s network infrastructures. The main focus is on availability of network services. There are specified information about second and third layer protocols of OSI model which are securing availability of all services provided by the network infrastructure in case of failure. The following fourth part contains information about WAN design. The fifth part describes security risks which can jeopardize network availability. It also contains description of attacks on network users. The sixth part of MT contains brief description of software tools for network management and monitoring (Nagios, Cisco Security Device Manager) and programs for simulating Cisco routes and switches (Dynamips & Dynagen, GNS3) and Cisco PIX firewall simulation program (PEMU). The seventh chapter deals with developed network design concept. The concept is deployed as virtual lab running under simulation programs. The virtual infrastructure allows demonstration of settings and behavior of all protocols and equipments described before. In conclusion is the most important recognition that the network concept and its simulation as virtual lab is functional and it can be used for tests or educational purposes.