Strengthening e-banking security using keystroke dynamics

This paper investigates keystroke dynamics and its possible use as a tool to prevent or detect fraud in the banking industry. Given that banks are constantly on the lookout for improved methods to address the menace of fraud, the paper sets out to review keystroke dynamics, its advantages, disadvantages and potential for improving the security of e-banking systems. This paper evaluates keystroke dynamics suitability of use for enhancing security in the banking sector. Results from the literature review found that keystroke dynamics can offer impressive accuracy rates for user identification. Low costs of deployment and minimal change to users modus operandi make this technology an attractive investment for banks. The paper goes on to argue that although this behavioural biometric may not be suitable as a primary method of authentication, it can be used as a secondary or tertiary method to complement existing authentication systems

Postmortem iris recognition and its application in human identification

Iris recognition is a validated and non-invasive human identification technology currently implemented for the purposes of surveillance and security (i.e. border control, schools, military). Similar to deoxyribonucleic acid (DNA), irises are a highly individualizing component of the human body. Based on a lack of genetic penetrance, irises are unique between an individual’s left and right iris and between identical twins, proving to be more individualizing than DNA. At this time, little to no research has been conducted on the use of postmortem iris scanning as a biometric measurement of identification. The purpose of this pilot study is to explore the use of iris recognition as a tool for postmortem identification. Objectives of the study include determining whether current iris recognition technology can locate and detect iris codes in postmortem globes, and if iris scans collected at different postmortem time intervals can be identified as the same iris initially enrolled. Data from 43 decedents involving 148 subsequent iris scans demonstrated a subsequent match rate of approximately 80%, supporting the theory that iris recognition technology is capable of detecting and identifying an individual’s iris code in a postmortem setting. A chi-square test of independence showed no significant difference between match outcomes and the globe scanned (left vs. right), and gender had no bearing on the match outcome. There was a significant relationship between iris color and match outcome, with blue/gray eyes yielding a lower match rate (59%) compared to brown (82%) or green/hazel eyes (88%), however, the sample size of blue/gray eyes in this study was not large enough to draw a meaningful conclusion. An isolated case involving an antemortem initial scan collected from an individual on life support yielded an accurate identification (match) with a subsequent scan captured at approximately 10 hours postmortem. Falsely rejected subsequent iris scans or "no match" results occurred in about 20% of scans; they were observed at each PMI range and varied from 19-30%. The false reject rate is too high to reliably establish non-identity when used alone and ideally would be significantly lower prior to implementation in a forensic setting; however, a "no match" could be confirmed using another method. Importantly, the data showed a false match rate or false accept rate (FAR) of zero, a result consistent with previous iris recognition studies in living individuals. The preliminary results of this pilot study demonstrate a plausible role for iris recognition in postmortem human identification. Implementation of a universal iris recognition database would benefit the medicolegal death investigation and forensic pathology communities, and has potential applications to other situations such as missing persons and human trafficking cases

Establishing the digital chain of evidence in biometric systems

Traditionally, a chain of evidence or chain of custody refers to the chronological documentation, or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic. Whether in the criminal justice system, military applications, or natural disasters, ensuring the accuracy and integrity of such chains is of paramount importance. Intentional or unintentional alteration, tampering, or fabrication of digital evidence can lead to undesirable effects. We find despite the consequences at stake, historically, no unique protocol or standardized procedure exists for establishing such chains. Current practices rely on traditional paper trails and handwritten signatures as the foundation of chains of evidence.;Copying, fabricating or deleting electronic data is easier than ever and establishing equivalent digital chains of evidence has become both necessary and desirable. We propose to consider a chain of digital evidence as a multi-component validation problem. It ensures the security of access control, confidentiality, integrity, and non-repudiation of origin. Our framework, includes techniques from cryptography, keystroke analysis, digital watermarking, and hardware source identification. The work offers contributions to many of the fields used in the formation of the framework. Related to biometric watermarking, we provide a means for watermarking iris images without significantly impacting biometric performance. Specific to hardware fingerprinting, we establish the ability to verify the source of an image captured by biometric sensing devices such as fingerprint sensors and iris cameras. Related to keystroke dynamics, we establish that user stimulus familiarity is a driver of classification performance. Finally, example applications of the framework are demonstrated with data collected in crime scene investigations, people screening activities at port of entries, naval maritime interdiction operations, and mass fatality incident disaster responses

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Security and privacy issues in implantable medical devices: A comprehensive survey

Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase