A hybrid learning scheme towards authenticating hand-geometry using multi-modal features

Usage of hand geometry towards biometric-based authentication mechanism has been commercially practiced since last decade. However, there is a rising security problem being surfaced owing to the fluctuating features of hand-geometry during authentication mechanism. Review of existing research techniques exhibits the usage of singular features of hand-geometric along with sophisticated learning schemes where accuracy is accomplished at the higher cost of computational effort. Hence, the proposed study introduces a simplified analytical method which considers multi-modal features extracted from hand geometry which could further improve upon robust recognition system. For this purpose, the system considers implementing hybrid learning scheme using convolution neural network and Siamese algorithm where the former is used for feature extraction and latter is used for recognition of person on the basis of authenticated hand geometry. The main results show that proposed scheme offers 12.2% of improvement in accuracy compared to existing models exhibiting that with simpler amendment by inclusion of multi-modalities, accuracy can be significantly improve without computational burden

Don’t Use Fingerprint, it’s Raining! How People Use and Perceive Context-Aware Selection of Mobile Authentication

This paper investigates how smartphone users perceive switching from their primary authentication mechanism to a fallback one, based on the context. This is useful in cases where the primary mechanism fails (e.g., wet fingers when using fingerprint). While prior work introduced the concept, we are the first to investigate its perception by users and their willingness to follow a system's suggestion for a switch. We present findings from a two-week field study (N=29) using an Android app, showing that users are willing to adopt alternative mechanisms when prompted. We discuss how context-awareness can improve the perception of authentication reliability and potentially improve usability and security

Proceedings of the Doctoral Consortium in Computer Science (JIPII 2021)

Actas de las Jornadas de Investigación Predoctoral en Ingeniería InformáticaThis volume contains the proceedings of the Primeras Jornadas de Investigación Predoctoral en Ingeniería Informática - First Doctoral Consortium in Computer Science, JIPII 2021, which was held online on June 15th, 2021. The aim of JIPII 2021 was to provide a forum for PhD students to present and discuss their research under the guidance of a panel of senior researchers. The advances in their PhD theses under development in the Doctoral Program in Computer Science were presented in the Consortium. This Doctoral Program belongs to the Doctoral School of the University of Cadiz (EDUCA). Different stages of research were covered, from the most incipient phase, such as the PhD Thesis plans (or even a Master’s Thesis), to the most advanced phases in which the defence of the PhD Thesis is imminent. We enjoyed twenty very nice and interesting talks, organized in four sessions. We had a total of fifty participants, including speakers and attendees, with an average of thirty-two people in the morning sessions and an average of twenty people in the afternoon sessions. Several people contributed to the success of JIPII 2021. We are grateful to the Academic Committee of the Doctoral Program in Computer Science and the School of Engineering for their support. We would like also to thank the Program Committee for their work in reviewing the papers, as well as all the students and supervisors for their interest and participation. Finally, the proceedings have been published by the Department of Computer Science and Engineering. We hope that you find the proceedings useful, interesting, and challenging

Usable privacy and security in smart homes

Ubiquitous computing devices increasingly dominate our everyday lives, including our most private places: our homes. Homes that are equipped with interconnected, context-aware computing devices, are considered “smart” homes. To provide their functionality and features, these devices are typically equipped with sensors and, thus, are capable of collecting, storing, and processing sensitive user data, such as presence in the home. At the same time, these devices are prone to novel threats, making our homes vulnerable by opening them for attackers from outside, but also from within the home. For instance, remote attackers who digitally gain access to presence data can plan for physical burglary. Attackers who are physically present with access to devices could access associated (sensitive) user data and exploit it for further cyberattacks. As such, users’ privacy and security are at risk in their homes. Even worse, many users are unaware of this and/or have limited means to take action. This raises the need to think about usable mechanisms that can support users in protecting their smart home setups. The design of such mechanisms, however, is challenging due to the variety and heterogeneity of devices available on the consumer market and the complex interplay of user roles within this context. This thesis contributes to usable privacy and security research in the context of smart homes by a) understanding users’ privacy perceptions and requirements for usable mechanisms and b) investigating concepts and prototypes for privacy and security mechanisms. Hereby, the focus is on two specific target groups, that are inhabitants and guests of smart homes. In particular, this thesis targets their awareness of potential privacy and security risks, enables them to take control over their personal privacy and security, and illustrates considerations for usable authentication mechanisms. This thesis provides valuable insights to help researchers and practitioners in designing and evaluating privacy and security mechanisms for future smart devices and homes, particularly targeting awareness, control, and authentication, as well as various roles.Computer und andere „intelligente“, vernetzte Geräte sind allgegenwärtig und machen auch vor unserem privatesten Zufluchtsort keinen Halt: unserem Zuhause. Ein „intelligentes Heim“ verspricht viele Vorteile und nützliche Funktionen. Um diese zu erfüllen, sind die Geräte mit diversen Sensoren ausgestattet – sie können also in unserem Zuhause sensitive Daten sammeln, speichern und verarbeiten (bspw. Anwesenheit). Gleichzeitig sind die Geräte anfällig für (neuartige) Cyberangriffe, gefährden somit unser Zuhause und öffnen es für potenzielle – interne sowie externe – Angreifer. Beispielsweise könnten Angreifer, die digital Zugriff auf sensitive Daten wie Präsenz erhalten, einen physischen Überfall in Abwesenheit der Hausbewohner planen. Angreifer, die physischen Zugriff auf ein Gerät erhalten, könnten auf assoziierte Daten und Accounts zugreifen und diese für weitere Cyberangriffe ausnutzen. Damit werden die Privatsphäre und Sicherheit der Nutzenden in deren eigenem Zuhause gefährdet. Erschwerend kommt hinzu, dass viele Nutzenden sich dessen nicht bewusst sind und/oder nur limitierte Möglichkeiten haben, effiziente Gegenmaßnahmen zu ergreifen. Dies macht es unabdingbar, über benutzbare Mechanismen nachzudenken, die Nutzende beim Schutz ihres intelligenten Zuhauses unterstützen. Die Umsetzung solcher Mechanismen ist allerdings eine große Herausforderung. Das liegt unter anderem an der großen Vielfalt erhältlicher Geräte von verschiedensten Herstellern, was das Finden einer einheitlichen Lösung erschwert. Darüber hinaus interagieren im Heimkontext meist mehrere Nutzende in verschieden Rollen (bspw. Bewohner und Gäste), was die Gestaltung von Mechanismen zusätzlich erschwert. Diese Doktorarbeit trägt dazu bei, benutzbare Privatsphäre- und Sicherheitsmechanismen im Kontext des „intelligenten Zuhauses“ zu entwickeln. Insbesondere werden a) die Wahrnehmung von Privatsphäre sowie Anforderungen an potenzielle Mechanismen untersucht, sowie b) Konzepte und Prototypen für Privatsphäre- und Sicherheitsmechanismen vorgestellt. Der Fokus liegt hierbei auf zwei Zielgruppen, den Bewohnern sowie den Gästen eines intelligenten Zuhauses. Insbesondere werden in dieser Arbeit deren Bewusstsein für potenzielle Privatsphäre- und Sicherheits-Risiken adressiert, ihnen Kontrolle über ihre persönliche Privatsphäre und Sicherheit ermöglicht, sowie Möglichkeiten für benutzbare Authentifizierungsmechanismen für beide Zielgruppen aufgezeigt. Die Ergebnisse dieser Doktorarbeit legen den Grundstein für zukünftige Entwicklung und Evaluierung von benutzbaren Privatsphäre und Sicherheitsmechanismen im intelligenten Zuhause

Challenges of digital privacy in banking organizations

As the information and technology age becomes more advanced, digital privacy flaws have become more challenging. Information technology (IT) security managers, chief information security officers, and other stakeholders in banks are concerned with identity-based authentication attacks because identity-theft attacks cause data breaches. Grounded in the protection motivation theory, the purpose of this qualitative pragmatic study was to examine strategies IT security professionals working on internet banking platforms use to mitigate identity-based authentication attacks. The study participants comprised five IT security professionals currently working in the online banking industry from the northeastern United States with at least 5 years of experience handling digital banking platforms. Data were collected from interviews with five IT security professionals and publicly accessible documents such as NIST documents and industry standards. Data were analyzed using thematic analysis. Five major themes emerged from the analysis: comprehensive user authentication, importance of data encryption, system audits, intrusion detection systems, and comprehensive user policies. A key recommendation is to train all users on secure usage of the bank’s digital transaction platform by providing mandatory privacy protection training and security awareness to users before they successfully create or access financial accounts. The implications for positive social change include the potential to increase the number of users to effectively use cybersecurity policies, techniques, tools, and training designed to protect their online banking accounts from identity-based authentication attacks

Securing teleoperated robot: Classifying human operator identity and emotion through motion-controlled robotic behaviors

Teleoperated robotic systems allow human operators to control robots from a distance, which mitigates the constraints of physical distance between the operators and offers invaluable applications in the real world. However, the security of these systems is a critical concern. System attacks and the potential impact of operators’ inappropriate emotions can result in misbehavior of the remote robots, which poses risks to the remote environment. These concerns become particularly serious when performing mission-critical tasks, such as nuclear cleaning. This thesis explored innovative security methods for the teleoperated robotic system. Common methods of security that can be used for teleoperated robots include encryption, robot misbehavior detection and user authentication. However, they have limitations for teleoperated robot systems. Encryption adds communication overheads to the systems. Robot misbehavior detection can only detect unusual signals on robot devices. The user authentication method secured the system primarily at the access point. To address this, we built motioncontrolled robot platforms that allow for robot teleoperation and proposed methods of performing user classification directly on remote-controlled robotic behavioral data to enhance security integrity throughout the operation. We discussed in Chapter 3 and conducted 4 experiments. Experiments 1 and 2 demonstrated the effectiveness of our approach, achieving user classification accuracy of 95% and 93% on two platforms respectively, using motion-controlled robotic end-effector trajectories. The results in experiment 3 further indicated that control system performance directly impacts user classification efficacy. Additionally, we deployed an AI agent to protect user biometric identities, ensuring the robot’s actions do not compromise user privacy in the remote environment in experiment 4. This chapter provided a foundation of methodology and experiment design for the next work. Additionally, Operators’ emotions could pose a security threat to the robot system. A remote robot operator’s emotions can significantly impact the resulting robot’s motions leading to unexpected consequences, even when the user follows protocol and performs permitted tasks. The recognition of a user operator’s emotions in remote robot control scenarios is, however, under-explored. Emotion signals mainly are physiological signals, semantic information, facial expressions and bodily movements. However, most physiological signals are electrical signals and are vulnerable to motion artifacts, which can not acquire the accurate signal and is not suitable for teleoperated robot systems. Semantic information and facial expressions are sometimes not accessible and involve high privacy issues and add additional sensors to the teleoperated systems. We proposed the methods of emotion recognition through the motion-controlled robotic behaviors in Chapter 4. This work demonstrated for the first time that the motioncontrolled robotic arm can inherit human operators’ emotions and emotions can be classified through robotic end-effector trajectories, achieving an 83.3% accuracy. We developed two emotion recognition algorithms using Dynamic Time Warping (DTW) and Convolutional Neural Network (CNN), deriving unique emotional features from the avatar’s end-effector motions and joint spatial-temporal characteristics. Additionally, we demonstrated through direct comparison that our approach is more appropriate for motion-based telerobotic applications than traditional ECG-based methods. Furthermore, we discussed the implications of this system on prominent current and future remote robot operations and emotional robotic contexts. By integrating user classification and emotion recognition into teleoperated robotic systems, this thesis lays the groundwork for a new security paradigm that enhances both the safety of remote operations. Recognizing users and their emotions allows for more contextually appropriate robot responses, potentially preventing harm and improving the overall quality of teleoperated interactions. These advancements contribute significantly to the development of more adaptive, intuitive, and human-centered HRI applications, setting a precedent for future research in the field