Bridging the gap between human and machine trust : applying methods of user-centred design and usability to computer security

This work presents methods for improving the usability of security. The work focuses on trust as part of computer security. Methods of usability and user-centred design present an essential starting point for the research. The work uses the methods these fields provide to investigate differences between machine and human trust, as well as how the technical expressions of trust could be made more usable by applying these methods. The thesis is based on nine publications, which present various possibilities to research trust with user-centric methods. The publications proceed chronologically and logically from the first user interviews about trust, trusting attitudes and behaviours in general to the actual design and usability testing of user interfaces for security applications, finally presenting the outcomes and conclusions of the research. The work also presents a review of relevant previous work in the area, concentrating on work done in the fields of usability and user-centred design. The work is of cross-disciplinary nature, falling into the areas of human-computer interaction, computer science and telecommunications. The ultimate goal of the conducted research has been to find out 1) how trust is to be understood in this context; 2) what methods can be used to gain insight into trust thus defined; and, finally, 3) what means can be used to create trust in the end users in online situations, where trust is needed. The work aims at providing insight into how trust can be studied with the methods provided by user-centred design and usability. Further, it investigates how to take understanding of trust formation in humans into account when attempting to design trust-inducing systems and applications. The work includes an analysis and comparison of the methods used: what kinds of methods to study trust exist in the field of usability and user-centred design. Further, it is evaluated, what kind of results and when can be reached with the different methods available, by applying a variety of these methods. Recommendations for the appropriate application of these methods when studying the various parts of trust is one of the outcomes. The results received with the methods used have also been compared with results received by others by applying alternative methods to the same research questions. On a conceptual level, the work contains an analysis of the concept of trust. It also contains a brief investigation into both technical and humane ways to express trust, with a comparison between the two

SocialLink: a Social Network Based Trust System for P2P File Sharing Systems

In peer-to-peer (P2P) file sharing systems, many autonomous peers without preexisting trust relationships share files with each other. Due to their open environment and distributed structure, these systems are vulnerable to the significant impact from selfish and misbehaving nodes. Free-riding, whitewash, collusion and Sybil attacks are common and serious threats, which severely harm non-malicious users and degrade the system performance. Many trust systems were proposed for P2P file sharing systems to encourage cooperative behaviors and punish non-cooperative behaviors. However, querying reputation values usually generates latency and overhead for every user. To address this problem, a social network based trust system (i.e., SocialTrust) was proposed that enables nodes to first request files from friends without reputation value querying since social friends are trustable, and then use trust systems upon friend querying failure when a node\u27s friends do not have its queried file. However, trust systems and SocialTrust cannot effectively deal with free-riding, whitewash, collusion and Sybil attacks. To handle these problems, in this thesis, we introduce a novel trust system, called SocialLink, for P2P file sharing systems. By enabling nodes to maintain personal social network with trustworthy friends, SocialLink encourages nodes to directly share files between friends without querying reputations and hence reduces reputation querying cost. To guarantee the quality of service (QoS) of file provisions from non-friends, SocialLink establishes directionally weighted links from the server to the client with successful file transaction history to constitute a weighted transaction network , in which the link weight is the size of the transferred file. In this way, SocialLink prevents potential fraudulent transactions (i.e., low-QoS file provision) and encourages nodes to contribute files to non-friends. By constraining the connections between malicious nodes and non-malicious nodes in the weighted transaction network, SocialLink mitigates the adverse effect from whitewash, collusion and Sybil attacks. By simulating experiments, we demonstrate that SocialLink efficiently saves querying cost, reduces free-riding, and prevents damage from whitewash, collusion and Sybil attacks

Research opportunities for argumentation in social networks

Nowadays, many websites allow social networking between their users in an explicit or implicit way. In this work, we show how argumentation schemes theory can provide a valuable help to formalize and structure on-line discussions and user opinions in decision support and business oriented websites that held social networks between their users. Two real case studies are studied and analysed. Then, guidelines to enhance social decision support and recommendations with argumentation are provided.This work summarises results of the authors joint research, funded by an STMS of the Agreement Technologies COST Action 0801, by the Spanish government grants [CONSOLIDER-INGENIO 2010 CSD2007-00022, and TIN2012-36586-C03-01] and by the GVA project [PROMETEO 2008/051].Heras Barberá, SM.; Atkinson, KM.; Botti Navarro, VJ.; Grasso, F.; Julian Inglada, VJ.; Mcburney, PJ. (2013). Research opportunities for argumentation in social networks. Artificial Intelligence Review. 39(1):39-62. doi:10.1007/s10462-012-9389-0S3962391Amgoud L (2009) Argumentation for decision making. Argumentation in artificial intelligence. Springer, BerlinAnderson P (2007) What is Web 2.0? Ideas, technologies and implications for education. JISC Iechnology and Standards Watch reportBentahar J, Meyer CJJ, Moulin B (2007) Securing agent-oriented systems: an argumentation and reputation-based approach. In: Proceedings of the 4th international conference on information technology: new generations (ITNG 2007), IEEE Computer Society, pp 507–515Buckingham Shum S (2008) Cohere: towards Web 2.0 argumentation. In: Proceedings of the 2nd international conference on computational models of argument, COMMA, pp 28–30Burke R (2002) Hybrid recommender systems: survey and experiments. User Model User-Adapt Interact 12:331–370Cartwright D, Atkinson K (2008) Political engagement through tools for argumentation. In: Proceedings of the second international conference on computational models of argument (COMMA 2008), pp 116–127Chesñevar C, McGinnis J, Modgil S, Rahwan I, Reed C, Simari G, South M, Vreeswijk G, Willmott S (2006) Towards an argument interchange format. Knowl Eng Rev 21(4):293–316Chesñevar CI, Maguitman AG, Gonzàlez MP (2009) Empowering recommendation technologies through argumentation. Argumentation in artificial intelligence. Springer, Berlin, pp 403–422García AJ, Dix J, Simari GR (2009) Argument-based logic programming. Argumentation in artificial intelligence. Springer, BerlinGolbeck J (2006) Generating predictive movie recommendations from trust in social networks. In: Proceedings of the fourth international conference on trust management, LNCS, vol 3986, 93–104Gordon T, Prakken H, Walton D (2007) The Carneades model of argument and burden of proof. Artif Intell 171(10–15):875–896Guha R, Kumar R, Raghavan P, Tomkins A (2004) Propagating trust and distrust. In: Proceedings of the 13th international conference on, World Wide Web, pp 403–412Heras S, Navarro M, Botti V, Julián V (2009) Applying dialogue games to manage recommendation in social networks. In: Proceedings of the 6th international workshop on argumentation in multi-agent aystems, ArgMASHeras S, Atkinson K, Botti V, Grasso F, Julián V, McBurney P (2010a) How argumentation can enhance dialogues in social networks. In: Proceedings of the 3rd international conference on computational models of argument, COMMA, vol 216, pp 267–274Heras S, Atkinson K, Botti V, Grasso F, Julián V, McBurney P (2010b) Applying argumentation to enhance dialogues in social networks. In: ECAI 2010 workshop on computational models of natural argument, CMNA, pp 10–17Karacapilidis N, Tzagarakis M (2007) Web-based collaboration and decision making support: a multi-disciplinary approach. Web-Based Learn Teach Technol 2(4):12–23Kim D, Benbasat I (2003) Trust-related arguments in internet stores: a framework for evaluation. J Electron Commer Res 4(2):49–64Kim D, Benbasat I (2006) The effects of trust-assuring arguments on consumer trust in internet stores: application of Toulmin’s model of argumentation. Inf Syst Rese 17(3):286–300Laera L, Tamma V, Euzenat J, Bench-Capon T, Payne T (2006) Reaching agreement over ontology alignments. In: Proceedings of the 5th international semantic web conference (ISWC 2006)Lange C, Bojãrs U, Groza T, Breslin J, Handschuh S (2008) Expressing argumentative discussions in social media sites. In: Social data on the web (SDoW2008) workshop at the 7th international semantic web conferenceLinden G, Smith B, York J (2003) Amazon.com recommendations: item-to-item collaborative filtering. IEEE Internet Comput 7(1):76–80Linden G, Hong J, Stonebraker M, Guzdial M (2009) Recommendation algorithms, online privacy and more. Commun ACM, 52(5)Mika P (2007) Ontologies are us: a unified model of social networks and semantics. J Web Semant 5(1):5–15Montaner M, López B, de la Rosa JL (2002) Opinion-based filtering through trust. In: Cooperative information agents VI, LNCS, vol 2446, pp 127–144Ontañón S, Plaza E (2008) Argumentation-based information exchange in prediction markets. In: Proceedings of the 5th international workshop on argumentation in multi-agent systems, ArgMASPazzani MJ, Billsus D (2007) Content-based recommendation systems. In: The adaptive web, LNCS, vol 4321, pp 325–341Rahwan I, Zablith F, Reed C (2007) Laying the foundations for a world wide argument web. Artif Intell 171(10–15):897–921Rahwan I, Banihashemi B (2008) Arguments in OWL: a progress report. In: Proceedings of the 2nd international conference on computational models of argument (COMMA), pp 297–310Reed C, Walton D (2007) Argumentation schemes in dialogue. In: Dissensus and the search for common ground, OSSA-07, volume CD-ROM, pp 1–11Sabater J, Sierra C (2002) Reputation and social network analysis in multi-agent systems. In: Proceedings of the 1st international joint conference on autonomous agents and multiagent systems, vol 1, pp 475–482Schafer JB, Konstan JA, Riedl J (2001) E-commerce recommendation applications. Data Min Knowl Discov 5:115–153Schafer JB, Frankowski D, Herlocker J, Sen S (2007) Collaborative filtering recommender systems. In: The adaptive web, LNCS, vol 4321, pp 291–324Schneider J, Groza T, Passant A (2012) A review of argumentation for the aocial semantic web. Semantic web-interoperability, usability, applicability. IOS Press, Washington, DCTempich C, Pinto HS, Sure Y, Staab S (2005) An argumentation ontology for distributed, loosely-controlled and evolvInG Engineering processes of oNTologies (DILIGENT). In: Proceedings of the 2nd European semantic web conference, ESWC, pp 241–256Toulmin SE (1958) The uses of argument. Cambridge University Press, Cambridge, UKTrojahn C, Quaresma P, Vieira R, Isaac A (2009) Comparing argumentation frameworks for composite ontology matching. in: Proceedings of the 6th international workshop on argumentation in multi-agent systems, ArgMASTruthMapping. http://truthmapping.com/Walter FE, Battiston S, Schweitzer F (2007) A model of a trust-based recommendation system on a social network. J Auton Agents Multi-Agent Syst 16(1):57–74Walton D, Krabbe E (1995) Commitment in dialogue: basic concepts of interpersonal reasoning. State University of New York Press, New York, NYWalton D, Reed C, Macagno F (2008) Argumentation schemes. Cambridge University Press, CambridgeWells S, Gourlay C, Reed C (2009) Argument blogging. Computational models of natural argument, CMNAWyner A, Schneider J (2012) Arguing from a point of view. In: Proceedings of the first international conference on agreement technologie

Incentive Mechanisms in Peer-to-Peer Networks — A Systematic Literature Review

Centralized networks inevitably exhibit single points of failure that malicious actors regularly target. Decentralized networks are more resilient if numerous participants contribute to the network’s functionality. Most decentralized networks employ incentive mechanisms to coordinate the participation and cooperation of peers and thereby ensure the functionality and security of the network. This article systematically reviews incentive mechanisms for decentralized networks and networked systems by covering 165 prior literature reviews and 178 primary research papers published between 1993 and October 2022. Of the considered sources, we analyze 11 literature reviews and 105 primary research papers in detail by categorizing and comparing the distinctive properties of the presented incentive mechanisms. The reviewed incentive mechanisms establish fairness and reward participation and cooperative behavior. We review work that substitutes central authority through independent and subjective mechanisms run in isolation at each participating peer and work that applies multiparty computation. We use monetary, reputation, and service rewards as categories to differentiate the implementations and evaluate each incentive mechanism’s data management, attack resistance, and contribution model. Further, we highlight research gaps and deficiencies in reproducibility and comparability. Finally, we summarize our assessments and provide recommendations to apply incentive mechanisms to decentralized networks that share computational resources

A Critical Investigation into Identifying Key Focus Areas for the Implementation of Blockchain Technology in the Mining Industry

Thesis (PhD)--University of Pretoria, 2023.The value of digital information is ever-increasing as more companies utilize digital technologies such as Artificial Intelligence (AI) and the Internet of Things (IoT) to gain deeper insight into their business operations and drive productivity gains. It is therefore important to safeguard and ensure the integrity of digital information exchange. Blockchain technology (BCT) was identified as potentially providing the mining industry with a trusted system for securely exchanging digital value. However, there is little evidence or understanding of how/where BCT can be implemented and what benefits the industry could obtain. This research study provides a fundamental understanding of what the technology is in order to identify the associated capabilities and potential application benefits for the mining industry. From a technology push perspective, blockchain capabilities are used to evaluate how the technology’s value drivers map to the mining industries core value chain processes. This was done to identify potential focus areas within the mining enterprise for further research and development of blockchain applications.ARMMining EngineeringMEngUnrestricte

Towards internet voting in the state of Qatar

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government

Authentication Based on Blockchain

Across past decade online services have enabled individuals and organizations to perform different types of transactions such as banking, government transactions etc. The online services have also enabled more developments of applications, at cheap cost with elastic and scalable, fault tolerant system. These online services are offered by services providers which are use authentication, authorization and accounting framework based on client-server model. Though this model has been used over decades, study shows it is vulnerable to different hacks and it is also inconvenient to use for the end users. In addition, the services provider has total control over user data which they can monitor, trace, leak and even modify at their will. Thus, the user data ownership, digital identity and use of online services has raised privacy and security concern for the users. In this thesis, Blockchain and the e-pass application are studied and alternative model for authentication, authorization and accounting is proposed based on Ethereum Blockchain. Furthermore, a prototype is developed which enables users to consume online services by authenticating, authorizing, and accounting with a single identity without sharing any private user data with the services provider center server. Experiments are run with the prototype to verify that it works as expected. Measurements are done to assess the feasibility and scalability of the solution. In the final part of the thesis, pros and cons of the proposed solution are discussed and perspectives for further research are sketched

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Background: Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective: This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods: A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results: Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions: Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients\u27 intention to use PHSs on P2P networks by making them safe to use