Passphrase and keystroke dynamics authentication: security and usability

It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation

Poker as a Skill Game: Rational vs Irrational Behaviors

In many countries poker is one of the most popular card games. Although each variant of poker has its own rules, all involve the use of money to make the challenge meaningful. Nowadays, in the collective consciousness, some variants of poker are referred to as games of skill, others as gambling. A poker table can be viewed as a psychology lab, where human behavior can be observed and quantified. This work provides a preliminary analysis of the role of rationality in poker games, using a stylized version of Texas Hold'em. In particular, we compare the performance of two different kinds of players, i.e., rational vs irrational players, during a poker tournament. Results show that these behaviors (i.e., rationality and irrationality) affect both the outcomes of challenges and the way poker should be classified.Comment: 15 pages, 5 figure

Information flow between resting state networks

The resting brain dynamics self-organizes into a finite number of correlated patterns known as resting state networks (RSNs). It is well known that techniques like independent component analysis can separate the brain activity at rest to provide such RSNs, but the specific pattern of interaction between RSNs is not yet fully understood. To this aim, we propose here a novel method to compute the information flow (IF) between different RSNs from resting state magnetic resonance imaging. After haemodynamic response function blind deconvolution of all voxel signals, and under the hypothesis that RSNs define regions of interest, our method first uses principal component analysis to reduce dimensionality in each RSN to next compute IF (estimated here in terms of Transfer Entropy) between the different RSNs by systematically increasing k (the number of principal components used in the calculation). When k = 1, this method is equivalent to computing IF using the average of all voxel activities in each RSN. For k greater than one our method calculates the k-multivariate IF between the different RSNs. We find that the average IF among RSNs is dimension-dependent, increasing from k =1 (i.e., the average voxels activity) up to a maximum occurring at k =5 to finally decay to zero for k greater than 10. This suggests that a small number of components (close to 5) is sufficient to describe the IF pattern between RSNs. Our method - addressing differences in IF between RSNs for any generic data - can be used for group comparison in health or disease. To illustrate this, we have calculated the interRSNs IF in a dataset of Alzheimer's Disease (AD) to find that the most significant differences between AD and controls occurred for k =2, in addition to AD showing increased IF w.r.t. controls.Comment: 47 pages, 5 figures, 4 tables, 3 supplementary figures. Accepted for publication in Brain Connectivity in its current for

Detecting the Anti-Social Activity on Twitter using EGBDT with BCM

The rise of social media and its consequences is a hot topic on research platforms. Twitter has drawn the attention of the research community in recent years due to various qualities it possesses. They include Twitter's open nature, which, unlike other platforms, allows visitors to see posts posted by Twitter users without having to register. In twitter the sentiment analysis of tweets are used for detecting the anti-social activity event which is one of the challenging tasks in existing works. There are many classification algorithms are used to detect the anti-social activities but they obtains less accuracy. The EGBDT (Enhanced Gradient-Boosted Decision Tree) is used to optimize the best features from the NSD dataset and it is given as input to BCM (Bayesian Certainty Method) for detecting the anti-social activities. In this work, tweets from NSD dataset are used for analyzing the sentiment polarity i.e. positive or negative. The efficiency of the proposed work is compared with SVM, KNN and C4.5. From this analysis the proposed EGBDT and BCM obtained better results than other techniques

A Utility-Theoretic Approach to Privacy in Online Services

Online offerings such as web search, news portals, and e-commerce applications face the challenge of providing high-quality service to a large, heterogeneous user base. Recent efforts have highlighted the potential to improve performance by introducing methods to personalize services based on special knowledge about users and their context. For example, a user's demographics, location, and past search and browsing may be useful in enhancing the results offered in response to web search queries. However, reasonable concerns about privacy by both users, providers, and government agencies acting on behalf of citizens, may limit access by services to such information. We introduce and explore an economics of privacy in personalization, where people can opt to share personal information, in a standing or on-demand manner, in return for expected enhancements in the quality of an online service. We focus on the example of web search and formulate realistic objective functions for search efficacy and privacy. We demonstrate how we can find a provably near-optimal optimization of the utility-privacy tradeoff in an efficient manner. We evaluate our methodology on data drawn from a log of the search activity of volunteer participants. We separately assess users’ preferences about privacy and utility via a large-scale survey, aimed at eliciting preferences about peoples’ willingness to trade the sharing of personal data in returns for gains in search efficiency. We show that a significant level of personalization can be achieved using a relatively small amount of information about users

Models and frameworks for studying social behaviors

Studies on social systems and human behavior are typically considered domain of humanities and psychology. However, it appears that recently these issues have attracted a strong interest also from the scienti�c community belonging to the hard sciences {in particular from physics, computer science and mathematics. The network theory o�ers powerful tools to study social systems and human behavior. In particular, complex networks have gained a lot of prestige as general framework for representing and analyze real systems. From an historical perspective, complex networks are rooted in graph theory {which in turn is dated back to 1736, when Leonhard Euler wrote the paper on the seven bridges of K�onigsberg. After Euler's work, di�erent mathematicians (e.g. Cayley) focused their research on graphs {opening the possibility of applying their results to deal with theoretical and real problems. As a result, complex networks emerged as multidisciplinary approach for studying complex systems. From a computational perspective, models based on complex networks allows to extract information on complex systems composed by a great number of interacting elements. A variety of systems can be modelled as a complex network (e.g. social networks, the World Wide Web, internet, biological systems, and ecological systems). To summarize, any such system should give the possibility of viewing its elements as simple (at some degree of abstraction), while assuming the existence of nonlinear interactions, the absence of a central control, and emergent behavior. Nowadays, scientists belonging to di�erent communities use complex networks as a framework for dealing with their preferred research issues, from a theoretical and/or pratical perspective. This work is aimed at illustrating some models, based on complex networks, deemed useful to represent social behaviors like competitive dynamics, groups formation, and emergence of linguistics phenomena

Initial trust establishment for personal space IoT systems

University of Technology Sydney. Faculty of Engineering and Information Technology.Internet of Things (IoT) is becoming a reality with innovative applications, and IoT platforms have been developed to transfer technologies from research to business solutions. With IoT applications, we have greater control over personal devices and achieve more insights into the resource consumption habits; business processes can be streamlined; people are also better connected to each other. Despite the benefits derived from the IoT systems, users are concerned about the trustworthiness of their collected data and offered services. Security controls can prevent user’s data from being compromised during transmission, storage or unauthorized access, but do not provide a guarantee against the misbehaved devices that report incorrect information and poor services or avoid conducting a common task. Establishing trust relationship among devices and continuously monitoring their trust is the key to guarantee a reliable IoT system and hence mitigate user’s concerns. In this dissertation, we propose and investigate a novel initial trust establishment architecture for personal space IoT systems. In the initial trust establishment architecture, we propose a trust evidence generation module based on a challenge-response mechanism to generate the trust evidence relying on the device’s responses to the challenges, a trust knowledge assessment module to obtain the knowledge about the device from the generated trust evidence, and a trust evaluation scheme to quantify the initial trust level of the devices. We design and investigate a challenge-response information design to determine feasible designs of the challenge-response mechanism that ensure meaningful and related trust knowledge about the device’s trustworthiness captured from the challenge-response operations. A new trust-aware communication protocol is designed and implemented by incorporating the proposed initial trust establishment architecture into existing Bluetooth Low Energy (BLE) protocol to demonstrate the feasibility and efficiency of the proposed initial trust establishment architecture in practice. In this work, we first study building blocks and possible architectures of the IoT and analyze key requirements of an IoT system. Based on the analysis, we identify the critical role of the initial trust establishment model and the challenges of establishing initial trust in IoT systems due to the lack of knowledge for the trust assessment to work. To address the challenges, we propose a novel initial trust establishment architecture that can generate trust evidence for assessing the initial trust level of new devices by conducting challenge-response operations within a limited time window before they are admitted to the system. We propose three new initial trust establishment models based on the proposed architecture. An implicit relationship between the responses and the challenges is assumed for the system to judge the initial trustworthiness of the devices. The first model assesses the initial trust value based on a probability associated with the device’s behavior captured from the challenge-response process. The second model investigates the initial trust value based on a binary outcome set, and the third model quantifies the initial trust level based on a multiple-component outcome set from the challenge-response process. Subsequently, we propose the challenge-response information design where the challenge-response process is investigated and designed to determine the information space of the challenger’s view on its environment so that the challenge can invite relevant responses from the target environment. Based on the design of the challenge-response mechanism, the system can capture meaningful trust knowledge about the devices from challenge-response operations at their admission phase. We finally design and implement the initial trust-aware BLE protocol which incorporates the proposed initial trust establishment architecture into the existing BLE protocol. The simulation results show the efficiency, feasibility, and dependability of using initial trust-aware BLE protocol for building a trustworthy personal space IoT systems. The novelty of this research lies in assessing the devices’ initial trust level within a limited time window, before their admission to the personal space IoT system, without requiring prior experience or recommendations. The major contribution of this thesis is that it helps the IoT business solution providers to build secure and trustworthy IoT systems by admitting dependable devices, monitoring the trust of admitted devices, detecting maligned devices, and building long-term trust among. As a result, it mitigates the user’s concerns about the trustworthiness of IoT systems and encourages broader adoption of IoT applications