EyeSpot: leveraging gaze to protect private text content on mobile devices from shoulder surfing

As mobile devices allow access to an increasing amount of private data, using them in public can potentially leak sensitive information through shoulder surfing. This includes personal private data (e.g., in chat conversations) and business-related content (e.g., in emails). Leaking the former might infringe on users’ privacy, while leaking the latter is considered a breach of the EU’s General Data Protection Regulation as of May 2018. This creates a need for systems that protect sensitive data in public. We introduce EyeSpot, a technique that displays content through a spot that follows the user’s gaze while hiding the rest of the screen from an observer’s view through overlaid masks. We explore different configurations for EyeSpot in a user study in terms of users’ reading speed, text comprehension, and perceived workload. While our system is a proof of concept, we identify crystallized masks as a promising design candidate for further evaluation with regard to the security of the system in a shoulder surfing scenario

Usability and Trust in Information Systems

The need for people to protect themselves and their assets is as old as humankind. People's physical safety and their possessions have always been at risk from deliberate attack or accidental damage. The advance of information technology means that many individuals, as well as corporations, have an additional range of physical (equipment) and electronic (data) assets that are at risk. Furthermore, the increased number and types of interactions in cyberspace has enabled new forms of attack on people and their possessions. Consider grooming of minors in chat-rooms, or Nigerian email cons: minors were targeted by paedophiles before the creation of chat-rooms, and Nigerian criminals sent the same letters by physical mail or fax before there was email. But the technology has decreased the cost of many types of attacks, or the degree of risk for the attackers. At the same time, cyberspace is still new to many people, which means they do not understand risks, or recognise the signs of an attack, as readily as they might in the physical world. The IT industry has developed a plethora of security mechanisms, which could be used to mitigate risks or make attacks significantly more difficult. Currently, many people are either not aware of these mechanisms, or are unable or unwilling or to use them. Security experts have taken to portraying people as "the weakest link" in their efforts to deploy effective security [e.g. Schneier, 2000]. However, recent research has revealed at least some of the problem may be that security mechanisms are hard to use, or be ineffective. The review summarises current research on the usability of security mechanisms, and discusses options for increasing their usability and effectiveness

Enhancing Network Security Through Blockchain Technology: Challenges And Opportunities

The rapid proliferation of digital technologies has ushered in an era where network security is of paramount importance. Traditional security mechanisms have proven insufficient in protecting sensitive data and critical infrastructure from an ever-evolving landscape of cyber threats. Blockchain technology, originally designed to underpin cryptocurrencies like Bitcoin, has emerged as a promising solution for enhancing network security. Blockchain's core principles of decentralization, immutability, and transparency offer a unique approach to addressing vulnerabilities and mitigating risks in the digital realm. This paper examines how blockchain can enhance data integrity, authentication, and authorization processes, thereby fortifying the security posture of networks and systems. The paper discusses real-world applications and case studies where blockchain has been successfully implemented to bolster network security, such as supply chain management, identity verification, and secure communication protocols. These examples highlight the tangible benefits and opportunities that blockchain presents for organizations seeking to safeguard their digital assets and operations. In conclusion, this abstract underscore the pivotal role that blockchain technology can play in enhancing network security. By addressing challenges head-on and capitalizing on the opportunities it offers, organizations can build resilient, transparent, and secure digital ecosystems that protect against an ever-increasing array of cyber threats. The exploration of blockchain's potential in this context is critical for shaping the future of network security in our interconnected world

Conservation of Limited Resources: Design Principles for Security and Usability on Mobile Devices

Mobile devices have evolved from an accessory to the primary computing device for an increasing portion of the general population. Not only is mobile the primary device, consumers on average have multiple Internet-connected devices. The trend towards mobile has resulted in a shift to “mobile-first” strategies for delivering information and services in business organizations, universities, and government agencies. Though principles for good security design exist, those principles were formulated based upon the traditional workstation configuration instead of the mobile platform. Security design needs to follow the shift to a “mobile-first” emphasis to ensure the usability of the security interface. The mobile platform has constraints on resources that can adversely impact the usability of security. This research sought to identify design principles for usable security for mobile devices that address the constraints of the mobile platform. Security and usability have been seen as mutually exclusive. To accurately identify design principles, the relationship between principles for good security design and usability design must be understood. The constraints for the mobile environment must also be identified, and then evaluated for their impact on the interaction of a consumer with a security interface. To understand how the application of the proposed mobile security design principles is perceived by users, an artifact was built to instantiate the principles. Through a series of guided interactions, the importance of proposed design principles was measured in a simulation, in human-computer interaction, and in user perception. The measures showed a resounding difference between the usability of the same security design delivered on mobile vs. workstation platform. It also reveals that acknowledging the constraints of an environment and compensating for the constraints yields mobile security that is both usable and secure. Finally, the hidden cost of security design choices that distract the user from the surrounding environment were examined from both the security perspective and public safety perspective

CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions

The proliferation of the Internet and mobile devices has resulted in malicious bots access to genuine resources and data. Bots may instigate phishing, unauthorized access, denial-of-service, and spoofing attacks to mention a few. Authentication and testing mechanisms to verify the end-users and prohibit malicious programs from infiltrating the services and data are strong defense systems against malicious bots. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication process to confirm that the user is a human hence, access is granted. This paper provides an in-depth survey on CAPTCHAs and focuses on two main things: (1) a detailed discussion on various CAPTCHA types along with their advantages, disadvantages, and design recommendations, and (2) an in-depth analysis of different CAPTCHA breaking techniques. The survey is based on over two hundred studies on the subject matter conducted since 2003 to date. The analysis reinforces the need to design more attack-resistant CAPTCHAs while keeping their usability intact. The paper also highlights the design challenges and open issues related to CAPTCHAs. Furthermore, it also provides useful recommendations for breaking CAPTCHAs

Strategies for Improving Data Protection to Reduce Data Loss from Cyberattacks

Accidental and targeted data breaches threaten sustainable business practices and personal privacy, exposing all types of businesses to increased data loss and financial impacts. This single case study was conducted in a medium-sized enterprise located in Brevard County, Florida, to explore the successful data protection strategies employed by the information system and information technology business leaders. Actor-network theory was the conceptual framework for the study with a graphical syntax to model data protection strategies. Data were collected from semistructured interviews of 3 business leaders, archival documents, and field notes. Data were analyzed using thematic, analytic, and software analysis, and methodological triangulation. Three themes materialized from the data analyses: people--inferring security personnel, network engineers, system engineers, and qualified personnel to know how to monitor data; processes--inferring the activities required to protect data from data loss; and technology--inferring scientific knowledge used by people to protect data from data loss. The findings are indicative of successful application of data protection strategies and may be modeled to assess vulnerabilities from technical and nontechnical threats impacting risk and loss of sensitive data. The implications of this study for positive social change include the potential to alter attitudes toward data protection, creating a better environment for people to live and work; reduce recovery costs resulting from Internet crimes, improving social well-being; and enhance methods for the protection of sensitive, proprietary, and personally identifiable information, which advances the privacy rights for society

SecNetworkCloudSim: An Extensible Simulation Tool for Secure Distributed Mobile Applications

Fueled by the wide interest for achieving rich-storage services with the lowest possible cost, cloud computing has emerged into a highly desired service paradigm extending well beyond Virtualization technology. The next generation of mobile cloud services is now manipulated more and more sensitive data on VM-based distributed applications. Therefore, the need to secure sensitive data over mobile cloud computing is more evident than ever. However, despite the widespread release of several cloud simulators, controlling user’s access and protecting data exchanges in distributed mobile applications over the cloud is considered a major challenge. This paper introduces a new NetworkCloudSim extension named SecNetworkCloudSim, a secure mobile simulation tool which is deliberately designed to ensure the preservation of confidential access to data hosted on mobile device and distributed cloud’s servers. Through high-level mobile users’ requests, users connect to an underlying proxy which is considered an important layer in this new simulator, where users perform secure authentication access to cloud services, allocate their tasks in secure VM-based policy, manage automatically the data confidentiality among VMs and derive high efficiency and coverage rates. Most importantly, due to the secure nature of proxy, user’s distributed tasks can be executed without alterations on different underlying proxy’s security policies. We implement a scenario of follow-up healthcare distributed application using the new extension

Description and Experience of the Clinical Testbeds

This deliverable describes the up-to-date technical environment at three clinical testbed demonstrator sites of the 6WINIT Project, including the adapted clinical applications, project components and network transition technologies in use at these sites after 18 months of the Project. It also provides an interim description of early experiences with deployment and usage of these applications, components and technologies, and their clinical service impact

Mobile web resource tracking during a disaster or crisis situation

This paper proposes a prototype solution for a mobile web resource tracking system using mobile devices during an emergency situation. The system provides real time data to a decision maker so that he/she can effectively and efficiently monitor resources and assess the situation accordingly. Mobile devices (i.e., smart phones) support the ease of use for any location and at anytime. The Internet technology is selected to enable multiple or cross platform technology solutions for different mobile devices. Resources in the scope of this project are human resources (e.g., a doctor, a police officer) and a chemical list in a room. With the use of a GPS-enabled device or a wireless-enabled device, the system is used to provide the current location of the human resources. Transferring data between system databases and mobile devices is one of the important areas to address in this project. Since location data of a user is sensitive data, data should be protected via an encrypted protected network. In addition, because of the urgency of any crisis situation, it is critical that data from the system be able to be retrieved in a reasonable time frame. The investigation includes the exploration of database and data transfer solutions to meet the data availability during emergency conditions on mobile devices. This document includes a description of the system design, a review of current technologies, proposed methodology, and the implementation. Review of the literature section provides background information on current available technologies that were studied (section 3). Four identified factors are suggested in the system design – usability, security, availability, and performance. The discussion of which technology is selected for each feature can be found in the implementation section 4. Proposed future research areas can be found in the conclusion section and recommendations for future work section